ACTIVE
Encryption in Transit
All traffic encrypted via TLS 1.2+ end-to-end. TLS 1.3 preferred.
ACTIVE
Encryption at Rest
AES-256 encryption for all stored audit logs and customer data.
IN PROGRESS
SOC 2 Type II
Formal audit underway. Report available to Enterprise customers under NDA.
ACTIVE
Access Control
Role-based access, least-privilege internally. SSO/SAML for Business+ plans.
ACTIVE
Data Isolation
Strict tenant isolation. Your proxy traffic is never shared or commingled.
ACTIVE
Vulnerability Disclosure
Responsible disclosure program active. Security issues handled within 24h.
01 / Infrastructure
Interlucid is hosted on enterprise-grade cloud infrastructure with multiple layers of redundancy. Our proxy operates in isolated compute environments with no shared execution context between tenants.
ENCRYPTION IN TRANSIT
TLS 1.2 / 1.3
ENCRYPTION AT REST
AES-256
TENANT ISOLATION
Strict / Per-customer
UPTIME TARGET
99.9% (Enterprise: 99.99%)
DATA RESIDENCY
US (Enterprise: configurable)
02 / Data Handling
We act as a data processor with respect to MCP traffic that flows through your proxy deployment. We process your traffic solely to deliver the contracted service — logging, policy evaluation, and audit trail generation.
- MCP request and response payloads are processed in memory and logged to your tenant's isolated audit store
- Proxy traffic is never used for AI model training, advertising, or product analytics
- Audit logs are retained per your plan's retention policy and deleted on account termination
- You can export your full audit log at any time via the dashboard or API
- Data deletion requests are processed within 30 days
03 / Access Controls
We apply strict least-privilege access controls internally. No Interlucid employee has standing access to customer data. Access is granted on a break-glass basis with full audit logging and requires manager approval.
- All internal access to production systems requires MFA and SSO
- Access to customer data is logged and reviewed quarterly
- Employee offboarding includes immediate credential revocation
- Background checks conducted for all employees with production access
04 / Compliance Roadmap
We are actively working toward SOC 2 Type II certification. Enterprise customers can request our current security questionnaire, architecture documentation, and penetration test summary under NDA by contacting
security@interlucid.ai.
- SOC 2 Type II — audit in progress, report expected Q3 2026
- GDPR — data processing agreements available for EU customers
- CCPA — privacy controls and data subject request process in place
- HIPAA — BAA available for Enterprise customers on request
05 / Responsible Disclosure
We take security vulnerabilities seriously and appreciate the work of the security research community. If you discover a vulnerability in Interlucid's systems or products, please report it to us responsibly.
Report a vulnerability:
Email:
security@interlucid.ai
Please include a description of the issue, steps to reproduce, and potential impact. We will acknowledge receipt within 24 hours and aim to provide a fix timeline within 72 hours for critical issues.
We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to address it. We do not pursue legal action against researchers who act in good faith.
06 / Contact
For security inquiries, enterprise security reviews, or to request our security documentation package: