// Trust & Security Report
Shinyfields Limited (operating as Skylum)
Luminar Neo — AI-powered photo editing software for desktop, tablet, and mobile with on-device editing, generative AI features, and creative tools for photographers and designers.
Certifications held
1
Maturity
Growth
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on skylum.com“Shinyfields Limited commits to 'take commercially reasonable steps to maintain compliance with GDPR requirements.' For EEA transfers, Skylum implements Standard Contractual Clauses and other lawful mechanisms.”
> Show 7 unconfirmed / not-held certifications
source: skylum.comNo public evidence of SOC 2 certification found in Skylum's legal pages or published materials.
source: skylum.comNo public evidence of ISO 27001 certification found in Skylum's legal pages or published materials.
source: skylum.comLuminar Neo is a photo editing consumer tool, not a healthcare/medical service. HIPAA compliance is not applicable or claimed.
source: skylum.comSkylum states payment data is processed through 'third party PCI-compliant service providers' — Skylum itself does not claim PCI compliance.
source: skylum.comNo public evidence found.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Global — data may be stored 'on systems located outside the European Economic Area.' For EEA residents, Skylum implements Standard Contractual Clauses (SCCs) for safe international transfers.
For generative AI features in Luminar Neo, the EULA (Section 9.6) states: 'When using the Luminar Neo Generative AI features, your Input is processed in a cloud-based environment. However, we do not retain, store, or use your Input for any purpose other than the intended editing functions.' Users are also prohibited from using Luminar Neo's generative AI outputs to train their own ML models ('Using Luminar Neo Generative AI features for the training of any AI/ML models is expressly prohibited'). No explicit statement is published on whether Skylum trains its own foundation models on user data.
// Security controls
Encryption in transit
Acknowledged as necessary but not guaranteed. Policy states: 'the transmission of information via the internet is not completely secure.'
skylum.comTechnical and organizational measures
Skylum states they use 'technical and organizational measures to safeguard your Personal Data' and maintain 'appropriate technical and organizational measures for an appropriate level of security.' Specifics not disclosed.
skylum.comOn-device editing
Luminar Neo emphasizes 'full privacy with on-device editing' — core processing happens locally, reducing cloud data exposure. Generative AI features do process in cloud but inputs are not retained.
skylum.comData processors
Policy mentions processors are required to process Personal Data according to agreements, but no detailed DPA or sub-processor list is publicly available. Users should contact privacy@skylum.com for specifics.
skylum.com// Products & data scope
data: User-uploaded photos, device metadata, usage analytics (non-PII). Generative AI inputs are not retained.
One-time purchase or subscription model. AI features available (e.g., Sky Replacement, Portrait Enhancement, HDR Merge). On-device editing for most functions.
data: Same as desktop version.
Cross-device sync; edits from desktop can be continued on mobile.
data: User images and input parameters for generative tasks. Explicitly NOT retained by Skylum post-processing.
Cloud-based processing only for generative AI (e.g., object removal, sky replacement). Input data not used for Skylum model training per policy.
// What to watch
- No formal trust center or security certifications (SOC 2, ISO 27001) despite being a mature product.
- GDPR compliance is self-declared ('commercially reasonable steps') — not independently audited or certified.
- Data stored globally outside EEA without explicit geographic control — relies on legal transfer mechanisms (SCCs) rather than certified compliance frameworks.
- No published Data Processing Agreement (DPA) available; users must request via privacy@skylum.com.
- Product is consumer-grade photo editing software, not enterprise SaaS — security/compliance posture reflects that maturity level.
- AI-training policy is clear for user restrictions, but Skylum's own model-training practices not explicitly disclosed.
- On-device editing marketing claim suggests privacy-first architecture, but no independent audit or security architecture documentation available.
// At a glance
Pricing model
One-time perpetual license or annual/monthly subscription; lifetime access option available.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Shinyfields Limited (operating as Skylum)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
skylum.com