// Trust & Security Report

    Luminance Technologies Ltd logo

    Luminance Technologies Ltd

    Legal-Grade AI for contract automation, negotiation, analysis, compliance, investigation, and collaboration. Serves legal, compliance, procurement, finance, HR, sales, and marketing teams. Enterprise-focused with 1000+ customers across 70 countries.

    Certifications held

    2

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001:2022
    HELD

    Luminance is certified to ISO 27001:2022, reflecting our commitment to maintaining an effective Information Security Management System.

    Verify on luminance.com
    SOC 2 Type 2
    HELD

    Luminance has completed a successful SOC 2 Type 2 examination, which assesses controls related to security, availability, and confidentiality.

    Verify on luminance.com
    > Show 5 unconfirmed / not-held certifications
    GDPR
    NOT CONFIRMED

    GDPR is not a certification Luminance holds. However, they support GDPR compliance features and have Data Processing Agreements (DPA) available with Standard Contractual Clauses and EU-U.S. Data Privacy Framework.

    source: luminance.com
    HIPAA
    NOT CONFIRMED

    No public evidence of HIPAA certification found on Luminance's website or in available compliance documentation.

    source: luminance.com
    ISO 27017 (Cloud data protection)
    NOT CONFIRMED

    No public evidence found.

    source: luminance.com
    ISO 27018 (Personal data in cloud)
    NOT CONFIRMED

    No public evidence found.

    source: luminance.com
    ISO 27701 (Privacy management)
    NOT CONFIRMED

    No public evidence found.

    source: luminance.com

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Cambridge, United Kingdom (primary storage); EU-U.S. Data Privacy Framework and Standard Contractual Clauses for international transfers

    Luminance permits use of anonymized and pseudonymized customer data for product improvement and service enhancement. The terms state: 'we may carry out analytics and other review and storage processes on your User Data using anonymisation, pseudonymisation and other similar techniques.' For generative AI features (Ask Lumi), third-party providers may be involved, and redaction may not always be possible. Personal data itself is not retained or used to train core models.

    // Security controls

    Encryption in transit

    TLS 1.2+ with AES-128+ encryption

    luminance.com

    Encryption at rest

    AES-256 bit encryption via AWS Key Management Services

    luminance.com

    Data storage

    AWS-hosted with dedicated single-tenant instances per customer; nightly automated backups to secondary AWS data center (same region); 14-day minimum backup retention

    luminance.com

    Master encryption key rotation

    Regular rotation implemented

    luminance.com

    Access control

    Multi-factor authentication (MFA) required; application-level permissions configured by customers; role-based access using least privilege; all access tracked and audited

    luminance.com

    Threat detection

    Darktrace Enterprise Immune System deployment; Juniper firewalls; rate-limiting against DoS/brute force attacks; regular third-party penetration testing; mandatory security training for personnel

    luminance.com

    Breach notification

    Data controller informed within 24 hours of breach awareness

    luminance.com

    Third-party penetration testing

    Regular independent penetration testing conducted

    luminance.com

    // Products & data scope

    Luminance PlatformContract Automation & AI

    data: Processes customer contracts and legal documents; may train on anonymized data

    Enterprise legal AI for contract drafting, negotiation, analysis, compliance, investigation, and collaboration. Supports legal, compliance, procurement, finance, HR, sales, and marketing workflows.

    Ask Lumi (Generative AI feature)Generative AI

    data: Involves third-party AI providers; may not support full redaction

    Generative AI feature that may route data to third-party providers. Luminance disclaims responsibility for confidentiality issues if redaction is not possible.

    // What to watch

    • Generative AI feature (Ask Lumi) may involve third-party providers and may not support full redaction of sensitive data. Customers should verify this before processing confidential or protected information.
    • HIPAA is not mentioned as a certification. Luminance is not suitable for healthcare-regulated customer data without explicit HIPAA certification.
    • Data training note: Luminance uses anonymized/pseudonymized customer data for product improvements, but does not retain personal data. Customers processing highly sensitive data should review DPA terms carefully.
    • No mention of additional compliance certs (PCI DSS, FedRAMP, ISO 27017/27018/27701). Organization is UK-based with global presence.

    // At a glance

    Pricing model

    Enterprise subscription (not publicly detailed; contact sales)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Luminance Technologies Ltd's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    luminance.com

    > Browse all vendor trust reports