Privacy Policy

Effective Date: June 1st, 2025

← Back to Home

Illumimind ("we," "our," us", "the company") is committed to protecting your privacy and the confidentiality of your data. This Privacy Policy ("privacy policy") describes how we collect, use, store, and protect information when you use Illumimind, our corporate knowledge synthesizer platform.

By using Illumimind, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

1. Information We Collect

We collect and process various types of information to deliver and improve our services:

a. Account Information

We collect identifying information from your organization's identity provider, including:

  • Name
  • Email address
  • Role or title
  • Organizational affiliation

b. Content Data

This includes any documents, files, messages, or other materials that your organization connects or uploads to the Illumimind platform.

c. Usage Data

To enhance the user experience and maintain operational integrity, we collect:

  • Query logs and user interactions
  • Audit trails
  • Device and browser metadata

d. Technical Data

We collect technical information such as:

  • IP addresses
  • System and server logs
  • Performance and reliability metrics

2. How We Use Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Illumimind platform, including synthesizing knowledge from connected content sources.
  • Access Controls: To enforce organizational permissions and ensure users only access data they are authorized to view.
  • Performance Improvement: To monitor and enhance system performance, reduce latency, and increase reliability.
  • Compliance: To fulfill legal obligations such as maintaining audit logs and meeting regulatory retention requirements.
  • Data Protection: We do not use your data to train external or public AI models. All data remains confined to your organization's environment or designated processing scopes.

3. Data Retention

We retain data in accordance with configurable organizational policies and legal obligations:

  • Documents and content chunks: Retained for five (5) years by default; this duration is configurable per tenant.
  • Audit logs: Retained for seven (7) years, unless a longer period is required by applicable laws or regulations.
  • Deleted data: Marked for deletion and purged according to your organization's configured compliance and retention policies.
  • Legal holds: Data under legal hold is stored in WORM (Write Once, Read Many) storage until formally released.

4. Data Security

We implement robust security measures to safeguard your data:

  • Encryption: All data is encrypted both in transit (TLS 1.2 or higher) and at rest (AES-256).
  • Tenant Isolation: Each organization's data is isolated to prevent intermingling with other tenants.
  • Access Control: Enforced through role-based and attribute-based access management integrated with your identity provider (IdP).
  • Audit Logging: Every query and data retrieval action is logged immutably to support transparency and regulatory compliance.

5. Data Sharing

We take data confidentiality seriously:

  • No Sale or Marketing Use: We do not sell, lease, or share your data with third parties for advertising or marketing purposes.
  • Subprocessors: We may engage trusted subprocessors (e.g., cloud infrastructure or storage providers) who may have limited access to encrypted data solely for service maintenance and operation.
  • Access Controls: Subprocessor access is restricted to authorized personnel bound by strict confidentiality obligations.

6. Your Rights

Depending on your jurisdiction and applicable laws, you may have the following rights:

  • Access & Portability: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or outdated information.
  • Deletion: Request deletion of personal data, subject to legal or contractual retention requirements.
  • Restriction: Request limitation of data processing under specific circumstances.

To exercise these rights, please contact your organization's administrator or reach out to us directly at admin@illumimind.com.

7. Compliance

Illumimind is designed to support compliance with leading regulatory frameworks, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standard (PCI-DSS)

We continuously assess and update our privacy practices to align with evolving legal and industry standards.