Security

This page summarises how we think about protecting Ilmora deployments. Specific controls and certifications may be documented in your organisation's agreement or security appendix.

Last updated March 30, 2026

Our approach

Security is built into how we design, deploy, and operate Ilmora. Exact implementation details vary by deployment model (for example single-tenant or dedicated infrastructure). The practices below reflect our typical baseline; your contract may add further requirements.

Infrastructure and hosting

Production environments are run on reputable cloud providers with industry-standard physical and network controls. Access to production systems is limited to authorised personnel, using least privilege and authenticated access paths.

Encryption

Data in transit is protected using TLS. Data at rest is encrypted using provider-managed or configured encryption where supported by the underlying platform. Key management follows provider best practices for the chosen stack.

Authentication and access

Ilmora uses role-based access so students, teachers, and administrators only reach data and features appropriate to their role. Schools configure identity and onboarding according to their policies. We recommend strong passwords, SSO where available, and prompt offboarding when staff or students leave.

Application security

We follow secure development practices, dependency review, and testing appropriate to the release cycle. We monitor for vulnerabilities and apply patches to address confirmed issues in line with severity.

Logging and monitoring

We use logging and monitoring to detect abuse, operational issues, and potential security events. Log retention and access are aligned with contractual and legal requirements.

AI and data handling

AI features are configured per deployment. Processing may involve subprocessors (such as model providers) as disclosed in your agreement and privacy documentation. We design flows to minimise unnecessary exposure of personal data to third-party models where alternatives exist.

Incident response

If we become aware of a breach that affects your data, we will notify affected customers as required by law and contract, and work with you on containment and remediation steps.

Responsible disclosure

If you believe you have found a security vulnerability in Ilmora, please email ilmora@jamilglobal.com with a clear description, steps to reproduce, and your contact details. We ask that you do not perform testing that could harm users or production systems without prior agreement. We appreciate coordinated disclosure and will work with you in good faith.

Further information

For privacy practices, see our Privacy Policy. For contractual commitments (SLAs, DPIA materials, subprocessors), contact your Jamil Global representative or ilmora@jamilglobal.com.