Privacy Policy (POC)

1. Scope

This policy governs data processed by the Silmaril AI Firewall and Red Teaming services. Silmaril acts as a Data Processor for all Client Service Data.

2. Data Processing

AI Firewall: We process prompts, metadata, and threat scores to provide real-time filtering. We use anonymized patterns for system improvement but never use client payloads to train generic Large Language Models (LLMs).

Red Teaming: Silmaril uses the Client’s UI and APIs to send simulated malicious content to identify security gaps. This activity is designed to be non-disruptive and is not intended to cause actual impact. Client data discovered during testing (outside designated test accounts) is reported immediately and purged from Silmaril systems.

3. Security Controls

Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Logical Isolation: Client data is logically separated to prevent cross-tenant access.

Access Control: Access to raw data is restricted to essential Silmaril personnel strictly for support or as authorized by the Client.

Retention & Deletion: Data is retained only for the POC duration. All Service Data and logs are permanently deleted within 30 days of POC termination unless a production agreement is signed.

Infrastructure: Hosted on AWS (US-East-1 & US-West-2).