AccessLumens

Security

How we protect your data and operate the Service responsibly.

Last updated · June 13, 2026

Security is foundational to a tool that loads and analyses websites. This page summarises the controls we have in place today and the practices we are continuing to mature.

Data in transit and at rest

  • All traffic between your browser, our API, and our providers is encrypted using TLS (HTTPS).
  • Scan data is stored in a managed database; our hosting providers encrypt data at rest at the storage layer.
  • We practise data minimisation — we store only what is needed to deliver and improve the Service (see our Privacy Policy).

Payment security

Payments are handled by Dodo Payments, our payment provider and Merchant of Record. Card details are entered on their PCI-compliant infrastructure and are never transmitted to or stored by AccessLumens. We retain only a payment reference and the unlock status of a report.

Scanning isolation

Scans run in a sandboxed, automated headless browser. We fetch only the publicly accessible pages you submit, we do not authenticate to target sites, and scanning processes are isolated from our application secrets and customer data stores.

Access controls

  • Access to production systems is limited to authorised personnel on a least-privilege basis.
  • Administrative interfaces are access-controlled and separated from the public Service.
  • Secrets and API keys are stored in managed secret storage, never in source code.

Reliability

We rely on reputable cloud infrastructure providers with their own redundancy and backup mechanisms. Long-running scans are time-bounded so that a single problematic site cannot degrade the Service for others.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, please email support@accesslumens.com with details and steps to reproduce. Please give us a reasonable opportunity to remediate before any public disclosure, and do not access, modify, or destroy data that is not yours while testing. We will acknowledge your report promptly and keep you informed of our progress.

Maturing practices

AccessLumens is an evolving product. We are progressively formalising our security program — including documented incident response, vendor review, and independent assessment. If your procurement process requires specific documentation or a security questionnaire, contact support@accesslumens.com and we will work with you.

Back to AccessLumens