Least privilege
Services, team members and third-party integrations only have the access they actually need.
Security & Compliance
Security is not a feature — it's an expectation.
Protecting user data, meeting our legal obligations and communicating transparently are core responsibilities at Lumina.
Core principles
End-to-end encryption
All traffic runs over HTTPS; sensitive data at rest is protected with AES-256.
Audit trail
Critical actions in our products are recorded; production access is gated behind 2FA.
KVKK and GDPR compliance
As data controller we comply with Türkiye's KVKK and, where applicable, the principles of the European GDPR.
Sub-processor list
We rely on the following third-party providers to operate our products and website. Each operates under a contractual data-protection commitment.
| Provider | Purpose | Data Location |
|---|---|---|
| Vercel | Web hosting, edge runtime and CDN | Global (EU and US) |
| Supabase | Contact form records, product database | EU (Frankfurt) |
| Resend | Transactional email delivery | United States |
| Cloudflare (Turnstile) | Form anti-spam verification (CAPTCHA) | Global |
| Upstash | Rate limiting (Redis) | EU (Frankfurt) |
| Sentry | Production error monitoring | EU (Frankfurt) |
Vulnerability disclosure
If you have identified a vulnerability in a Lumina product, on our website or in our infrastructure, please report it to security@luminateknoloji.net. We aim to respond within 5 business days. We follow responsible disclosure: bug reporters are asked to allow up to 90 days for remediation before public disclosure.