Encryption
TLS 1.3 in transit. AES-256 at rest. Per-user vector indexes, isolated by row-level security at the database layer.
Access control
Zero-trust internal network. Admin access requires SSO + hardware key. Audit logs for every privileged action.
Inference
Prompts route through a private gateway. Upstream providers do not retain data for training. No-train flags set where the provider supports them.
Tenancy
Logical isolation per user, with RLS enforced in Postgres. Vector retrieval is scoped server-side — a misconfigured client cannot bypass it.
Disclosure
Found something? support@lumendralabs.com. We respond within 48h and credit researchers in our hall of fame.