Lumicura is in pre-launch.  Founding-school program open through August 2026. See terms →
Security & trust

The care you'd expect from a tool with your children's names in it.

Lumicura holds family contact information, parent messages, and volunteer-hour records — not student grades or health records. We treat every piece of data like the school's IT director is going to ask us about it on a Tuesday morning, because eventually one will.

Our honest stance. We're a small team building software for schools. We don't have a SOC 2 report, and we're not going to pretend otherwise. Here's what we do have, and what a school's IT director should know on day one.

Lumicura runs on well-understood, mainstream infrastructure (Microsoft Azure with US data residency, Azure SQL with strict per-school isolation, Stripe for payments). The data story is short because the product itself is focused: we don't touch student grades, attendance, or health records — those stay in your student information system, where they belong.

What we can do today: we'll send our security policies, a completed security questionnaire, and a redacted infrastructure diagram to any school's IT contact within one business day. Email security@lumicura.org.

Data protection

Your families' information is encrypted on the way to us and while it's sitting in our database, and it's walled off from every other school.

  • TLS 1.2+ in transit, AES-256 at rest
  • Azure SQL row-level security on every multi-tenant table
  • Automated backups with point-in-time restore (35-day window)
  • US-only data residency

Sign-in & access

Access is role-based — each person only sees what their role needs. Your organization decides who holds which role and assigns access to the people who run it.

  • Roster-verified sign-in — only families on your school's roster can create an account
  • Single sign-on (Google Workspace / Microsoft 365, SAML + SCIM) on District / Diocese plans
  • Two-factor authentication required for top-level admins
  • Session expiry and IP allow-listing for admin actions (District / Diocese)

Privacy

We collect only what the parent organization needs to run. Student records stay in your school's system. We never sell, share, or train AI on customer data.

  • Family contact info only — no grades, attendance, or health records
  • FERPA-aligned data handling for any student-adjacent fields
  • No third-party advertising or analytics inside the app
  • One-click export and deletion of a family's data on request

Infrastructure

Boring, well-understood Microsoft Azure — not a one-off setup. Everything is documented, with no surprises for your security review.

  • Microsoft Azure, US data residency (Azure SQL, Azure Functions, Azure Static Web Apps, Azure Storage, Azure SignalR)
  • Stripe for payments (PCI-DSS handled by Stripe)
  • Azure Front Door for DDoS + WAF
  • Subprocessor list public & versioned at /trust

Monitoring & response

An activity log a regular human can read. If something goes wrong, we tell you within 72 hours — usually much sooner.

  • Append-only audit log on every state-changing action
  • 24/7 alerting on auth, billing, and infra anomalies
  • 72-hour breach notification (faster when feasible)
  • Documented incident runbook, reviewed quarterly

What happens if we go away

This matters as much as what happens while we're here. We've written our exit plan into your data agreement.

  • Open-source release commitment if we shut down
  • 90-day read-only access on cancellation or wind-down
  • Full data export in machine-readable formats (JSON, CSV, iCal)
  • RTO 4h, RPO 24h target on infra failure

Privacy policy v1.2 · effective Feb 12, 2026

Plain-language summary: Lumicura collects only the family-directory information needed to run a parent organization. We don't sell or share that data. We don't train ML models on it. We don't touch student grades, attendance, or health information — those stay in your school's SIS.

What we collect. Family contact info, opt-in mobile push tokens, the announcements you read, the volunteer shifts you sign up for, the commitment-point activity tied to your family. Nothing else from the school's data.

What we don't. No advertising trackers, no third-party analytics on logged-in pages, no data brokers. We use first-party Plausible-style analytics on marketing pages only.

Your rights. Access, correction, deletion, and export — within 30 days, no charge. Tenant admins can do most of this themselves; for the rest, email privacy@lumicura.org.

Read the full privacy policy

Terms of service v1.0 · effective Jan 1, 2026

The bones: Lumicura provides software-as-a-service to parent organizations and schools. The customer (the parent org or school) controls the data; we process it on their instructions. We commit to availability, security, and continuity as described in the DPA. Either party can terminate with 30 days' notice.

We don't have an "AI training rights" clause. We don't have a "we can change these terms unilaterally without notifying you" clause. If we materially change the terms, we'll tell super-admins 30 days in advance.

Read the full terms of service

Data processing addendum v1.1 · effective Feb 12, 2026

Pre-signed DPA available on request. Standard for school-friendly SaaS: we are the processor; you are the controller. Sub-processor list with 30-day notice on additions. Standard contractual clauses for any cross-border transfer (we do US-only by default; this clause exists for district- or diocese-level customers with affiliated international schools).

FERPA. Lumicura is configured to be a "school official" with a "legitimate educational interest" — we're never the parent-facing record system; we're a tool the school uses to coordinate its parent community. We support a BAA on District / Diocese plans for organizations that prefer the stricter posture.

Read the full data processing addendum

Subprocessors

We use a deliberately short list. Any additions are announced to super-admins 30 days in advance. The live, versioned list is at /trust.

  • Microsoft Azure (US) — compute, storage, Azure SQL database hosting, CDN/WAF, and real-time messaging
  • Azure Communication Services (US) — transactional email, SMS, and push notifications
  • Stripe (US) — subscription billing and payment processing for buyouts and fundraisers
  • Anthropic (US) — AI content moderation and knowledge-base search; message content is processed for safety and is not used to train models
  • Microsoft Application Insights (US) — operational telemetry and diagnostics; no family-directory PII in payloads
See the full, versioned subprocessor list

Vulnerability disclosure

Found something? We want to know. Email security@lumicura.org with reproduction steps. We'll acknowledge within 1 business day, triage within 5, and credit you in our advisory if you'd like.

Safe-harbor commitment: good-faith research that doesn't degrade service, exfiltrate other customers' data, or violate privacy law is welcome and will not result in legal action from us.

Report a vulnerability

Status & uptime

Live status board at status.lumicura.org — public, no login. Subscribe to RSS or email for incident updates. We post post-mortems for any incident with customer impact > 5 minutes.

Service-level commitment: 99.9% monthly uptime, with credits for any month below. The current service status is shown below.

Open the live status page
Documents on request

Send us through your security review.

Our published policies — privacy, terms, DPA, subprocessors, and status — are linked from the summaries above. These two supporting documents round out a typical school IT review, sent within one business day. We don't gate them behind a form.

Live service status

All systems operational
Web app
Operational
API
Operational
Authentication
Operational
Notifications
Operational
Uptime target: 99.9% monthly, once live No incidents reported. View full status →

Have a security review to run? We're ready.

Email security@lumicura.org — we'll send the questionnaire, architecture diagram, and pre-signed DPA within one business day.