Lumin's approach to security
Lumin’s products are enforced with a rigorous and up-to-date security system. We work hard to deliver specialized security solutions alongside industry-standard compliance.
Our certifications reflect our commitment to a global standard of security. We have industry-accepted certifications and meet current industry compliance standards and regulations.
SOC 2 Type 1 attestation
Lumin works with independent auditors to maintain a SOC 2 report. This report certifies our controls to ensure the ongoing security of customers’ data.Learn more
California Consumer Privacy Act
Our certifications, business practices and compliance standards mean Lumin is fully compatible with CCPA regulations.Learn more
Lumin complies with the Payment Card Industry Data Security Standard, meaning your credit, debit, and cash card transactions and associated information are protected.
AWS security standards
Data in Lumin is stored with Amazon Web Services, which utilizes state-of-the-art security at a large scale. We are confident in AWS’s high standards.
Google security assessment
Lumin passed Google’s OAuth API Verification Assessment in September 2020. We’re committed to keeping up with Google compliance requirements.
We're always improving security
Here are some of the compliance certifications and standards we currently have in the works.
Data security features
Lumin’s products are built with modern and robust security features.
Secure cloud hosting
Lumin uses Amazon Web Services for hosting. We routinely undergo penetration tests and AWS meets major international security compliances.
SSO with Google Workspace
Require Google Workspace SSO for your Lumin workspace, so employees must sign in with Google. Control and verify Lumin users from your Workspace.
Role based access control
Give users permissions to do their job and nothing more. Create fine-grained permissions with role based access control.
Encryption for data in transit
We use Transport Layer Security 1.2 or higher to encrypt data in transit. This helps to ensure your data is secure no matter where in the world you are.
Encryption for data at rest
Lumin encrypts your data at rest using AES 256, currently considered the most robust encryption standard.
We take pride in our Software Development Life Cycle. Every line of code is peer-reviewed and tested before it’s released into Lumin’s products.
We actively monitor and remediate vulnerabilities reported. We conduct weekly penetration tests and run a bug bounty program to encourage reporting.
Secure document storage
You can edit documents from Google Workspace without making a permanent copy in Lumin. Documents in Lumin storage are encrypted and stored by AWS in the U.S.
We have strong access controls on our production systems. Access is restricted to a small number of senior employees and requires MFA.
Bug bounty program
Find security issues in Lumin and get a reward.
Frequently asked questions
Which cloud platform does Lumin use?
Lumin uses Amazon Web Services to deliver its services.
How frequently does Lumin audit its security measures?
Lumin conducts ongoing monitoring and reporting of its security measures. We will also undergo an annual SOC 2 Type 2 audit and an annual penetration test.
Which security certifications and compliances does Lumin meet?
SOC 2 Type 1, GPDR, CCPA and PCI-DSS.
Where does Lumin store my data?
All data stored with Lumin is stored in AWS data centers located in the U.S.. The data stored includes identifiable information like names and contact details, language preferences and application settings.
Where does Lumin store my documents?
Documents directly uploaded to Lumin are stored in Lumin storage; it is encrypted and stored by AWS in the U.S..
Lumin does not make extra copies of files stored in Google Drive where possible. To prevent data loss, Lumin will sometimes make a temporary copy of your Google Drive document and store it securely in AWS.
Does Lumin support single sign on?
Yes. We support SSO with Google.
What information does Lumin need to access?
Lumin needs access to Google Workspace files, but only when the customer is active on Lumin. We also require the email profiles of anyone who needs to use Lumin.
Customers can opt to share their email contact lists with us, but this is not required.
Can I remove my data from Lumin?