IlluminateRisk Trust Center
v2026.05

Trust Center

Built for the kind of data customers can't afford to lose.

IlluminateRisk is a fraud-investigation platform. We hold customer-supplied financial records, identity documents, and case work product — so the controls around how that data is stored, accessed, and disclosed are part of the product itself. This page is the index to our security, privacy, and compliance documents.

Status
Active private beta
Hosting region
AWS us-east-2 (Ohio)
Contact
support@illuminaterisk.ai

Documents

Security overview

Encryption at rest and in transit, identity & access, network hardening, malware scanning, vulnerability management, incident response.

Read →

Privacy & data handling

What data we collect, how we use it, how long we keep it, how customers can export or delete their data, and how subject-access requests are handled.

Read →

Compliance status

Where IlluminateRisk stands on SOC 2 Type I, applicable frameworks, and an honest read of what is in place today vs. what's in progress.

Read →

Subprocessors

Third parties that may process Customer Personal Data on our behalf, with categories, regions, and change-notice policy.

Read →

Data Processing Addendum

Roles, processing scope, subprocessors, security measures, international transfers, breach notification, and return/deletion of data — with annexes.

Read →

Responsible disclosure

How to report a security finding, our response targets, scope, and safe-harbor guarantee for good-faith researchers.

Read →

Common questions

Where is customer data stored?

All Customer Personal Data is stored on infrastructure operated by Amazon Web Services in the us-east-2 (Ohio) region. We do not currently offer EU or other-region hosting; we'll publish here when that changes.

Do you train AI models on customer data?

No. The classifier and named-entity components run entirely on infrastructure we operate, with models that ship with the product. We do not send customer documents to third-party LLM providers, and customer content is not used to train future model versions.

Can we sign a DPA?

Yes. Our Data Processing Addendum is published here; contact support@illuminaterisk.ai to execute a signed copy (including the SCCs where applicable). The DPA references the Subprocessors page as Annex II and tracks any updates published here.

How do I report a security issue?

Email support@illuminaterisk.ai. Full reporting guidelines, scope, and safe-harbor terms are on the Responsible Disclosure page.