Last Updated: June 11, 2026
This is our plain-language statement of how Lumina handles your data and where we stand on compliance. We do not claim certifications we have not earned: an architecture is "designed to support" a framework until an audit is passed.
Lumina runs on a local-first architecture. A full analytical SQL engine runs on your own device, inside the browser, and your datasets are processed and persisted locally. Raw data is never uploaded to our servers.
To answer a question, the AI receives only the structure it needs: column names, data types, and a small sample (typically the first 5 to 20 rows). The full dataset stays on the device. This sample is the single point where field-level values leave the browser, and it is governed by the in-product Firewall and data-loss-prevention controls.
Detailed architecture and security documentation, including the data-flow diagram and our internal control set, is available to qualified buyers under NDA or on request.
Trust is not only about where data sits; it is about whether you can check the answer. Lumina is built for glass-box, verifiable AI: the model reasons, but your rules, thresholds, and standards live outside it as owned, versioned, auditable IP. Every answer can be traced back to the rule and the query that produced it, so a result is something you can inspect rather than take on faith.
| Provider | Purpose | Region |
|---|---|---|
| Google Cloud (Gemini API) | LLM processing of query metadata and a small data sample | United States |
| Google Firebase (Auth + Firestore) | Authentication, account profile, plan, LUM wallet, opt-in memories | United States · Canada (optional) |
| Google Cloud Run + Cloud Build | Application hosting and deployment pipeline | United States · Canada (optional) |
| Stripe | Payment processing (card data tokenized by Stripe, never stored by us) | United States |
| SendGrid | Transactional and campaign email | United States |
We do not claim certifications we have not earned.
| Framework | Status | Detail |
|---|---|---|
| SOC 2 (Type II) | In progress | Not yet certified. Architecture designed to support the Trust Services Criteria. Formal readiness assessment and control validation are underway. |
| ISO 27001 | Evaluating | Not yet certified. Under evaluation for international and EU customers. |
| GDPR | Aligned by design | Data minimization built into the local-first architecture. See our Privacy Policy. |
| PIPEDA / PIPA (Canada) | Aligned | PyxonData Inc. is an Alberta company. See our Privacy Policy. |
| HIPAA | Architecture support | Local-first processing keeps raw data on the device. A signed BAA is required for any covered use and is not yet offered. |
PyxonData Inc. is based in Alberta, Canada. Cloud infrastructure and sub-processors are hosted in the United States. Because raw datasets stay on the device, the data that crosses a border is limited to account information and query metadata. See our Privacy Policy for international transfer details.
Lumina's method for multi-agent conflict resolution, the technology behind the Boardroom, is the subject of a pending U.S. provisional patent application (No. 63/955,994). Patent pending.
Report security vulnerabilities to support@lumina.express. We ask for a reasonable opportunity to investigate and remediate before public disclosure, and we do not pursue legal action against researchers acting in good faith.
Organizations evaluating Lumina for a regulated environment can contact support@lumina.express for security documentation, the data-flow diagram, and a discussion of specific compliance requirements. See our Enterprise deployment options or book a demo to walk through your requirements.