1. Security Governance
Luminary AI maintains a comprehensive information security program designed to protect the confidentiality, integrity, and availability of your data. Our security practices are aligned with industry standards (SOC 2 / ISO 27001 principles).
2. Data Encryption
- In Transit: All data transmitted between your browser and our servers is encrypted using strong TLS 1.2+ protocols.
- At Rest: Data stored in our databases and file systems is encrypted using AES-256 encryption.
3. Access Controls
- Internal Access: Access to customer data is restricted to a limited number of authorized employees who require it to support the Service. Multi-Factor Authentication (MFA) is enforced for all internal administrative access.
- Customer Access: We provide granular permission settings allowing you to control which team members can view or edit specific client files.
4. Vulnerability Management
- We perform regular automated vulnerability scans of our infrastructure.
- We conduct annual third-party penetration testing.
- We use a hardened software development lifecycle (SDLC) requiring code reviews for all security-impacting changes.
5. Incident Response
In the event of a confirmed data breach affecting your information, we will notify you without undue delay (typically within 72 hours of confirmation) and provide details regarding the nature of the breach and mitigation steps.