Security & Privacy

  • Lumigo is committed to following the highest security & privacy standards
  • Lumigo utilizes Amazon Web Services (AWS) secure cloud services
  • Lumigo’s platform and infrastructure undergo routine architectural reviews by external experts
  • Lumigo complies with GDPR as a data processor
  • Lumigo is ISO 27001 certified and HIPAA compliant

With years of experience at the cutting edge of cloud security, you can depend on the Lumigo team to protect the integrity of your data.

Founded by former executives from Check Point Software Technologies, Lumigo’s approach to security is informed by an unrivaled knowledge of enterprise-level cloud security. And we’ve put that expertise into practice by ensuring that we set the highest standards for security and privacy when it comes to our platform and internal processes.


Lumigo’s infrastructure – and the data we collect – is hosted entirely on Amazon Web Services (AWS) cloud, whose data centers are subject to strict physical and environmental controls, and stringent access restrictions. You can read more about that here. We don’t house any servers or network equipment at the Lumigo offices. As an APN Advanced Technology Partner, our architecture has also passed review by the AWS team.

Lumigo collects necessary data from the customer’s environment and relays it to the Lumigo backend over HTTPS (TLS 1.2).

Authentication and Access Management from the Lumigo connector to the Lumigo backend is handled using unique tokens in order to ensure complete segregation between customers.

Within the Lumigo backend, all resource access is secured utilizing IAM roles with the minimum set of permissions, following AWS best practices. Both the runtime data and the logs and metrics collected are controlled (and can be turned off at any time) by the customer, although most prefer to leave it on so as to get a complete picture of their system.

All aggregated data is saved for a period of no longer than one year, and customers have the right to specify if they wish to shorten the data retention period.


Protecting the integrity of our customers in the GDPR era is very important to us. Lumigo follows GDPR guidelines as a data processor for services provided to our customers and we can make our Data Processing Addendum (DPA) available for execution on request. In addition, we are committed to helping our customers with their GDPR compliance processes by providing robust privacy and security protections built into our services and contracts.

Lumigo has been independently audited to ensure that we meet the standards set out by GDPR and the Privacy Shield Framework.

If you’d like to receive a copy of our GDPR whitepaper, get in touch at [email protected]

HIPAA Compliant
Lumigo is HIPAA compliant, and so adheres to exacting standards to ensure the secure and private handling and transmission of Protected Health Information. In order to meet compliance to this standard, the company has undergone the ISO 27799 auditing and certification.

ISO 27001 Certified
Lumigo is ISO 27001 certified. This requires us to undergo an annual auditing process by a qualified independent party to ensure that we maintain a comprehensive suite of information security controls.

Information security is a top priority at Lumigo. We follow all SOC 2 best practices, as defined in the “five trust service principles” set out by AICPA.