Security

1. Security Approach

FileLumo applies practical security controls to protect data, maintain service reliability, and reduce risk across our platform.

We prioritize TLS everywhere users touch us, short retention for server-side copies, and logging that helps us spot abuse without building invasive profiles. Defense in depth matters: no single checkbox replaces careful engineering and ongoing patching.

2. Data Transmission and Storage

Data is transmitted over encrypted HTTPS connections. Uploaded files are handled only for processing purposes and are removed after a limited retention period.

Some tools run mostly in your browser; others must call an API. The tool page tells you which path applies. Either way, treat every upload as sensitive until you have read that note and are comfortable with the workflow.

3. Access Controls

Access to production systems is restricted to authorized personnel and follows least-privilege principles.

Credentials rotate, MFA is used where available, and administrative actions should leave enough trail for us to investigate if something looks wrong. Contractors with access are bound by confidentiality terms.

4. Monitoring and Abuse Prevention

We monitor platform activity to detect service misuse, suspicious traffic, and operational issues that could affect availability or user safety.

Automated rate limiting and abuse protections reduce the chance of someone using FileLumo as a free CDN for malware distribution or bulk scraping.

5. Responsible Disclosure

If you discover a security issue, please report it at [email protected]. We review and address verified reports as quickly as possible.

Please give us reasonable time to fix issues before public disclosure, and avoid accessing or exfiltrating data that is not yours. We credit researchers when they want credit and when disclosure does not put users at risk.