LumenEntity
Trust

Security at LumenEntity

An honest, up-to-date view of how we protect customer data — including what we have not yet certified.

Infrastructure

  • Hosted on Microsoft Azure in the West Europe region by default.
  • All data in transit is encrypted with TLS 1.2 or higher.
  • All data at rest is encrypted with AES-256 managed keys.
  • Regular automated backups with point-in-time recovery on managed databases.

Authentication and access

  • Passwords are hashed with a modern KDF; we never store them in clear.
  • Optional two-factor authentication (TOTP).
  • SSO via SAML or OIDC is available on Enterprise plans.
  • Least-privilege access for staff; production access is audited.

Application security

  • Strict Content Security Policy and modern HTTP security headers.
  • Dependencies scanned continuously; CVEs triaged on a defined SLO.
  • Static analysis in CI on every pull request.
  • Manual security review of high-risk changes before deploy.

Operational security

  • Centralized logging and alerting on anomalous activity.
  • Incident response runbook with internal owners and timelines.
  • Production secrets stored in a managed vault; rotation on schedule.

Certifications

We are honest about this: we do not currently hold SOC 2, ISO 27001 or similar third-party certifications. We follow the underlying control families and intend to formalize attestation as we grow. If your procurement process requires a specific framework, please get in touch — we can share our internal control documentation under NDA.

Responsible disclosure

If you believe you have found a security vulnerability, please email security@lumenentity.com. We commit to acknowledging reports within two business days and to not pursue legal action against good-faith research that does not access customer data, degrade service, or violate applicable law.

Contact

Security questions: security@lumenentity.com.