§ Security

Security

How Lumeinit protects your data, our controls, certifications, and how to report a concern.

Effective April 22, 2026 · Last updated April 22, 2026
Contents
  1. Overview
  2. Encryption
  3. Access control
  4. Infrastructure
  5. AI provider security
  6. Audit & compliance
  7. Vulnerability disclosure
  8. Incident response
  9. Customer controls
  10. Reporting a concern

Overview

Lumeinit is built for customers who take research and compliance seriously. Our security program reflects that. This page summarizes how we protect your data; specifics are available under NDA to customers on the Team plan and above.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Database backups are encrypted separately and stored in a different region from primary data.

Access control

Internal access to production systems follows the principle of least privilege. Every employee uses SSO with hardware-backed MFA. Production access is logged, time-limited, and requires just-in-time approval. No employee has standing access to customer content.

Infrastructure

We run on major cloud providers (AWS, primarily) with SOC 2 Type II and ISO 27001 certifications. Network isolation, WAF, DDoS protection, and continuous vulnerability scanning are in place.

AI provider security

AI inference is performed by vendors with negotiated data-handling terms. Zero or short retention is the default; on Team plans, customers can enforce zero retention on every request.

Audit & compliance

SOC 2 Type II audit in progress (expected Q3 2026). GDPR and UK GDPR compliance through our DPA. We can support additional frameworks on the Enterprise plan.

Vulnerability disclosure

We welcome reports from security researchers. Please email contact@lumeinit.com with details. We commit to acknowledging within 48 hours, providing status updates, and publicly crediting researchers who want credit.

Incident response

We maintain an incident response plan with defined severity levels and escalation paths. In the event of a confirmed security incident affecting customer data, we notify affected customers within 72 hours of confirmation.

Customer controls

On Team and Enterprise plans, customers can configure SSO/SAML, set data retention windows, enable audit logging, and require zero-retention mode for AI requests. Workspace roles and permissions let you limit who can publish, who can export, and who can only review.

Reporting a concern

Email contact@lumeinit.com for security concerns. For abuse of the Service, write to contact@lumeinit.com.

Questions about this document? Write to contact@lumeinit.com.