Our Core Security Principles
Our security team monitors security notifications from all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work together with the product teams to ensure that all of Luminello’s code and infrastructure follow a secure development lifecycle process.
All of Luminello’s application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built-in.
Designed with redundancy, fault tolerance, and disaster recovery at the forefront, our services are distributed across separate data centers. All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses, and other security features.
For more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.
All data is stored in HIPAA-compliant AWS infrastructure, housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.
We ensure to the best of our abilities that we are delivering products that are free from security defects. All Luminello web application communications are PCI compliant and support TLS v1.2, and cannot be viewed by a third party.
Additionally, we support a number of security-focused features to help keep your data safe
- Data encryption – All customer data is encrypted at rest including user email addresses, user passwords, API keys, including 3rd party keys stored by Apps.
- Company-specific data is kept separate through logical separation at the data tier, based on application-level access permissions and roles.
- Authentication – Luminello supports 2FA access via the authenticator app.
Engineering and Operational Practices
We follow the following best practices:
- Immutable infrastructure – We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code.
- Incident response – We are on-call to respond to any security or availability incidents.