Security and Data Protection
Mental health data demands the highest standard of protection. Security is built into Illumate's architecture from day one.
AES-256-GCM Encryption
Sensitive patient data is encrypted at the database column level, not just in transit.
Per-Therapist Data Isolation
Each therapist's data is fully isolated at the database level. Cross-account access is impossible.
Full Audit Trail
Every action is logged: who accessed what, what was changed, when, and from where.
Data Retention Controls
Configurable retention policies. Audio files are deleted after transcription by default.
Compliance Roadmap
Technical controls for HIPAA are implemented. Administrative and compliance phases are underway.
AI Guardrails
Three layers of guardrails (pre/system/post) ensure AI stays within clinical scope.
Our Security Approach
We follow a defence-in-depth principle — multi-layered protection at every level of the stack:
- Data encrypted at rest (AES-256-GCM, column-level) and in transit (TLS 1.3)
- Strict data isolation between therapists at the database level (multi-tenant with row-level security)
- Data minimization: we don't store what's not needed for the service to function
- Transparent processing: all AI responses include sources, all actions are logged
Security Questions?
If you have questions about data security or have found a vulnerability, please contact us.
Contact security team