Security


How customer data is handled in Lunar.

01 / Practices

  • 01

    Encryption

    Data is encrypted in transit and at rest.

  • 02

    Tenant isolation

    Each customer organization is a separate tenant. Records carry their organization, and access is checked on every read.

  • 03

    Role-based access

    Access inside an organization is scoped by role. Some actions are limited to owners and admins.

  • 04

    Audit events

    Search, open, download, and export are recorded.

  • 05

    Retention and legal hold

    Retention follows customer policy, with legal hold support.

02 / Compliance

SOC 2 aligned controls. HIPAA aligned safeguards for medical records workflows.

03 / Disclosure

Report a vulnerability

Email security@trylunar.ai with what you found and how to reproduce it. Security questions go to the same address.