Lumo Security
Overview of our Security Controls
All our data is encrypted in transit and at rest; we retain access logs and runtime logs of all our systems and processes; we do not store payment information as this is handled by Stripe; we run our system on AWS and use various AWS services such as Inspector and Guard Duty for scanning; we perform annual pentesting by a third party; we have access control policies that allow access to production data only to employees who required it; our employees undergo periodic security and awareness training.
You may visit our trust center at trust.thinklumo.com.
If you have any questions on our security policies, pentesting reports, or any other security-related questions, please contact security@thinklumo.com.
Reporting a vulnerability
If you believe you have found a vulnerability in any one of our applications, we would very much appreciate it if you did not disclose it publicly but instead send an email to security@thinklumo.com. Please visit our vulnerability disclosure policy page for more info.