Security at Lumigo
With years of experience at the cutting edge of cloud security, you can depend on the Lumigo team to protect the integrity of your data.
SOC 2
Lumigo has successfully completed a System and Organization Controls (SOC) 2 Type II audit performed by Ernst & Young, LLP (EY)
ISO 27001 Certified
Lumigo holds ISO 27001 certification, requiring annual audits to maintain information security controls.
HIPAA Compliant
Lumigo is HIPAA compliant, ensuring secure handling of Protected Health Information. We've achieved ISO 27799 certification for compliance
GDPR Compliant
Lumigo ensures full compliance with GDPR regulations to protect your data, privacy, and security.
Our Security & Privacy Commitment
We are committed to adhering to the highest security and privacy standards, safeguarding sensitive information.
Leveraging Amazon Web Services (AWS) Cloud Services
Amazon Web Services (AWS) provides secure cloud services ensuring the integrity and safety of our infrastructure.
Regular External Architectural Reviews
Our platform and infrastructure undergo routine architectural reviews by external experts to ensure robustness and reliability.
Data Collection & Security
Customer’s Environment
Lumigo collects necessary data from the customer’s environment and relays it to the Lumigo backend over HTTPS (TLS 1.2).
Access Management
Authentication and Access Management from the Lumigo connector to the Lumigo backend is handled using unique tokens in order to ensure complete segregation between customers.
Customer’s Environment
Lumigo backend secures all resource access with IAM roles, following AWS best practices. Customers control runtime data, logs, and metrics, which can be turned off at any time. Most prefer to leave them on for a complete system picture.
Data Retention Policy
All aggregated data is saved for a period of no longer than one year, and customers have the right to specify if they wish to shorten the data retention period.
Protecting The Privacy Of Customers
Protecting the integrity of our customers in the GDPR era is very important to us. Lumigo follows GDPR guidelines as a data processor for services provided to our customers and we can make our Data Processing Addendum (DPA) available for execution on request. In addition, we are committed to helping our customers with their GDPR compliance processes by providing robust privacy and security protections built into our services and contracts.