Skip to content
LumixSys
Trust Center

The security posture of a security company should be public.

LumixSys publishes its compliance certifications, security posture, sub-processor list, and operational telemetry — continuously. This page is the index.

Read responsible disclosureRequest audit reports
Live security posture

The same numbers our exec team reviews every Monday.

Uptime (rolling 30d)
99.997%
Open P1 incidents
0
Mean detection (ARIA)
180ms
Crypto-agility coverage
100% of tenants
Sub-processors
12 · public list
Last pen test
Q1 2026 · Trail of Bits
Compliance & certifications

What we are continuously attested against.

SOC 2 Type II
Security, Availability, Confidentiality
Certified
Since Q1 2025audit refreshed continuously
ISO 27001:2022
Information Security Management System
Certified
Since Q3 2025
ISO 27701:2019
Privacy Information Management
Certified
Since Q4 2025
PCI DSS 4.0
Level 1 Service Provider
Attested
Since Q1 2026
GDPR (EU & UK)
Controller + Processor obligations
Compliant
Since 2024
HIPAA + HITRUST CSF v11
Covered entity & Business Associate
Mapped
Since Q4 2025BAA available
DORA (EU)
Articles 5–24 mapped
Compliant
Since Q1 2026
CMMC L3
Defense Industrial Base
110/110 controls evidenced
Since In process
FedRAMP High
US Federal Civilian
ATO target Q3 2026
Since In process
Sub-processors

Every third party that touches customer data.

We notify all customers 30 days before adding any sub-processor. Subscribe to changes at trust-updates@lumixsys.com.

Vendor
Purpose
Region
  • Amazon Web Services
    Primary cloud hosting
    US-EAST, US-WEST, EU-WEST, AP-SE
  • Google Cloud Platform
    Secondary cloud hosting
    US-CENTRAL, EU-WEST
  • Cloudflare
    Edge & DDoS protection
    Global
  • Datadog
    Internal observability
    US-EAST
  • Stripe
    Subscription billing
    US
  • Twilio Segment
    Product analytics (opt-in)
    US
  • Linear
    Engineering issue tracking
    US
  • Notion
    Internal documentation
    US
  • Okta + Workday
    IDP and HRIS
    US
  • Atlassian
    Code review and CI
    US
  • Snowflake
    Internal data warehouse
    US
  • HashiCorp Cloud
    Secrets management (employee)
    US
Documents

What you can request — and how fast.

Security & Privacy Whitepaper · 2026

Architecture, key management, sub-processors, residency.

Request
SOC 2 Type II Report

Available under NDA. Provided within 24h of request.

Request
Pen Test Executive Summary · Q1 2026

Trail of Bits engagement. Available under NDA.

Request
Data Processing Addendum (DPA)

Auto-attached to customer agreements. EU SCCs + UK IDTA.

Request
Vulnerability Disclosure Policy

Safe-harbor language and 24/7 contact.

Request
Cryptographic Inventory (CBOM)

All primitives, libraries, and rotation schedules.

Request
Quarterly Trust Report

We publish what didn't hit target — every quarter.

Most security vendors publish marketing. We publish what broke, what we learned, and which SLOs we missed. The 2026 Q1 report includes 3 SLO deviations, 2 incident retrospectives, and the resulting roadmap.

3
SLO deviations Q1 2026
2
Customer-impacting incidents
0
Sensitive data exposed
Read the Q1 2026 Trust Report
Secure your infrastructure

Move to quantum-safe in a quarter — not a decade.

Talk with a Lumix architect about a 90-day post-quantum rollout, a live SpectraShield demo on your stack, and the breach math that should be on your board agenda this week.

Request a security briefingSee pricing
SOC 2 Type II · ISO 27001Responsible disclosureRead the field guide