Trust Center
Built for the kind of data customers can't afford to lose.
IlluminateRisk is a fraud-investigation platform. We hold customer-supplied financial records, identity documents, and case work product — so the controls around how that data is stored, accessed, and disclosed are part of the product itself. This page is the index to our security, privacy, and compliance documents.
Documents
Security overview
Encryption at rest and in transit, identity & access, network hardening, malware scanning, vulnerability management, incident response.
Read →Privacy & data handling
What data we collect, how we use it, how long we keep it, how customers can export or delete their data, and how subject-access requests are handled.
Read →Compliance status
Where IlluminateRisk stands on SOC 2 Type I, applicable frameworks, and an honest read of what is in place today vs. what's in progress.
Read →Subprocessors
Third parties that may process Customer Personal Data on our behalf, with categories, regions, and change-notice policy.
Read →Data Processing Addendum
Roles, processing scope, subprocessors, security measures, international transfers, breach notification, and return/deletion of data — with annexes.
Read →Responsible disclosure
How to report a security finding, our response targets, scope, and safe-harbor guarantee for good-faith researchers.
Read →Common questions
Where is customer data stored?
All Customer Personal Data is stored on infrastructure operated by Amazon Web
Services in the us-east-2 (Ohio) region. We do not currently
offer EU or other-region hosting; we'll publish here when that changes.
Do you train AI models on customer data?
No. The classifier and named-entity components run entirely on infrastructure we operate, with models that ship with the product. We do not send customer documents to third-party LLM providers, and customer content is not used to train future model versions.
Can we sign a DPA?
Yes. Our Data Processing Addendum is published here; contact support@illuminaterisk.ai to execute a signed copy (including the SCCs where applicable). The DPA references the Subprocessors page as Annex II and tracks any updates published here.
How do I report a security issue?
Email support@illuminaterisk.ai. Full reporting guidelines, scope, and safe-harbor terms are on the Responsible Disclosure page.