Security & Trust - CardLuma

Our Approach to Security

At CardLuma, security and data protection are foundational to how we build and operate our platform. We design our systems to minimize risk, limit access, and protect customer data throughout its lifecycle.

While no online service can guarantee absolute security, we take reasonable and industry-standard measures to safeguard information entrusted to us.

Data Protection Principles

We follow these core principles:

Least privilege Access to systems and data is restricted to what is necessary.

Separation of concerns Payment processing, analytics, and infrastructure are handled by specialized providers.

Defense in depth Multiple layers of technical and operational safeguards are used.

Transparency We clearly disclose how data is handled and used.

Account & Access Security

Accounts are protected by authenticated login credentials
Sensitive account actions require active authentication
Users are responsible for safeguarding their credentials and access devices

Infrastructure & Network Security

Hosted on secure cloud infrastructure
Traffic is protected using industry-standard encryption (HTTPS/TLS)
Network-level protection and traffic filtering provided by Cloudflare
Continuous monitoring for availability and abuse patterns

Payments & Billing

Payments are processed by Stripe
CardLuma does not store or process full credit card numbers
Payment data is handled directly by Stripe in accordance with their security standards

AI & Uploaded Content

Uploaded images and metadata are processed only to provide the service
User content is not used to train public or third-party AI models
Content may be temporarily retained for service reliability or support
Aggregated, anonymized data may be used to improve platform performance

Analytics & Monitoring

Usage analytics help us understand feature performance and system health
Analytics data is not used for advertising or cross-site tracking
We do not sell or share personal data for marketing purposes

Incident Response

If we become aware of a security issue that affects user data, we will take reasonable steps to investigate, mitigate impact, and comply with applicable notification obligations.

Responsible Disclosure

If you believe you've identified a security vulnerability, please contact us at: support@cardluma.com

We appreciate responsible disclosure and will review reports in good faith.

Questions?

For security or trust-related questions, contact: support@cardluma.com