Lumiotech
Home/Policies/Security Policy

Security Policy

Our security measures and practices

Last Updated: December 5, 2024

This Security Policy outlines the security measures and practices implemented by Lumiotech Private Limited to protect user data and ensure secure operation of all our platforms including lumioNova, lumioWhisper, lumioCapital, and lumioSentry.

1. Infrastructure Security

1.1 Cloud Infrastructure

Our platforms are hosted on enterprise-grade cloud infrastructure aligned with ISO 27001 and SOC 2 Type II controls, featuring:

  • ISO 27001 and SOC 2 Type II certified data centers
  • Redundant systems and backups
  • 24/7 infrastructure monitoring
  • Geographic data redundancy

1.2 Network Security

We implement multiple layers of network security:

  • Enterprise-grade firewalls
  • DDoS protection
  • Network segregation
  • Regular security audits
  • Intrusion detection systems

2. Data Security

2.1 Encryption

All data is protected using:

  • TLS 1.3 for data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive communications
  • Secure key management systems

2.2 Data Access

Access to data is controlled through:

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews
  • Audit logging of all access
  • Segregation of duties

3. Application Security

3.1 Development Practices

Our development process includes:

  • Secure code reviews
  • Regular security testing
  • Vulnerability scanning
  • Third-party security audits
  • DevSecOps integration
  • Continuous security validation

3.2 Security Features

Our platforms implement:

  • Multi-factor authentication
  • Session management
  • Brute force protection
  • Input validation
  • XSS and CSRF protection
  • API security controls

4. User Account Security

4.1 Authentication

User accounts are secured through:

  • Strong password requirements
  • Multi-factor authentication
  • Regular session timeouts
  • Login attempt monitoring
  • Risk-based authentication

4.2 User Responsibilities

Users must:

  • Maintain strong, unique passwords
  • Enable 2FA when available
  • Report suspicious activities
  • Follow security best practices
  • Adhere to account sharing prohibitions

5. Operational Security

5.1 Monitoring and Logging

We maintain continuous monitoring of:

  • Secure logs of all ICT systems maintained for a rolling period of 180 days (in strict compliance with CERT-In April 2022 directions)
  • System performance and infrastructure health
  • Security events and access logs
  • Threat intelligence and anomaly detection

5.2 Incident Response

Our incident response includes:

  • 24/7 response team
  • Mandatory reporting of applicable cybersecurity incidents to CERT-In within 6 hours
  • Documented procedures with regular drills and testing
  • Post-incident analysis and remediation tracking
  • Customer notification protocols

6. Compliance and Auditing

Our security program is designed to align with strict B2B trust frameworks (like SOC 2 and ISO 27001) and includes:

  • Regular security assessments
  • Independent, third-party compliance audits and penetration testing
  • Security certifications
  • Regulatory compliance with Indian laws (including DPDP Act 2023 and CERT-In directions)
  • Industry standards adherence

6.1 Platform-Specific Security

We implement specialized security measures for each platform:

  • lumioNova: Advanced analytics security, data integrity controls
  • lumioWhisper: Conversation encryption, AI ethics safeguards
  • lumioCapital: Financial-grade security, regulatory compliance measures
  • lumioSentry: Military-grade protection, critical infrastructure safeguards

7. Vendor Security

We ensure security in our supply chain through:

  • Vendor security assessments
  • Security requirements in contracts
  • Regular vendor reviews
  • Third-party risk management
  • Supply chain monitoring

8. Physical Security

Our physical security controls include:

  • Access-controlled facilities
  • 24/7 monitoring and surveillance
  • Visitor management procedures
  • Environmental controls
  • Employee security awareness

9. Security Updates

We maintain security through:

  • Regular system updates
  • Security patch management
  • Vulnerability management
  • Continuous improvement
  • Security roadmap development

10. Reporting Security Issues

If you discover a security issue:

  • Report immediately to our security team
  • Do not disclose to third parties
  • Provide detailed information
  • Cooperate with investigation
  • Allow reasonable time for remediation

11. Disclaimers

While we implement comprehensive security measures:

  • No system is completely secure
  • Users are responsible for their account security
  • We cannot guarantee against all threats
  • Security is a shared responsibility
  • We continuously evolve our security posture

12. Contact Information

For security-related inquiries or reports:

Security Team

Email: legal@lumiotech.in

Stay Updated with Lumiotech

Get the latest insights on AI solutions, enterprise technology, and exclusive updates delivered directly to your inbox.

By subscribing, you agree to receive marketing emails from Lumiotech. You can unsubscribe at any time.