logo
Login

Trust & Security at Lumopath

We prioritize the protection of your data. We are committed to upholding the highest standards in security and privacy, ensuring your data is always safe and handled with care.

aicpa-soc
SOC 2 Type II Certified
Lumopath successfully completed the AICPA SOC 2 Type I and II audits. These reports affirm that our practices meet the highest standards for security. Full reports are available for viewing under NDA.
aes256
End-to-End Encryption
Your data is secured at all times. We use AES-256-bit encryption for all data at rest and enforce TLS 1.2+ for data in transit, ensuring your information is protected from unauthorized access.
shield
Annual Penetration Testing
The Lumopath platform undergoes rigorous, annual third-party penetration testing to identify and address potential vulnerabilities, ensuring our defenses are always robust and up-to-date.

How We Protect Your Data

Our commitment to security is built into every layer of our platform, from our infrastructure to our development lifecycle and our company culture.

eye-off
Sensitive Data is Never Accessed
You have full control. For tools like email, Slack DMs, and Drive, we only access metadata. The content of your emails, direct messages, and files is never accessed, stored, or used by the Lumopath platform. This is strictly controlled by the OAuth permissions we request.
cloud
Secure Cloud Infrastructure
Our infrastructure is hosted on Google Cloud Platform (GCP), which complies with leading global standards like ISO/IEC 27001, SOC 1/2/3, and PCI DSS. This provides a secure, reliable, and high-performance foundation for our services.
terminal-browser
Full Tech Stack Integration
Security is a collective responsibility. All Lumopath employees complete a comprehensive annual security training program and adhere to best practices when handling any customer data.
speedmeter
Continuous & Automated Scanning
We use Thoropass' automation platform to continuously monitor over 100 internal security controls. We also employ a variety of manual and automatic vulnerability checks throughout our software development lifecycle to proactively identify and mitigate risks.

Your Data, Your Control

We believe in full transparency about how your data is handled. You control who has access and how it's used.

Who Has Access to Your Data?
database

  • Your data is never shared with or sold to third parties.

  • Access is restricted to your own organization. You decide who sees what.

  • Select Lumopath team members may access data for support or to perform custom analyses that you request.

Simple & Secure Permissions
lock

  • Setup takes approximately 15 minutes.

  • All integrations use simple, secure OAuth permissions.

  • For Google Workspace, a single super admin grants permissions, with the ability to select specific groups or OUs.

Visit our Trust Center

For a real-time view of our security controls and compliance status, please visit our public security dashboard powered by Thoropass.

View Security Dashboard
security