LumioGuard
Product How it works Connectors Pricing FAQ
Get early access →

Privacy Policy

Last updated: June 5, 2026 · Private beta

1.Who we are

This Privacy Policy explains how Lumio Software FZ LLC ("LumioGuard," "we," "us") handles information when you use the LumioGuard service at lumioguard.dev (the "Service"). LumioGuard is a continuous stack health platform for AI-built apps: we scan connected code and live services across six pillars and report findings, scores, and suggested fixes. This policy describes what we collect, what we deliberately do not collect, and the choices you have.

2.What we collect

We collect the following:

  • Account information — your name, email address, and authentication identifiers from the provider you sign in with (for example GitHub or Google), plus workspace and team membership details.
  • Connection credentials — the OAuth tokens and API keys you authorize when you connect a platform such as GitHub, Supabase, Neon, or Vercel. These are stored encrypted (see "How we protect your data") and are read-only by default.
  • Normalized scan findings — the structured results of a scan: finding identifiers, severities, scores across the six pillars, the specific code references that serve as evidence, and the suggested fixes we generate. These describe issues in your project; they are not a copy of your codebase.
  • Usage and diagnostic data — basic logs about how the Service is used, such as when scans run and errors that occur, used to operate and improve the Service.

3.What we do not collect or retain

We are deliberately narrow about what we keep:

  • We do not retain your repository contents after a scan completes. Code is fetched into an ephemeral sandbox for the duration of the scan and is discarded with the sandbox.
  • We do not read or store your application's database row data. The optional deep database scan reads system catalogs and statistics (such as pg_stat) only.
  • We do not sell your personal information, and we do not use your code or data to train third-party models for unrelated purposes.

4.How scans work

When you start a scan, the Service runs it inside a fresh, single-tenant AWS Fargate sandbox with no outbound network access beyond a single controlled path used to return results. The scan runs the checks, produces normalized findings, and the sandbox — including any copy of your code — is destroyed when the scan finishes. Results are written to a tenant-isolated database protected by fail-closed row-level security so that one workspace can never read another's data.

5.How we protect your data

Connection credentials are protected with AES-256-GCM envelope encryption, using per-record data keys with the key-encrypting keys held separately from the encrypted data. API keys and similar secrets are stored only as HMAC hashes. Access to your data is controlled by role-based permissions, every meaningful action is recorded in an append-only, tamper-evident audit log, and workspaces are isolated at the database layer.

6.How we share data and our subprocessors

We do not sell your data. We share information only with service providers ("subprocessors") that help us run the Service, under contracts that limit their use of the data:

  • Amazon Web Services — sandbox compute and infrastructure.
  • Cloudflare — application hosting, edge delivery, and database connectivity.
  • Supabase — managed Postgres database hosting.
  • Anthropic — the model that powers the scanning agent and analysis.
  • Resend — transactional email (for example, sign-in and notification emails).

We may also disclose information if required by law or to protect the rights, safety, and security of our users and the Service.

7.Retention and deletion

We keep account information for as long as your account is active. When you disconnect a platform, we delete the associated credentials. When you delete your account or your workspace, we erase your associated data, including stored findings and reports, except where we are required to keep limited records by law. Because we do not retain code or row data, there is nothing of that kind to delete after a scan — it was never kept.

8.Your rights and choices

You can disconnect any connected platform at any time, which revokes our access and deletes the stored credential. You can request access to, correction of, or deletion of your personal information by contacting us. Depending on where you live, you may have additional rights under applicable data protection law; we will honor those rights as required.

9.Contact

For privacy questions or requests, contact us at privacy@lumioguard.dev. The data controller is Lumio Software FZ LLC.

LumioGuard © 2026 Lumio Software FZ LLC
Home Terms Privacy