Back to home

Security Policy

Effective date: February 23, 2026

This Security Policy outlines the measures Lumiotech Private Limited ("Lumiotech," "we," "us," or "our") takes to protect user data and ensure the safety of our platforms, including lumioWhisper ("Whisper"), an intelligent corporate agent platform. By using our services or otherwise engaging with Lumiotech, you acknowledge that you have read, understood, and agree to the terms of this Security Policy.

1. Purpose and Scope

The purpose of this Policy is to establish the framework and principles by which Lumiotech secures its systems, data, and infrastructure. It applies to all users, employees, contractors, and partners who have access to our platforms or data.

2. Roles and Responsibilities

Senior Management: Responsible for overseeing the development and implementation of security measures.
Security Team: Monitors threats, enforces policies, conducts security assessments, and addresses incidents.
All Personnel: Expected to follow security best practices, report incidents, and adhere to this Policy.

3. Physical Security

Lumiotech implements various physical security measures at its facilities, including restricted access, security cameras, and visitor sign-in procedures. Only authorized personnel are granted access to sensitive areas.

4. Access Controls

We use role-based access controls (RBAC) to ensure that users and employees only have access to the data and systems necessary for their roles. Access privileges are reviewed periodically to maintain the principle of least privilege.

5. Data Encryption

Lumiotech employs encryption for data at rest and in transit. We use industry-standard encryption protocols (such as TLS) to protect sensitive data during transmission, and secure storage solutions for data at rest.

6. Network Security and Logging

Our network security measures include firewalls, intrusion detection/prevention systems, and regular vulnerability assessments. As mandated by the CERT-In Directions 2022, we securely enable and maintain logs of all our Information and Communication Technology (ICT) systems within India for a rolling period of 180 days. Additionally, our ICT system clocks are synchronized with the Network Time Protocol (NTP) servers of the National Informatics Centre (NIC) or National Physical Laboratory (NPL).

7. Endpoint Security

Lumiotech enforces endpoint protection measures such as antivirus software, device encryption, and automated patching. Employees and contractors are required to keep their devices updated and secured.

8. Threat Detection and Incident Response

We continuously monitor our systems for suspicious activity and potential breaches. If an incident occurs, our Incident Response Plan outlines the steps for containment, mitigation, and notification. Under the CERT-In Directions 2022, we are obligated to report specific cybersecurity incidents to CERT-In within six (6) hours of noticing or being brought to notice of such incidents. We have designated a Point of Contact (POC) for all communications with CERT-In to ensure swift reporting and collaboration.

9. Vulnerability Management

Regular vulnerability scans and penetration tests are conducted to identify and remediate security gaps. Patch management procedures ensure timely updates to software and systems.

10. Employee Training and Awareness

We provide regular security training to all employees and contractors, covering topics such as phishing awareness, password management, and secure coding practices. Training is updated to reflect emerging threats and changes in the security landscape.

11. Third-Party Security

When we engage third-party providers, we conduct due diligence to ensure they follow robust security standards. We also include security requirements in our contracts to protect our data and systems.

12. Business Continuity and Disaster Recovery

Lumiotech maintains Business Continuity and Disaster Recovery Plans to mitigate risks posed by disasters, outages, or other disruptions. These plans are tested periodically to ensure a swift and coordinated response to emergencies.

13. Compliance with Regulations

We adhere to relevant data protection and security regulations, including the Digital Personal Data Protection Act, 2023, IT Act, 2000, and CERT-In guidelines. Any questions regarding our compliance efforts can be directed to [email protected].

14. Continuous Improvement

Our Security Policy is reviewed and updated regularly to account for evolving threats, new technologies, and changes in regulatory requirements.

15. Contact Us

If you have any questions or concerns regarding this Security Policy, please contact:

Lumiotech Private Limited
New Delhi, India
[email protected]

By continuing to use our services, you acknowledge that you have read and understand this Security Policy and agree to its terms.