Lumicura is in pre-launch.  Founding-school program open through August 2026. See terms →
Lumicura
Sign in Start free trial
Security & trust

The security posture you'd expect from a tool with student names in it.

Lumicura handles family directories, parent communications, and commitment ledgers — not student grades or health records. We treat every byte that comes in like the school's IT director will read our data flow diagram on a Tuesday morning, because eventually one will.

Our honest stance. We're a small team building software for schools. We don't have a SOC 2 report yet, and we won't pretend otherwise. Here's what we do have, what we're working toward, and what we'd want a customer's IT director to know on day one.

We've built Lumicura on well-understood infrastructure (US-based AWS, Postgres with row-level security, Casbin for RBAC, Stripe for payments). Our data minimization story is short because the product itself is narrow: we don't touch student grades, attendance, or health records — those stay in your SIS.

SOC 2 Type I is in progress for late 2026. In the meantime, we'll send our policies, security questionnaire responses, and a redacted infrastructure diagram to any prospective school's IT contact within one business day. Email security@lumicura.com.

Data protection

Encrypted in transit and at rest, with row-level isolation between tenants enforced at the database layer.

  • TLS 1.2+ in transit, AES-256 at rest
  • Postgres row-level security on every multi-tenant table
  • Daily automated backups, 30-day retention, point-in-time recovery
  • US-only data residency (us-east-1 + us-west-2)

Access & identity

Casbin-policy RBAC with five built-in roles (parent, faculty, committee chair, board, super-admin), customizable on the Diocese plan.

  • SSO via Google Workspace, Microsoft 365 (OIDC)
  • SAML + SCIM provisioning on Diocese plan
  • Mandatory MFA for super-admin accounts
  • Session expiry, IP allow-listing for admin actions (Diocese)

Privacy & minimization

We collect only what the parent organization needs to operate. Student records stay in your SIS. We do not sell, share, or train on customer data.

  • Family directory only — no grades, attendance, or health
  • FERPA-aligned data handling for any student-adjacent fields
  • No third-party analytics on logged-in pages — first-party only
  • One-click family-data export and deletion

Infrastructure

Boring, well-understood AWS — not a custom edge stack. Documented dependencies, no surprises in your security review.

  • AWS US (RDS Postgres, S3, CloudFront, ECS)
  • Stripe for payments (PCI-DSS handled by Stripe)
  • Cloudflare for DDoS + WAF
  • Subprocessor list public & versioned at /trust

Monitoring & response

Audit logs that the chancery's auditor can read. Incident response with a 72-hour customer-notification commitment.

  • Append-only audit log on every state-changing action
  • 24/7 alerting on auth, billing, and infra anomalies
  • 72-hour breach notification (faster when feasible)
  • Documented incident runbook, reviewed quarterly

Continuity

What happens if Lumicura goes away matters as much as what happens while we're here. Our exit story is in the DPA.

  • Open-source release commitment if we shut down
  • 90-day read-only access on cancellation or wind-down
  • Full data export in machine-readable formats (JSON, CSV, iCal)
  • RTO 4h, RPO 24h target on infra failure

Privacy policy v1.2 · effective Feb 12, 2026

Plain-language summary: Lumicura collects only the family-directory information needed to run a parent organization. We don't sell or share that data. We don't train ML models on it. We don't touch student grades, attendance, or health information — those stay in your school's SIS.

What we collect. Family contact info, opt-in mobile push tokens, the announcements you read, the volunteer shifts you sign up for, the commitment-point activity tied to your family. Nothing else from the school's data.

What we don't. No advertising trackers, no third-party analytics on logged-in pages, no data brokers. We use first-party Plausible-style analytics on marketing pages only.

Your rights. Access, correction, deletion, and export — within 30 days, no charge. Tenant admins can do most of this themselves; for the rest, email privacy@lumicura.com.

Terms of service v1.0 · effective Jan 1, 2026

The bones: Lumicura provides software-as-a-service to parent organizations and schools. The customer (the parent org or school) controls the data; we process it on their instructions. We commit to availability, security, and continuity as described in the DPA. Either party can terminate with 30 days' notice.

We don't have an "AI training rights" clause. We don't have a "we can change these terms unilaterally without notifying you" clause. If we materially change the terms, we'll tell super-admins 30 days in advance.

Data processing addendum v1.1 · effective Feb 12, 2026

Pre-signed DPA available on request. Standard for school-friendly SaaS: we are the processor; you are the controller. Sub-processor list with 30-day notice on additions. Standard contractual clauses for any cross-border transfer (we do US-only by default; this clause exists for diocese-level customers with affiliated international schools).

FERPA. Lumicura is configured to be a "school official" with a "legitimate educational interest" — we're never the parent-facing record system; we're a tool the school uses to coordinate its parent community. We support BAA on Diocese plans for organizations that prefer the stricter posture.

Subprocessors

We use a deliberately short list. Any additions are announced to super-admins 30 days in advance.

  • Amazon Web Services (US) — compute, storage, database hosting
  • Cloudflare (US) — DDoS protection, WAF, CDN
  • Stripe (US) — payment processing for buyouts and fundraisers
  • Postmark (US) — transactional email delivery
  • Sentry (US, self-hosted) — error monitoring (no PII in error payloads)

Vulnerability disclosure

Found something? We want to know. Email security@lumicura.com with reproduction steps. We'll acknowledge within 1 business day, triage within 5, and credit you in our advisory if you'd like.

Safe-harbor commitment: good-faith research that doesn't degrade service, exfiltrate other customers' data, or violate privacy law is welcome and will not result in legal action from us.

Status & uptime

Live status board at status.lumicura.com — public, no login. Subscribe to RSS or email for incident updates. We post post-mortems for any incident with customer impact > 5 minutes.

Service-level commitment: 99.9% monthly uptime, with credits for any month below. The current 90-day rolling status is shown below.

Trust documents

Send us through your security review.

Everything you need to put Lumicura through a typical school IT review. PDFs available on request — we don't gate them behind a form.

PDF

Security questionnaire (CAIQ-Lite)

Cloud Security Alliance lite questionnaire, completed and current.

v2026.1·32 pages
PDF

Architecture overview

Redacted infrastructure diagram, data flow, and dependency list.

v1.2·14 pages
PDF

Pre-signed DPA

School-friendly data processing addendum, ready to sign.

v1.1·9 pages
PDF

Privacy policy & ToS

Current customer-facing privacy and terms documents.

v1.2 / v1.0·11 pages
Web

Subprocessor list (live)

Always current. Subscribe to changes via RSS or email.

5 subprocessors
Web

Status page & post-mortems

Live uptime, incident history, and root-cause writeups.

99.97% (90d)

Status — last 90 days

All systems operational
Web app
99.99% · 90d
API
99.97% · 90d
Auth (SSO)
99.94% · 90d
Notifications
99.98% · 90d
99.97% overall uptime · last 90 days Last incident: Feb 4, 2026 — 8m degraded auth View full status →

Have a security review to run? We're ready.

Email security@lumicura.com — we'll send the questionnaire, architecture diagram, and pre-signed DPA within one business day.

Email security team See live status