Security & Compliance

Ithildin is built for the legal industry — where confidentiality is non-negotiable. Every system, control, and audit exists to protect your clients' most sensitive information.

0%

Data Training

Your case data never trains our models — ever.

Encrypted by Default

AES-256 at rest. TLS 1.3 in transit. No exceptions.

Zero Retention

Session data is cleared after use. No persistence without consent.

Attorney-Client Privilege Protected

Your deposition content is confidential by design. We act as a data processor — your firm remains in control.

SOC 2 Type II
GDPR Compliant
CCPA Ready
ISO 27001 Aligned

Role-Based Access Control

Limit data access by role. Every action is logged, audited, and anomaly-detected in real time.

Lead AttorneyLead Attorney
AssociateAssociate
ParalegalParalegal

Compliance Standards

Four frameworks. One commitment.

SOC 2 Type II

Audited annually by an independent third party.

Ithildin undergoes annual SOC 2 Type II audits covering the Trust Services Criteria for Security, Availability, and Confidentiality. Unlike a Type I audit, Type II validates that our controls operate effectively over time — not just on paper.

Controls assessed include: logical access management, encryption at rest and in transit, incident response procedures, change management, and continuous monitoring. Audit reports are available to enterprise clients under NDA.

AES-256 encryption at restTLS 1.3 for all data in transitRole-based access control with least-privilege enforcementAutomated vulnerability scanning and penetration testingIncident response SLA: notification within 24 hours
GDPR

Full compliance with EU data protection law.

Ithildin operates in full compliance with the General Data Protection Regulation (EU) 2016/679. We act as a data processor on behalf of our clients, who remain the data controllers for any personal data processed through the platform.

We maintain Data Processing Agreements (DPAs) with all clients handling EU personal data. Our sub-processors are contractually bound to the same standard of protection.

Data Processing Agreements available on requestRight to access, rectification, and erasure honored within 30 daysData minimization — we collect only what is necessaryEU data residency options available for enterprise clientsBreach notification to supervisory authority within 72 hoursWe do not sell or share personal data with third parties
CCPA

Your California privacy rights, fully respected.

Under the California Consumer Privacy Act, California residents have specific rights regarding their personal information. Ithildin honors all CCPA rights and does not sell personal information under any circumstances.

Right to know what personal information is collected and whyRight to delete personal information upon verified requestRight to opt-out of the sale of personal information (we do not sell data)Right to non-discrimination for exercising any CCPA rightRequests processed within 45 days of receipt
ISO 27001

International standard for information security management.

Our information security management system (ISMS) is aligned with ISO/IEC 27001:2022, the international standard for managing information security risk. This means security is embedded in how we build, operate, and improve Ithildin — not bolted on after the fact.

Formal risk assessment and treatment processSecurity policies reviewed and updated annuallyEmployee security training and awareness programSupplier and vendor risk assessmentsRegular internal audits and management reviewsContinuous improvement through nonconformity tracking

Questions about privacy?

Our security team is available to answer questions, provide compliance documentation, or arrange a security review for enterprise clients.

security@ithildin.ai →