// Trust & Security Report

    Shinyfields Limited (operating as Skylum) logo

    Shinyfields Limited (operating as Skylum)

    Luminar Neo — AI-powered photo editing software for desktop, tablet, and mobile with on-device editing, generative AI features, and creative tools for photographers and designers.

    Certifications held

    1

    Maturity

    Growth

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    GDPR Compliance
    HELD

    Shinyfields Limited commits to 'take commercially reasonable steps to maintain compliance with GDPR requirements.' For EEA transfers, Skylum implements Standard Contractual Clauses and other lawful mechanisms.

    Verify on skylum.com
    > Show 7 unconfirmed / not-held certifications
    SOC 2 Type 1/2
    NOT CONFIRMED

    No public evidence of SOC 2 certification found in Skylum's legal pages or published materials.

    source: skylum.com
    ISO 27001
    NOT CONFIRMED

    No public evidence of ISO 27001 certification found in Skylum's legal pages or published materials.

    source: skylum.com
    HIPAA
    NOT CONFIRMED

    Luminar Neo is a photo editing consumer tool, not a healthcare/medical service. HIPAA compliance is not applicable or claimed.

    source: skylum.com
    PCI DSS
    NOT CONFIRMED

    Skylum states payment data is processed through 'third party PCI-compliant service providers' — Skylum itself does not claim PCI compliance.

    source: skylum.com
    ISO 27017 (cloud data protection)
    NOT CONFIRMED

    No public evidence found.

    source: skylum.com
    ISO 27018 (personal data protection in clouds)
    NOT CONFIRMED

    No public evidence found.

    source: skylum.com
    ISO 42001 (AI management system)
    NOT CONFIRMED

    No public evidence found.

    source: skylum.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Global — data may be stored 'on systems located outside the European Economic Area.' For EEA residents, Skylum implements Standard Contractual Clauses (SCCs) for safe international transfers.

    For generative AI features in Luminar Neo, the EULA (Section 9.6) states: 'When using the Luminar Neo Generative AI features, your Input is processed in a cloud-based environment. However, we do not retain, store, or use your Input for any purpose other than the intended editing functions.' Users are also prohibited from using Luminar Neo's generative AI outputs to train their own ML models ('Using Luminar Neo Generative AI features for the training of any AI/ML models is expressly prohibited'). No explicit statement is published on whether Skylum trains its own foundation models on user data.

    // Security controls

    Encryption in transit

    Acknowledged as necessary but not guaranteed. Policy states: 'the transmission of information via the internet is not completely secure.'

    skylum.com

    Technical and organizational measures

    Skylum states they use 'technical and organizational measures to safeguard your Personal Data' and maintain 'appropriate technical and organizational measures for an appropriate level of security.' Specifics not disclosed.

    skylum.com

    On-device editing

    Luminar Neo emphasizes 'full privacy with on-device editing' — core processing happens locally, reducing cloud data exposure. Generative AI features do process in cloud but inputs are not retained.

    skylum.com

    Data processors

    Policy mentions processors are required to process Personal Data according to agreements, but no detailed DPA or sub-processor list is publicly available. Users should contact privacy@skylum.com for specifics.

    skylum.com

    // Products & data scope

    Luminar Neo (Desktop)Photo Editing Software

    data: User-uploaded photos, device metadata, usage analytics (non-PII). Generative AI inputs are not retained.

    One-time purchase or subscription model. AI features available (e.g., Sky Replacement, Portrait Enhancement, HDR Merge). On-device editing for most functions.

    Luminar Neo (Mobile/Tablet)Photo Editing Software

    data: Same as desktop version.

    Cross-device sync; edits from desktop can be continued on mobile.

    Luminar Neo Generative AI FeaturesAI-powered Photo Enhancement

    data: User images and input parameters for generative tasks. Explicitly NOT retained by Skylum post-processing.

    Cloud-based processing only for generative AI (e.g., object removal, sky replacement). Input data not used for Skylum model training per policy.

    // What to watch

    • No formal trust center or security certifications (SOC 2, ISO 27001) despite being a mature product.
    • GDPR compliance is self-declared ('commercially reasonable steps') — not independently audited or certified.
    • Data stored globally outside EEA without explicit geographic control — relies on legal transfer mechanisms (SCCs) rather than certified compliance frameworks.
    • No published Data Processing Agreement (DPA) available; users must request via privacy@skylum.com.
    • Product is consumer-grade photo editing software, not enterprise SaaS — security/compliance posture reflects that maturity level.
    • AI-training policy is clear for user restrictions, but Skylum's own model-training practices not explicitly disclosed.
    • On-device editing marketing claim suggests privacy-first architecture, but no independent audit or security architecture documentation available.

    // At a glance

    Pricing model

    One-time perpetual license or annual/monthly subscription; lifetime access option available.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Shinyfields Limited (operating as Skylum)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    skylum.com

    > Browse all vendor trust reports