illumate
Security

Security and Data Control

Mental health data requires strong safeguards. We design Illumate with layered security controls appropriate for sensitive clinical workflows, and you control what enters the model.

AES-256-GCM Encryption

Sensitive data is encrypted at the database column level, not just in transit.

Full Account Isolation

Each therapist's data is isolated at the database level. Access controls are designed to prevent cross-account access.

You control the context

You decide what enters the model. For clients, you can use nicknames or initials.

Audio is optional

You can work entirely in text. If you upload a recording, the audio file is deleted right after transcription.

Full Audit Trail

Every action is logged: who accessed what, what was changed, when, and from where.

AI Guardrails

Three layers of guardrails (pre/system/post) are designed to reduce out-of-scope output, but they don't remove the need for professional review.

US / HIPAA

Illumate is not offered as HIPAA-compliant unless we have signed a Business Associate Agreement (BAA) with you. Do not upload PHI subject to HIPAA unless a BAA is in place.

Our Security Approach

We follow a defence-in-depth principle — protection at every level of the stack:

  • Data encrypted at rest (AES-256-GCM, column-level) and in transit (TLS 1.3)
  • Strict data isolation between therapists at the database level (multi-tenant with row-level security)
  • Context control: you decide what enters the model, and you can use nicknames
  • Transparency: all AI responses include sources, all actions are logged

Security Questions?

If you have questions about data security or have found a vulnerability, please contact us.

Contact security team