Skip to Content
AdministrationSecurity

Security

How Lumieos is built with security as a default, including API design, permission enforcement, and data isolation.

Secure by Default

By default, all API endpoints assume the highest level of security and are then explicitly altered to expand access where appropriate. All endpoints are reviewed during development, with frameworks in place to maintain this model consistently across the platform.

Permission Enforcement

The Lumieos permission structure allows fine-grained control over what each user can access, with extra care taken for personally identifiable information (PII).

  • Only Region or Partner staff who have been granted PII permissions can view PII fields on user profiles and rosters.
  • The one exception is Lumieos (InnovAlda) staff, who may access PII when handling support requests on behalf of a region.

Note: PII access is auditable and intentionally restricted. If you need PII permissions, contact your region administrator.

Multi-Tenant Data Isolation

Lumieos is a multi-tenant platform — multiple partner organizations share the same application infrastructure. Data isolation is enforced through a domain-based primary key model.

This means that every data query is scoped to the current tenant’s domain. It is not possible for one tenant to access another tenant’s data through the application, even if a user has accounts in multiple regions.

For more details on data handling, see Data Ownership & Lifecycle.

Last updated on
Development Process