Security
How customer data is handled in Lunar.
01 / Practices
Encryption
Data is encrypted in transit and at rest.
Tenant isolation
Each customer organization is a separate tenant. Records carry their organization, and access is checked on every read.
Role-based access
Access inside an organization is scoped by role. Some actions are limited to owners and admins.
Audit events
Search, open, download, and export are recorded.
Retention and legal hold
Retention follows customer policy, with legal hold support.
02 / Compliance
SOC 2 aligned controls. HIPAA aligned safeguards for medical records workflows.
03 / Disclosure
Report a vulnerability
Email security@trylunar.ai with what you found and how to reproduce it. Security questions go to the same address.