🛡Security
Your data is protected
by design.
Not marketing language — real, auditable cryptography. Every phone number, bank account, national ID and API credential across all modules is protected by the same encryption standards banks trust.
!The question that matters
Who can see your data?
No one. Here's the proof.
It's the first question every business owner asks — so here is the answer, party by party, with no marketing language:
| Who | Can they see your data? | Why it's impossible |
|---|---|---|
| Another company on the platform | Impossible | Every database query is automatically scoped to your organisation ID (full tenant isolation). On every code change, automated tests literally attempt to access one company's data with another company's account — if a single attempt succeeds, the entire release is blocked. |
| ILORA's own employees | No | Sensitive fields (phones, bank accounts, IDs, salaries…) are AES-256-GCM encrypted with keys that live in the runtime environment, not in the database. Our engineers work only on anonymised data or sandboxes — and every access is written to an audit log that even our own team cannot modify. |
| AI model providers | No | Before any AI processing, your data passes through a scrubbing layer that automatically redacts names, phones and financial identifiers — under a Zero Data Retention agreement. Your data is never stored by providers and never trains any model. |
| A hacker who stole the database | They'd find ciphertext without keys | Even with the entire database stolen, sensitive fields are encrypted and the keys aren't in it. Passwords don't exist in any form — we store a one-way bcrypt hash that cannot be reversed. |
| Third parties & advertisers | Never | We do not sell or share your data for marketing — contractually committed in our privacy policy and under GDPR, with your full right to export and erasure. |
And if you want absolute certainty: deploy ILORA on your own servers (on-premise) — with offline licensing, so your data never leaves your building at all. On-premise details →
01Layers of protection
AES-256-GCM field encryption
All PII — national IDs, phones, IBANs, vendor tax IDs — is encrypted before it ever touches the database.
Passwords never stored
Only a one-way bcrypt hash is kept — no password exists anywhere, even encrypted.
Complete tenant isolation
Every query is automatically scoped to your organisation ID — cross-company data bleed is architecturally impossible.
Immutable audit logs
Every create, read, update and delete lands in an append-only log on a separate database, with PostgreSQL-level rules preventing modification.
Deny-by-default RBAC
Roles and permission sets define exactly what each user can do — the default is deny.
AI data masking
Before anything reaches external model providers, a scrubbing layer automatically redacts emails, phones and financial identifiers.
Credential encryption at rest
Integration keys and payment-gateway secrets are AES-256 encrypted, decrypted only in memory at the moment of use.
Multi-factor authentication
RFC 6238-compliant TOTP with bcrypt-hashed backup codes — enforced for finance and owner roles.
02Proof
Proven by code, not promises.
The deployment pipeline blocks any update unless every automated test passes — one failure halts the release instantly.
- 470+automated tests on every change
- 84modules fully covered
- 100%automated tenant-isolation verification
- <45msaverage API response time
Architecturally aligned with ISO 27001, PCI DSS and SOC 2 — formal third-party audits are scheduled. We say “aligned with” rather than “certified” because precision matters.
03FAQ
Can ILORA employees see our data?
What happens to my data if I cancel?
What's your security incident process?
How is tenant isolation actually tested?
Are you aligned with banking regulations?
Request a full security review.
Our team answers security and compliance questions in the demo.
Book a demo