Security principles#
LumenFlow is built on three security principles:
- Encrypt everything — data at rest and in transit
- Minimize access — least privilege by default
- Log everything — immutable audit trail for all actions
How we protect your data#
LumenFlow uses multiple layers of protection:
- Encryption in transit — all communications secured with TLS 1.3
- Encryption at rest — all stored data is encrypted
- Workspace isolation — your data is completely separated from other customers
- Input validation — all inputs are validated and sanitized
- Role-based access — permissions enforced at every level
Data handling#
| Data type | Protection | Retention | Who can access |
|---|---|---|---|
| API keys | Encrypted with additional application-level protection | Until revoked | System only |
| Conversations | Encrypted at rest | Configurable (30–365 days) | Workspace members |
| Audit trail | Encrypted at rest | Per plan | Workspace members |
| OAuth tokens | Encrypted with additional application-level protection | Until revoked | System only |
Third-party access#
LumenFlow sends your data only to:
- LumenFlow managed inference — when you use the hosted default
- Your chosen LLM provider — when you connect a bring your own model key
- Connected services — via your OAuth tokens
- No other parties — ever
success LumenFlow does not train models on your data. Your conversations are not shared with AI providers beyond the API calls you initiate.