Security Policies

Our Core Security Principles

Security Team

Our security team monitors security notifications from all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work together with the product teams to ensure that all of Luminello’s code and infrastructure follow a secure development lifecycle process.


All of Luminello’s application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built-in.

Designed with redundancy, fault tolerance, and disaster recovery at the forefront, our services are distributed across separate data centers. All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses, and other security features.

For more specific details regarding AWS security, please refer to

Data Center

All data is stored in HIPAA-compliant AWS infrastructure, housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.


We ensure to the best of our abilities that we are delivering products that are free from security defects. All Luminello web application communications are PCI compliant and support TLS v1.2, and cannot be viewed by a third party.

Additionally, we support a number of security-focused features to help keep your data safe

  • Data encryption – All customer data is encrypted at rest including user email addresses, user passwords, API keys, including 3rd party keys stored by Apps.
  • Company-specific data is kept separate through logical separation at the data tier, based on application-level access permissions and roles.
  • Authentication – Luminello supports 2FA access via the authenticator app.

Engineering and Operational Practices

We follow the following best practices:

  • Immutable infrastructure – We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code.
  • Incident response – We are on-call to respond to any security or availability incidents.

Contact us

Custom forms & templates

Hire us to create custom questionnaires and templates for you.

Practice management reports

Notes per month

Group Practice: Total EMR Cost Comparison

Group practice pricing calculator

Select the number of licenses for your team from each plan to see the subscription cost.

Group practices

Automated chart importing

Unlimited admin assistants

Invoicing + auto-pay

Pre-screen form in public profile

Get started with paperwork quickly!

Expand Your Practice with Telehealth

Expand Your Practice with Telehealth