Trust & Security
Security at LumeraX
Effective date: January 1, 2026
Protecting learner data is foundational to everything we build. Our security practices are designed to meet enterprise requirements while maintaining the agility our platform demands.
Our Security Practices
Encryption in Transit & at Rest
All data is encrypted using TLS 1.3 in transit and AES-256 at rest. API communications use HTTPS exclusively.
Cloud Infrastructure
Enterprise-grade cloud infrastructure with SOC 2 Type II-aligned controls. Data is stored in EU-region data centres for GDPR compliance.
Access Controls
Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication available for all accounts.
Regular Audits
Annual security assessments and penetration testing by independent third parties. Continuous vulnerability scanning.
Incident Response
Documented incident response procedures with 24-hour notification commitment for data breaches affecting user data.
Data Protection
GDPR-compliant data processing. Data Processing Agreements with all sub-processors. Right to erasure honored within 30 days.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to security@lumerax.co. We appreciate the security community's efforts and will acknowledge valid reports within 48 hours.
Compliance
- GDPR (General Data Protection Regulation)
- SOC 2 Type II (via infrastructure provider)
- OWASP Top 10 security standards
- ISO 27001 alignment (in progress)
Questions?
For security inquiries, contact our team at security@lumerax.co.