Our Approach to Security
At CardLuma, security and data protection are foundational to how we build and operate our platform. We design our systems to minimize risk, limit access, and protect customer data throughout its lifecycle.
While no online service can guarantee absolute security, we take reasonable and industry-standard measures to safeguard information entrusted to us.
Data Protection Principles
We follow these core principles:
Account & Access Security
- Accounts are protected by authenticated login credentials
- Sensitive account actions require active authentication
- Users are responsible for safeguarding their credentials and access devices
Infrastructure & Network Security
- Hosted on secure cloud infrastructure
- Traffic is protected using industry-standard encryption (HTTPS/TLS)
- Network-level protection and traffic filtering provided by Cloudflare
- Continuous monitoring for availability and abuse patterns
Payments & Billing
- Payments are processed by Stripe
- CardLuma does not store or process full credit card numbers
- Payment data is handled directly by Stripe in accordance with their security standards
AI & Uploaded Content
- Uploaded images and metadata are processed only to provide the service
- User content is not used to train public or third-party AI models
- Content may be temporarily retained for service reliability or support
- Aggregated, anonymized data may be used to improve platform performance
Analytics & Monitoring
- Usage analytics help us understand feature performance and system health
- Analytics data is not used for advertising or cross-site tracking
- We do not sell or share personal data for marketing purposes
Incident Response
If we become aware of a security issue that affects user data, we will take reasonable steps to investigate, mitigate impact, and comply with applicable notification obligations.
Responsible Disclosure
If you believe you've identified a security vulnerability, please contact us at: support@cardluma.com
We appreciate responsible disclosure and will review reports in good faith.
eBay access — your questions answered
What permissions does CardLuma request from eBay? Only what's needed to create and manage your card listings on your behalf, authorized through eBay's official sign-in. CardLuma never sees or stores your eBay password.
Can CardLuma publish without my approval? You review listings before they go live — nothing publishes without you.
Can I disconnect eBay? Yes, anytime — from CardLuma settings, and you can also revoke access from your eBay account.
What happens if eBay sync fails? Reconnect from your eBay connection settings; if it persists, contact support and we'll help.
Does CardLuma store my eBay password? No. Authentication happens on eBay through its official sign-in flow.
Trust at a glance
Questions?
For security or trust-related questions, contact: support@cardluma.com