This page gives an overview of security procedures that we follow building the Luma company and product.


We process payments with Stripe who is a fully PCI-compliant service provider. They are certified with PCI DSS v3.2.1 compliance.

Luma does not process or stay any payment information.


Luma does not share or sell any of your data with other sources. You can read more information about how seriously we take your privacy at


We use Amazon AWS ECS + EC2 to host our technical infrastructure and servers. Amazon AWS has the following compliance PCI-DSS Level 1 Service Provider, ISO 27001 certified, and SAS-70 Type II and SSAE16.

Development Process

We employ both internal and external testing and validation of our development process.

Our application and code is scanned for static and dynamic code vulnerabilities. All engineers receive training and guidance regarding best in industry level security practices.


Data is encrypted in transit and at rest. We work with Amazon AWS to encrypt our data stored in our database and cached.

CloudFlare enforces strict HSTS SSL encryption across the site and API.

Incident Response

All engineers are trained in incident response. We have systems monitoring the performance and reliability of our servers 24x7.

Engineers serve rotating on-call rotations and are able to respond to incidents in a timely manner.

SOC Compliance In Progress

We have begun the process of SOC Compliance audit. We will update this page when the audit has been completed.


If you have questions or have found a suspected vulnerability, you can contact us at