Security centre · Reviewed July 17, 2026

Your work deserves careful protection.

Security starts with clear boundaries. Lumen keeps ordinary document editing local, protects the cloud features you choose to use, and explains the important limits without hiding them behind vague claims.

Local first

Your files stay on your device by default

Opening, editing, and saving local files does not silently upload their contents to Lumen.

Encrypted

Protected in transit and at rest

Cloud requests use TLS. Shared content and connector secrets receive additional protection at rest.

Controlled

Access can be changed or revoked

Owners choose roles, can revoke links and members, and can rotate a shared document key after access changes.

Transparent

Cloud processing happens when you ask

AI, sharing, publishing, connectors, and submitted diagnostics are clearly identified cloud features.

Important: shared and published documents are encrypted at rest with server-managed keys; they are not end-to-end encrypted. Lumen’s authorized server processes can decrypt the revision required to provide collaboration and web viewing. If your policy requires customer-held keys or end-to-end encryption, contact us before using those features.
Protection model

Security across the complete document journey.

Different features have different boundaries. These controls describe the current product design without implying a certification or guarantee.

Local files and device sessions

Local documents remain under your operating system account and device protections.

  • Desktop editing is local-first and does not background-upload document contents.
  • Signed-in session tokens use the operating system’s protected storage when available.
  • Sensitive Notes data and recordings can use OS-keychain-backed encryption at rest.
  • Autosave and recovery reduce the risk of work loss after an unexpected shutdown.

Accounts and authentication

Account controls are designed to resist common credential and session attacks.

  • Passwords are salted and hashed with scrypt; plain-text passwords are not stored.
  • Email verification and short-lived reset codes protect account recovery.
  • Access and refresh tokens are signed, expire, and support session or account-wide revocation.
  • Rate limits and account protections help deter brute-force and email-abuse attempts.

Sharing and publishing

Owners decide who can reach a cloud copy and what they may do with it.

  • Shared revisions are encrypted at the application layer and by the hosting platform at rest.
  • Viewer, commenter, and editor roles constrain collaboration access.
  • Public or restricted links can be revoked; optional passcodes are stored as hashes.
  • Server-side authorization is checked before an encrypted revision is opened for a viewer.

Connectors and external services

Connected accounts are optional and scoped to the action you authorize.

  • OAuth tokens are encrypted at rest with authenticated AES-256-GCM envelopes.
  • Connector credentials stay behind the server proxy rather than inside shared documents.
  • Disconnecting a provider removes Lumen’s stored authorization for that connection.
  • Third-party services remain governed by their own security and privacy terms.

PDF privacy tools

Security-sensitive PDF actions are designed to change the underlying file, not only its appearance.

  • Secure redaction removes matched content and can sanitize hidden carriers and metadata.
  • Password protection and certificate signatures are available for supported workflows.
  • Sanitization can remove metadata, embedded files, scripts, hidden layers, form values, and other hidden content.
  • Users should still verify a finished redacted file before distribution.

AI processing

Only content needed for the AI action is sent through the managed backend to the selected provider.

  • Lumen uses commercial/API offerings whose inputs and outputs are not used for model training by default.
  • Providers may retain limited request data for abuse monitoring or required application state.
  • AI output can be inaccurate; review results before relying on them.
  • Do not submit content you are not authorized to share with a processor.

Need the data-flow details? The Privacy Policy explains collection, subprocessors, retention, international transfers, and your rights.

Read the Privacy Policy →
Responsible disclosure

Found a security issue? Please tell us privately.

Email security@lumenqube.com with the affected product or URL, reproduction steps, impact, and any supporting evidence. Do not access other people’s data, disrupt service, use social engineering, or publicly disclose an unresolved issue. We will acknowledge the report and coordinate a responsible resolution in good faith.

Questions

Security, in plain language.

Are shared documents end-to-end encrypted?

No. Shared and published documents are encrypted in transit and at rest, including application-layer encryption for stored revisions, but Lumen manages the keys so authorized server processes can render and synchronize the content. This is not end-to-end encryption.

When does a document leave my device?

Only when you choose a feature that needs cloud processing, such as AI, sharing, web publishing, a connected service, or a support report with attachments. Ordinary local editing does not silently upload document contents.

Do you claim a security certification?

No certification is claimed on this page. The controls above describe the current product implementation. Contact security@lumenqube.com for a specific enterprise or regulatory requirement before relying on the Service for regulated data.

Can I revoke access to shared work?

Yes. Owners can change member roles, remove collaborators, revoke browser links, and rotate the document key after access changes. Copies that someone already downloaded remain outside Lumen’s control.

Where can I make a privacy request?

Email privacy@lumenqube.com from your account address. The Privacy Policy explains access, correction, deletion, portability, objection, and restriction rights that may apply.