Lunsight Trust Center
Security Controls
Last reviewed: June 2026 · self-assessment, updated manually on each review
This page describes the technical and organizational measures that protect the Lunsight platform and the data our customers route through it. Controls marked Planned are part of our security roadmap and are not yet fully implemented; we publish them to give a complete and accurate view of our current posture.
Product Security
Data encrypted at rest
Customer data is stored in DigitalOcean managed databases with encryption at rest (Frankfurt, EU); files are stored in Cloudflare R2 with encryption at rest.
Data encrypted in transit
All traffic is encrypted in transit: TLS at the edge (Cloudflare), TLS to databases, and private-network or encrypted connections between internal services.
Edge protection: WAF, DDoS mitigation, rate limiting
All platform traffic, including API and webhook endpoints, is fronted by Cloudflare WAF, DDoS mitigation and rate limiting; origin servers are not directly reachable.
Vulnerability management
Automated monitoring of dependencies and container images for known vulnerabilities, with triage and remediation.
Infrastructure Security
Production access restricted
Access to production systems is limited to authorized engineers with a business need.
MFA on critical accounts
Multi-factor authentication is enforced for all personnel on cloud-provider, identity-provider, code-hosting and domain accounts.
Unique accounts, no shared credentials
Personnel use individual named accounts and SSH keys; shared credentials are prohibited.
Secrets and key access restricted
Encryption keys, API tokens and secrets are kept out of source code in managed secret storage with restricted access.
Physical security inherited from cloud providers
Physical infrastructure is operated by DigitalOcean and Cloudflare, each maintaining ISO 27001 / SOC 2 certified data centers. Lunsight operates no physical data centers.
Data & Privacy
Data retention and deletion procedures
Retention and deletion of personal data follow the Service Privacy Notice and customer agreements.
Sub-processor transparency
All sub-processors are published with their purpose, the data involved and the location of processing on the Sub-processors page.
AI data handling boundaries
Data submitted to AI features is processed by Anthropic under commercial terms and is not used for model training.
Data categories defined
Platform data is classified as Account Data and Customer Data with distinct processing roles, as documented in the Service Privacy Notice.
Organizational Security
Secure development lifecycle
Changes are validated by automated CI checks before reaching production.
Incident response plan
Documented incident response procedures for security and privacy incidents, including customer breach notification.
Security policies documented and reviewed
Formal information security policies, documented and reviewed at least annually.
Risk management program
Documented risk assessment and mitigation process.
Continuity
Automated backups
Databases are backed up automatically (DigitalOcean managed backups with point-in-time recovery).
Business continuity / disaster recovery plan
Documented continuity plan covering loss of key infrastructure or personnel.