Information Security & Privacy
Your data’s security and privacy are Luminovo’s top priorities. If you have any comments, concerns or questions about our data security & privacy at Luminovo, please send your request to security@luminovo.com.
Data Security & Privacy Documents
Luminovo GmbH Data Processing Agreement
View and download as Google Docs (DOCX) file:
Luminovo Inc. Data Processing Agreement
View as PDF file:
ISO 27001:2022 Certificate
View as PDF file:
Data Privacy Statement of our products
View & download as Google Docs (DOCX) file:
Data Privacy Statement of our website luminovo.com
View & download as Google Docs (DOCX) file:
Enterprise-ready security & privacy
Germany based. Our Microsoft Azure hosting servers are located in Frankfurt, Germany.
ISO 27001 certified. All data hosting solutions (provided by Microsoft Azure) are fully compliant with ISO 27001 and SOC 2. Luminovo has been ISO 27001 certified since June 2023.
Encryption in-transit and at-rest. All data is encrypted at rest using FIPS 140-2 validated cryptographic modules and the AES 256-bit cipher. For transport layer security, we use TLS 1.2+ everywhere.
Multi-tenant security. With a multi-tenant architecture our software ensures data separation of different customers on a database level
Information security officer. Data security is a top-level management priority. Our founder and managing director Timon Ruban is our information security officer.
GDPR-compliant. As an EU-based company, we adhere to GDPR compliance.
Backups and disaster recovery. We do automatic instantaneous backups and keep the backups in zone-redundant storage for 14 days.
Vulnerability protection. We use an automated security scanner on every code change to uncover any known vulnerabilities and misconfigurations in our software.
DDoS protection. Access to our servers is protected from denial-of-service attacks using Cloudflare’s always-on DDoS protection.
Suspicious IP throttling. We automatically protect against suspicious logins targeting too many accounts from a single IP address.
Strong password policies. A strong password policy (disallowing the 10,000 most common passwords; disallowing personal data – like the name – and enforcing minimum length, special characters, lower- and uppercase characters and numbers in any password) make it difficult, if not improbable, for someone to guess a password through either manual or automated means.
Multi-factor authentication. We offer the option to secure your logins with multi-factor authentication.
Single Sign-On (SSO) and SAML. Available on Enterprise plans for secure, streamlined authentication.
Role-based access control. Define user and admin roles for customised access permissions.
FAQs
Explore all the most frequently asked questions.
How long do you store my data?
Luminovo deletes personal data after 30 days unless otherwise defined by law. Exceptions are data such as names and e-mail addresses which will be deleted at the end of the contract period. Deletion happens automatically in the relevant tools of our subprocessors. If no automatic deletion functionality is available, Luminovo’s Product Intelligence unit deletes personal data manually. For more in-depth information, please contact us at security@luminovo.com.
All customer data gets deleted by Luminovo 30 days after the agreement ends, or earlier upon written request by the customer (GTC 11.5).
Do you share personal data with subprocessors?
Which cookies does your website collect?
Which cookies does your software collect?
Which are your technical and organisational measures (TOMs)?
How do you ensure effective security monitoring and responding to incidents?
What happens in case of a personal data breach?
Book a free demo
Let our product specialists guide you through the platform and show you how it can improve your procurement processes and specific needs. Or check out a 5-min video of the most relevant features.