The care you'd expect from a tool with your children's names in it.
Lumicura holds family contact information, parent messages, and volunteer-hour records — not student grades or health records. We treat every piece of data like the school's IT director is going to ask us about it on a Tuesday morning, because eventually one will.
Our honest stance. We're a small team building software for schools. We don't have a SOC 2 report, and we're not going to pretend otherwise. Here's what we do have, and what a school's IT director should know on day one.
Lumicura runs on well-understood, mainstream infrastructure (Microsoft Azure with US data residency, Azure SQL with strict per-school isolation, Stripe for payments). The data story is short because the product itself is focused: we don't touch student grades, attendance, or health records — those stay in your student information system, where they belong.
What we can do today: we'll send our security policies, a completed security questionnaire, and a redacted infrastructure diagram to any school's IT contact within one business day. Email security@lumicura.org.
Data protection
Your families' information is encrypted on the way to us and while it's sitting in our database, and it's walled off from every other school.
TLS 1.2+ in transit, AES-256 at rest
Azure SQL row-level security on every multi-tenant table
Automated backups with point-in-time restore (35-day window)
US-only data residency
Sign-in & access
Access is role-based — each person only sees what their role needs. Your organization decides who holds which role and assigns access to the people who run it.
Roster-verified sign-in — only families on your school's roster can create an account
Single sign-on (Google Workspace / Microsoft 365, SAML + SCIM) on District / Diocese plans
Two-factor authentication required for top-level admins
Session expiry and IP allow-listing for admin actions (District / Diocese)
Privacy
We collect only what the parent organization needs to run. Student records stay in your school's system. We never sell, share, or train AI on customer data.
Family contact info only — no grades, attendance, or health records
FERPA-aligned data handling for any student-adjacent fields
No third-party advertising or analytics inside the app
One-click export and deletion of a family's data on request
Infrastructure
Boring, well-understood Microsoft Azure — not a one-off setup. Everything is documented, with no surprises for your security review.
Microsoft Azure, US data residency (Azure SQL, Azure Functions, Azure Static Web Apps, Azure Storage, Azure SignalR)
An activity log a regular human can read. If something goes wrong, we tell you within 72 hours — usually much sooner.
Append-only audit log on every state-changing action
24/7 alerting on auth, billing, and infra anomalies
72-hour breach notification (faster when feasible)
Documented incident runbook, reviewed quarterly
What happens if we go away
This matters as much as what happens while we're here. We've written our exit plan into your data agreement.
Open-source release commitment if we shut down
90-day read-only access on cancellation or wind-down
Full data export in machine-readable formats (JSON, CSV, iCal)
RTO 4h, RPO 24h target on infra failure
Privacy policy v1.2 · effective Feb 12, 2026
Plain-language summary: Lumicura collects only the family-directory information needed to run a parent organization. We don't sell or share that data. We don't train ML models on it. We don't touch student grades, attendance, or health information — those stay in your school's SIS.
What we collect. Family contact info, opt-in mobile push tokens, the announcements you read, the volunteer shifts you sign up for, the commitment-point activity tied to your family. Nothing else from the school's data.
What we don't. No advertising trackers, no third-party analytics on logged-in pages, no data brokers. We use first-party Plausible-style analytics on marketing pages only.
Your rights. Access, correction, deletion, and export — within 30 days, no charge. Tenant admins can do most of this themselves; for the rest, email privacy@lumicura.org.
The bones: Lumicura provides software-as-a-service to parent organizations and schools. The customer (the parent org or school) controls the data; we process it on their instructions. We commit to availability, security, and continuity as described in the DPA. Either party can terminate with 30 days' notice.
We don't have an "AI training rights" clause. We don't have a "we can change these terms unilaterally without notifying you" clause. If we materially change the terms, we'll tell super-admins 30 days in advance.
Data processing addendum v1.1 · effective Feb 12, 2026
Pre-signed DPA available on request. Standard for school-friendly SaaS: we are the processor; you are the controller. Sub-processor list with 30-day notice on additions. Standard contractual clauses for any cross-border transfer (we do US-only by default; this clause exists for district- or diocese-level customers with affiliated international schools).
FERPA. Lumicura is configured to be a "school official" with a "legitimate educational interest" — we're never the parent-facing record system; we're a tool the school uses to coordinate its parent community. We support a BAA on District / Diocese plans for organizations that prefer the stricter posture.
Found something? We want to know. Email security@lumicura.org with reproduction steps. We'll acknowledge within 1 business day, triage within 5, and credit you in our advisory if you'd like.
Safe-harbor commitment: good-faith research that doesn't degrade service, exfiltrate other customers' data, or violate privacy law is welcome and will not result in legal action from us.
Live status board at status.lumicura.org — public, no login. Subscribe to RSS or email for incident updates. We post post-mortems for any incident with customer impact > 5 minutes.
Service-level commitment: 99.9% monthly uptime, with credits for any month below. The current service status is shown below.
Our published policies — privacy, terms, DPA, subprocessors, and status — are linked from the summaries above. These two supporting documents round out a typical school IT review, sent within one business day. We don't gate them behind a form.