Trust & data handling

Built for the most private material an organization has.

How an organization talks to itself is more sensitive than its financials. Elumen is built from that fact, and the commitments on this page are ones we put in writing for every engagement.

Seven commitments

Said plainly, put in writing.

Names never reach Elumen

Names are pseudonymized on the consultancy side before anything reaches Elumen. The re-identification mapping never leaves your team. Asked to name your client's people, we'd have nothing to answer with.

Client material never trains a model

Not ours, and not any provider's: written into every engagement agreement, with model providers bound by commercial terms that prohibit training on customer content.

Every engagement runs in its own silo

No shared indexes, no cross-client learning, no aggregate "benchmarks" built from your clients' words.

Everything is encrypted, everywhere

AES-256 at rest, TLS 1.2+ in transit, isolated per-engagement storage with row-level security.

Deletion runs on your schedule

Retention is set with you, per consulting engagement. Keep the corpus live as long as the work needs, or have it deleted the day the brief lands — either way, deletion is verifiable, with a record you can hand the client.

All processing is logged

Every read of client material by Elumen's processing is logged; your team can request the access record for any engagement. Staff access is break-glass only: logged and disclosed to your team.

Every claim shows its source

Every claim in every brief traces back to its source lines. If a finding is questioned, you can show exactly where it came from — verification is built in, not bolted on.

The engagement data lifecycle

What happens to the material, start to finish.

A question your clients will ask. The answer, stage by stage.

Intake

Nothing beyond the scope comes in

The client shares material under a scope you define together; nothing beyond it is ingested.

Pseudonymization

Names stay with your team

Names are pseudonymized on the consultancy side; Elumen never holds the mapping.

Analysis

Nothing leaves the silo

Reading and analysis happen inside the engagement silo, under the access controls above.

Delivery

The brief reaches your team

Its source links open the underlying messages inside the silo; delivery creates no new copies of the corpus.

Deletion

Deletion comes with proof

The brief stays yours. Corpus and derived artifacts are deleted on your schedule, with a record for the client.

Certifications

Where we are, honestly.

Where we are today, stated plainly. This section updates as milestones land.

Contractual no-training & no-pooling commitmentsIn effect for every engagement today
Encryption & per-engagement isolationIn production
SOC 2Type I planned; Type II to follow. Report available under NDA on completion.
Third-party penetration testPlanned with security-vendor onboarding; summary will be published here
Questions clients ask

For the procurement conversation.

Who can see our material?

Only your engagement team. Elumen's systems read the material to produce the brief, and Elumen staff have no standing access — break-glass entry is logged and disclosed to your team. No other client, ever.

Which model providers touch the data and under what terms?

The terms, plainly: no training on customer content, and only transient retention — currently up to 30 days, then deletion. Which providers, in which regions, under which safeguards: published at app.elumen.ai/trust.

Can we run this under our existing consulting NDA?

Yes. Elumen operates as a subprocessor under your engagement terms. Our data-handling terms are a standard exhibit, drafted to attach to the client agreements you already use.

How is the privacy of the messages analyzed treated?

Structurally, not just by policy. Ingestion is bounded by the scope the client sets; identity is pseudonymized before anything reaches Elumen; any employee can be excluded on request. And the diagnosis is of the organization and its groups — never of individuals.

Put our answers in front of your security reviewer.

We'll walk your team — or your client's — through architecture, data flow, and contract terms directly.

Request a demo