Trust and security
Built with cybersecurity and customer privacy in mind, Lumana features secure by default and fully encrypted architecture.
Complete protection. In transit and at rest.
Storage
Video remains on-premises, stored locally with AES 256 encryption.
AES 256
Network
No open ports. Data transfer is secured via HTTPS encryption with TLS v1.2.
AES 256, TLS v1.2
Cloud
Data is always accessible and secured, in transit and at rest, with AES 256.
AES 256
Compliance
NDAA Compliant
Lumana cameras comply with the US 2019 National Defense Authorization Act (Section 889), which prohibits governing bodies from purchasing video communication equipment from specific manufacturers.
SOC-2 Type 2
Advantage Partners, an independent auditor, has confirmed that Lumana's design and controls in protecting customer data meet the requirements outlined in the AICPA 2017 Trust Services Criteria for Security.
HIPAA Compliant
Health Insurance Portability and Accountability Act safeguards the privacy, security, and integrity of individuals' health information, ensuring it is properly protectedand confidential.
Security-first leadership
Lumana maintains dedicated executive roles for cybersecurity and data privacy — a CISO who owns our security posture end-to-end, and a DPO who ensures compliance with GDPR and global data protection regulations.
Chief Information Security Officer
Our CISO spearheads Lumana’s cybersecurity strategy, fortifying threat management and hardening our security architecture across every product and layer of infrastructure.
Data Protection Officer
Our DPO embeds global data protection standards into every Lumana product and process, serving as the primary advocate for customer privacy and regulatory compliance at every stage of development
Application security
Fortified
APIs
Unique organization-based API keys ensure only authenticated and authorized users can access the system.
Vulnerability management
Lumana is routinely pen tested and features automatic firmware updates to stay ahead of emerging threats.
Single sign-on
(SSO)
Unified credentials across applications streamline access management and enhance overall system security.
Integrated audit
logs
Easily monitor how users interact with Lumana and see when activities occur and what specific actions have taken place.
Redundant cloud backup
Keep footage secure and inaccessible from physical and external threats by automatically storing video data in the cloud for up to 365 days.
Multi-factor authentication
Lumana supports Google Authenticator, offering robust Multi-Factor Authentication to protect against unauthorized access.
Role-based access control
Customizable user permissions and organizational roles provide the appropriate levels of access to locations and cameras.
External
storage
Utilize external storage options, such as S3 compliance objects, to securely extend backup retention.
Security-first leadership
No port-forwarding
No port forwarding is required, limiting your exposure to open ports, security risks, unauthorized access, and cyber attacks.
User identity authentication
System users are automatically authenticated via Okta, a lead Identity and Access Management (IAM) provider, to verify system access.
HTTPS in transit
All network traffic operates via HTTPS, guaranteeing encryption, authentication, and data integrity during transmission.
Independent local network
Lumana Core enables physical separation of your camera's local network from the internet, utilizing dual NIC configuration.
