Trust & Compliance

Built on a foundation of trust.

Security, compliance, and data protection supported by trusted payment infrastructure partners — so your business and your customers stay protected.

Download security overview
Contact us
Data protection

How we handle your data

Three policies that govern how Lumino handles merchant data, platform data, and payment-related information through our partner infrastructure.

01

Data residency

Merchant and transaction data may be processed through Lumino systems and approved third-party infrastructure partners. Payment card data is handled through processor and gateway environments.

  • US — default
  • Partner infrastructure — as applicable
  • Data flow documentation available
02

Retention policy

Transaction and account records are retained according to operational, legal, payment, and tax requirements. Personal data may be deleted or anonymized upon request where legally permitted.

  • 7 years — transaction records
  • 90 days — personal data post-closure
  • Deletion on request available
03

Subprocessor disclosure

Lumino uses trusted processors, gateways, and technology partners to support payment acceptance, tokenization, platform operations, and compliance workflows. Enterprise clients may request subprocessor details.

  • Partner list — available on request
  • Enterprise review — available
  • DPA available where applicable
Security overview

How we protect every transaction

Three layers of security infrastructure — built in from day one, not added after the fact.

Encryption

All cardholder data is encrypted in transit and at rest using TLS 1.3 and AES-256. No plaintext card data ever touches Lumino's systems — tokenization happens at the point of capture.

Access controls

Role-based access, multi-factor authentication, and least-privilege principles across all internal systems. Every access event is logged and auditable on demand.

Monitoring

24/7 threat detection, anomaly monitoring, and automated alerting across all environments. Our security team is notified in real time for any suspicious activity — before it becomes a problem.

Unique Features

What PCI Level 1 means for your business

Partner-Supported PCI

We help reduce your PCI burden by routing sensitive payment data through compliant payment infrastructure.

Processing payments through Lumino-supported processor and gateway partners can help reduce your PCI scope. Cardholder data is tokenized at capture and handled within partner-controlled secure environments — not stored directly by Lumino.

  • Cardholder data is handled by processor, gateway, and tokenization partners that maintain payment security controls
  • Tokenization at point of capture can reduce merchant PCI exposure for cardholder data
  • Onboarding tracker for new merchants
  • Document center and marketing resources
Request compliance document
Certifications

Compliance certifications & standards

Independently audited and certified against the standards that matter most to enterprise and regulated industries.

PCI DSS Level 1

Cardholder data is handled through payment and gateway partners that maintain PCI DSS compliance for payment processing environments.

Partner-supported
SOC 2 Type II

Select infrastructure and technology partners maintain third-party security audits covering availability, confidentiality, and control practices.

Partner-audited
GDPR

Data protection obligations are supported through documented policies, partner controls, and applicable data processing terms where required.

Supported
Legal documents

All legal documents in one place

Every policy, agreement, and disclosure — organized for review and kept up to date.

Privacy policy

How we collect, use, and protect personal data across Lumino products and services.

Learn more →

Terms of service

The terms governing use of the Lumino platform, APIs, and merchant services.

Learn more →

Merchant agreement

Your processing agreement — fees, terms, obligations, and payment-related responsibilities.

Data processing agreement

DPA for enterprise data protection requirements and applicable privacy — available on request.

Cookie policy

What cookies we use, why, and how to manage your preferences.

Acceptable use policy

Prohibited business types, restricted industries, and usage guidelines.

Card network rules

Summary of applicable Visa, Mastercard, Amex, processor, and gateway operating.

Responsible disclosure

How to report a security vulnerability or compliance concern to our team.

Lumino is not itself a payment processor or card network. Payment processing, cardholder data handling, tokenization, PCI scope, and certain compliance controls are provided through Lumino’s processor, gateway, and infrastructure partners. Merchant obligations may vary based on processor, payment method, business model, and integration type.

Security & Compliance

Questions about security or compliance?

Our team is available for enterprise questionnaires, processor documentation requests, and compliance reviews. Reach out and we’ll get back to you within one business day.

Contact us
View security docs

Payments, rewards, and commerce infrastructure for modern businesses.

Log In
Sign up
Platform
Online Payments
Payment Links
Invoicing
Subscriptions
Dual Pricing
Integrations
Solutions
Reduce Processing Fees
Accept Payments Online
Recurring Payments
Payment Plans
Industries
Coaches & Creators
Restaurants
Retail
SaaS Platforms
Enterprise
Platforms & Marketplaces
Multi-Location
Risk & Compliance
Contact Sales
Partners
ISO & Agent Program
Software Partners
Agency Partners
Referral Program
Company
About
Leadership
Careers
Contact
Pricing
Trust
Security
Compliance
Privacy
Status

Lumino is a division and registered trademark 
of Lumino Technologies, Inc.

Copyright © 2026 Lumino.