RBAC + Audit LogsEncryption in Transit & At RestAI with Guardrails

Security & Trust Center

How Lumioh protects data, governs AI, and communicates reliability.

• Multi-tenant workspace model on Supabase; RBAC at API and app layers.

• Encryption: TLS in transit; at rest with provider-managed keys; least-privilege access.

• Audit logging for sensitive actions; incident response runbooks with customer notification.

• Backup/DR posture; RPO/RTO communicated on request.

• Role-based access control; approvals for high-impact actions.

• SSO/SCIM planned for Enterprise; request via sales@lumioh.com.

• Workspace isolation with field-level permissions where applicable.

• AI actions are role-aware and logged; approvals available for sensitive steps.

• Budget controls: hard limits; wallet top-ups for Free; usage upgrades for paid plans.

• Data handling: customer data is not used to train foundation models; providers under contract; least-privilege scopes.

• Primary region today; regional options planned for Enterprise.

• Subprocessor list maintained at /subprocessors; vendors vetted with DPAs.

• SOC 2 and SIG/CAIQ in progress; SLAs/DPAs available for Enterprise on request.

• DSR: export/deletion supported via privacy@lumioh.com; see Privacy Policy.

Enterprise can request SSO/SCIM. Contact sales@lumioh.com.

Role-aware actions, audit logs, approvals, budget caps, and no model training on customer data.

Visit /status for live status and incident history.

Email security@lumioh.com or sales@lumioh.com for SOC/SIG/CAIQ/SLA placeholders.

SOC 2, SIG/CAIQ, SLA terms, and DPA will be posted here when finalized. Contact security@lumioh.com or sales@lumioh.com to request copies.