Hosting region and infrastructure
Lumipact is hosted in the EU. Application infrastructure runs in AWS (Frankfurt), and contract/auth data is stored in Supabase EU regions. We use managed infrastructure with regular patching and baseline monitoring.
Lumipact Security
Security is product behavior, not a PDF checkbox. This page explains how we host data, protect access, and handle incidents so you can assess risk in plain language.
Lumipact is hosted in the EU. Application infrastructure runs in AWS (Frankfurt), and contract/auth data is stored in Supabase EU regions. We use managed infrastructure with regular patching and baseline monitoring.
Data is encrypted in transit using TLS and encrypted at rest by our infrastructure providers. Credentials and server-side keys are stored outside source control and are rotated when needed.
Access is tenant-scoped by default. Role-based permissions control who can see, edit, and administer contract records. Sensitive agreements can be restricted to narrow groups, and actions are captured in an audit log.
Lumipact is designed for EU customers and GDPR expectations. Data processing stays in supported regions, customer data is segregated by tenant, and we support export and deletion workflows on request.
Customers can export contracts and structured metadata. If you cancel, we provide an export path and remove account data within 30 days unless a shorter deletion window is requested.
Core subprocessors currently include AWS (hosting), Supabase (database/auth/storage), and Resend (transactional email). A formal subprocessor register will be published before general availability.
TODO: publish full subprocessor list with regions and purpose.
We monitor availability and investigate suspicious behavior as a priority. Security incidents that affect customer data are triaged immediately, contained, and communicated to impacted customers with mitigation steps.
Security contact: security@lumipact.com
We use privacy-friendly analytics to understand which pages are useful. No ads, no cross-site tracking. Read our cookie policy.