IlluminateRisk Trust Center
Subprocessors · v2026.05

Trust Center

Subprocessors

A subprocessor is a third party that IlluminateRisk, Inc. ("IlluminateRisk") engages to support the delivery of its fraud-investigation platform and that may process Customer Personal Data on our behalf. This page lists every active subprocessor, the service they provide, the categories of data they process, and the region in which the processing takes place.

Effective
12 May 2026
Last updated
12 May 2026
Notification policy
30 days' advance notice of changes via email to billing contacts and Trust Center subscribers.

Infrastructure & hosting

Subprocessor Service Data categories Region
Amazon Web Services, Inc. SOC 1/2/3 · ISO 27001/27017/27018 · PCI DSS Application hosting (Lightsail), object storage (S3) for document uploads, key management (KMS) for at-rest encryption. Customer-uploaded documents, dataset rows, extracted entities, case metadata, application logs. United States · us-east-2 (Ohio)
Amazon Simple Email Service (SES) Under AWS' SOC / ISO scope Transactional email delivery — account confirmation, password reset, support and billing notifications. Recipient email address, message subject, message body. No customer document content. United States · us-east-2 (Ohio)
Amazon Simple Notification Service (SNS) Under AWS' SOC / ISO scope Receives SES bounce and complaint events and forwards them to IlluminateRisk's suppression-list webhook. Recipient email address, SES message id, bounce or complaint type. United States · us-east-2 (Ohio)

Payments & billing

Subprocessor Service Data categories Region
Stripe, Inc. PCI DSS Level 1 · SOC 1/2 Subscription billing, payment-method tokenization (Stripe Elements), invoice issuance, dunning, and webhook event delivery for state synchronization. Billing contact name & email, company name, tokenized card details (Stripe holds the PAN; IlluminateRisk never sees it), invoice amounts, subscription status. United States · Global edge

Security & abuse prevention

Subprocessor Service Data categories Region
Cloudflare, Inc. (Turnstile) SOC 2 Type II · ISO 27001 Bot-detection challenge on public marketing forms (lead capture). Gates lead submission before any data lands in our database. IP address, browser fingerprint, challenge response. No customer account data. Global edge (anycast)

Internal operations

Subprocessor Service Data categories Region
Google LLC (Workspace) SOC 1/2/3 · ISO 27001/27017/27018 IlluminateRisk staff email and document collaboration. Receives DMARC aggregate reports for the illuminaterisk.ai domain. Internal staff email, attachments authored by IlluminateRisk personnel, DMARC report metadata. Customer Personal Data is not stored in Workspace as part of normal operations. United States

On-demand processors (used only when a specific feature is enabled)

Subprocessor Service Data categories Region
OpenStreetMap Foundation (Nominatim) Non-profit; covered by OSMF Privacy Policy Forward-geocoding of physical addresses extracted from customer documents — only when an analyst opens the case Map view. Each address is resolved once and cached locally; subsequent lookups never re-hit OSM. Free-text postal address. No identifier tying the address back to a specific case or user. Germany (Karlsruhe)

What's not a subprocessor

For completeness, the following components run entirely on infrastructure that IlluminateRisk operates and do not transmit Customer Personal Data to any third party:

Notification of changes

IlluminateRisk will provide at least thirty (30) days' advance notice before engaging a new subprocessor or expanding an existing subprocessor's role in a way that materially changes the categories of Customer Personal Data processed. Notice is sent to each customer's designated billing contact and posted on this page.

Customers who object to a new subprocessor on reasonable data-protection grounds may, within thirty (30) days of notice, terminate the affected portion of their subscription on the terms described in the Data Processing Addendum.

Contact

Questions about this page or our use of subprocessors: support@illuminaterisk.ai. For a copy of the executed Data Processing Addendum, contact support@illuminaterisk.ai.