Luminoso has implemented controls that are grounded in the ISO 27001 standard and are compliant with SOC 2 security and availability principles. Our API is only accessible through the use of Transport Layer Security (TLS), protecting our customer data in transit between our customers and our servers. Once customer data is on our servers, we implement additional safeguards, including firewalls, to ensure that only registered and authorized users in a customer's organization are able to access the data and analysis results belonging to that organization. Luminoso staff members have access to customer data only to the minimum extent necessary to perform our business functions.
Authenticated users of Luminoso's application sites are issued locally stored tokens for the purpose of recording encrypted and signed authentication information; these tokens exist for a limited duration and do not record any confidential user or customer information.