Which cloud platform does Lumin use?

Lumin uses Amazon Web Services to deliver its services.

How frequently does Lumin audit its security measures?

Lumin conducts ongoing monitoring and reporting of its security measures. We will also undergo an annual SOC 2 Type 2 audit and an annual penetration test.

Which security certifications and compliances does Lumin meet?

SOC 2 Type 1, GPDR, CCPA and PCI-DSS.

Where does Lumin store my data?

All data stored with Lumin is stored in AWS data centers located in the U.S.. The data stored includes identifiable information like names and contact details, language preferences and application settings.

Where does Lumin store my documents?

Documents directly uploaded to Lumin are stored in Lumin storage; it is encrypted and stored by AWS in the U.S.. Lumin does not make extra copies of files stored in Google Drive where possible. To prevent data loss, Lumin will sometimes make a temporary copy of your Google Drive document and store it securely in AWS.

Does Lumin support single sign on?

Yes. We support SSO with Google.

What information does Lumin need to access?

Lumin needs access to Google Workspace files, but only when the customer is active on Lumin. We also require the email profiles of anyone who needs to use Lumin. Customers can opt to share their email contact lists with us, but this is not required.

Can I remove my data from Lumin?

Yes. GDPR compliance means we must remove data within 30 days once requested. See how to delete your account (thereby removing your data) here . If you would like to remove data without deleting your account, please contact us .

Lumin's approach to security

Lumin’s products are enforced with a rigorous and up-to-date security system. We work hard to deliver specialized security solutions alongside industry-standard compliance.

Talk to sales

Compliance certifications
and standards

Our certifications reflect our commitment to a global standard of security. We have industry-accepted certifications and meet current industry compliance standards and regulations.

SOC 2 Type 1 to SOC 2 Type 2 attestation
Lumin works with independent auditors to maintain a SOC 2 report. This report certifies our controls to ensure the ongoing security of customers’ data.
California Consumer Privacy Act
Our certifications, business practices and compliance standards mean Lumin is fully compatible with CCPA regulations.
GDPR compliance
Lumin is compliant with European data protection and privacy law. We have a comprehensive privacy policy available here.
PCI-DSS compliance
Lumin complies with the Payment Card Industry Data Security Standard, meaning your credit, debit, and cash card transactions and associated information are protected.
AWS security standards
Data in Lumin is stored with Amazon Web Services, which utilizes state-of-the-art security at a large scale. We are confident in AWS’s high standards.
Google security assessment
Lumin passed Google’s OAuth API Verification Assessment in September 2020. We’re committed to keeping up with Google compliance requirements.

We're always improving security

Here are some of the compliance certifications and standards we currently have in the works.

NIST 2
FERPA 2
ISO 27001
HIPAA

Data security features

Lumin’s products are built with modern and robust security features.

Secure cloud hosting
Lumin uses Amazon Web Services for hosting. We routinely undergo penetration tests and AWS meets major international security compliances.
SSO with Google Workspace
Require Google Workspace SSO for your Lumin workspace, so employees must sign in with Google. Control and verify Lumin users from your Workspace.
Role based access control
Give users permissions to do their job and nothing more. Create fine-grained permissions with role based access control.
Encryption for data in transit
We use Transport Layer Security 1.2 or higher to encrypt data in transit. This helps to ensure your data is secure no matter where in the world you are.
Encryption for data at rest
Lumin encrypts your data at rest using AES 256, currently considered the most robust encryption standard.
Secure SDLC
We take pride in our Software Development Life Cycle. Every line of code is peer-reviewed and tested before it’s released into Lumin’s products.
Vulnerability management
We actively monitor and remediate vulnerabilities reported. We conduct weekly penetration tests and run a bug bounty program to encourage reporting.
Secure document storage
You can edit documents from Google Workspace without making a permanent copy in Lumin. Documents in Lumin storage are encrypted and stored by AWS in the U.S.
Internal security
We have strong access controls on our production systems. Access is restricted to a small number of senior employees and requires MFA.