Legal
Security
Last updated April 1, 2026
Infrastructure
- All production traffic runs over TLS 1.3.
- API keys are stored as hashed credentials, never in plaintext.
- Data at rest is encrypted with AES-256.
- We isolate customer workloads at the process level — no shared browser state between accounts.
Access controls
- SSO and SAML available on Enterprise.
- Scoped API keys with per-key rate limits and audit logs.
- Internal access is least-privilege and reviewed quarterly.
Reporting vulnerabilities
If you discover a security issue, please email security@ilmenite.dev. We respond within 24 hours and publish coordinated advisories after fixes ship.
Compliance
SOC 2 Type II audit in progress. GDPR and CCPA data processing addendums available on request.