Lumin's approach to security

Lumin’s products are enforced with a rigorous and up-to-date security system. We work hard to deliver specialized security solutions alongside industry-standard compliance.

Hero introduction graphic

Compliance certifications
and standards

Our certifications reflect our commitment to a global standard of security. We have industry-accepted certifications and meet current industry compliance standards and regulations.

  • SOC 2 Type 1 attestation

    SOC 2 Type 1 attestation

    Lumin works with independent auditors to maintain a SOC 2 report. This report certifies our controls to ensure the ongoing security of customers’ data.

    Learn more
  • California Consumer Privacy Act

    California Consumer Privacy Act

    Our certifications, business practices and compliance standards mean Lumin is fully compatible with CCPA regulations.

    Learn more
  • GDPR compliance

    GDPR compliance

    Lumin is compliant with European data protection and privacy law. We have a comprehensive privacy policy available here.

  • PCI-DSS compliance

    PCI-DSS compliance

    Lumin complies with the Payment Card Industry Data Security Standard, meaning your credit, debit, and cash card transactions and associated information are protected.

  • AWS security standards

    AWS security standards

    Data in Lumin is stored with Amazon Web Services, which utilizes state-of-the-art security at a large scale. We are confident in AWS’s high standards.

  • Google security assessment

    Google security assessment

    Lumin passed Google’s OAuth API Verification Assessment in September 2020. We’re committed to keeping up with Google compliance requirements.

We're always improving security

Here are some of the compliance certifications and standards we currently have in the works.

  • NIST 2 certification

    NIST 2

  • FERPA 2 certification

    FERPA 2

  • ISO 27001 certification

    ISO 27001

  • HIPAA certification


Data security features

Lumin’s products are built with modern and robust security features.

  • banner

    Secure cloud hosting

    Lumin uses Amazon Web Services for hosting. We routinely undergo penetration tests and AWS meets major international security compliances.

  • banner

    SSO with Google Workspace

    Require Google Workspace SSO for your Lumin workspace, so employees must sign in with Google. Control and verify Lumin users from your Workspace.

  • banner

    Role based access control

    Give users permissions to do their job and nothing more. Create fine-grained permissions with role based access control.

  • banner

    Encryption for data in transit

    We use Transport Layer Security 1.2 or higher to encrypt data in transit. This helps to ensure your data is secure no matter where in the world you are.

  • banner

    Encryption for data at rest

    Lumin encrypts your data at rest using AES 256, currently considered the most robust encryption standard.

  • banner

    Secure SDLC

    We take pride in our Software Development Life Cycle. Every line of code is peer-reviewed and tested before it’s released into Lumin’s products.

  • banner

    Vulnerability management

    We actively monitor and remediate vulnerabilities reported. We conduct weekly penetration tests and run a bug bounty program to encourage reporting.

  • banner

    Secure document storage

    You can edit documents from Google Workspace without making a permanent copy in Lumin. Documents in Lumin storage are encrypted and stored by AWS in the U.S.

  • banner

    Internal security

    We have strong access controls on our production systems. Access is restricted to a small number of senior employees and requires MFA.

Bug bounty program section

Bug bounty program

Find security issues in Lumin and get a reward.

Frequently asked questions

  • Which cloud platform does Lumin use?

    Lumin uses Amazon Web Services to deliver its services.

  • How frequently does Lumin audit its security measures?

    Lumin conducts ongoing monitoring and reporting of its security measures. We will also undergo an annual SOC 2 Type 2 audit and an annual penetration test.

  • Which security certifications and compliances does Lumin meet?

    SOC 2 Type 1, GPDR, CCPA and PCI-DSS.

  • Where does Lumin store my data?

    All data stored with Lumin is stored in AWS data centers located in the U.S.. The data stored includes identifiable information like names and contact details, language preferences and application settings.

  • Where does Lumin store my documents?

    Documents directly uploaded to Lumin are stored in Lumin storage; it is encrypted and stored by AWS in the U.S..


    Lumin does not make extra copies of files stored in Google Drive where possible. To prevent data loss, Lumin will sometimes make a temporary copy of your Google Drive document and store it securely in AWS.

  • Does Lumin support single sign on?

    Yes. We support SSO with Google.

  • What information does Lumin need to access?

    Lumin needs access to Google Workspace files, but only when the customer is active on Lumin. We also require the email profiles of anyone who needs to use Lumin.


    Customers can opt to share their email contact lists with us, but this is not required.

  • Can I remove my data from Lumin?

    Yes. GDPR compliance means we must remove data within 30 days once requested. See how to delete your account (thereby removing your data) here. If you would like to remove data without deleting your account, please contact us.

More impact,
less admin

Security CTA section