Skip to content

Your data, your keys

LumaVista encrypts all your research data with keys generated on your device. We designed our architecture so that your data is unreadable — even to us — when you're not actively using the platform.

Security architecture overview: devices emit encryption keys through layered security shields to a protected data vault

Device-controlled encryption

When you create your account, a unique encryption key is generated on your device. This key never leaves your device in plaintext. It protects a master key that encrypts all your data — research graphs, memories, documents, and settings — using AES-256-GCM, the same standard used by governments and financial institutions.

Each enrolled device receives its own wrapped copy of your master key. No single server, employee, or backup system can access your data without your device present and authenticated.

During an active session, decryption keys are held in server memory so our AI agents can process your research. When you disconnect or your session expires, all key material is immediately wiped from memory.

AI safety pipeline

Your research queries pass through multiple protective layers before and after AI processing:

Sensitivity classification

Every query is automatically classified by sensitivity level. Credentials, personal identifiers, and proprietary patterns are detected before your data reaches any AI model.

See the classification framework →

Model trust matching

Each AI model is assigned a trust tier. Your data is routed only to models that meet the required clearance for its sensitivity level. Highly sensitive data never leaves your infrastructure.

How we pick models →

Outbound redaction

AI-generated reports are scanned for inadvertently leaked credentials, PII, or sensitive patterns. Detected content is automatically redacted before the report reaches you.

No model training

AI providers are contractually prohibited from using your queries or data to train their models. Your research remains yours.

Per-user data isolation

Your data lives in its own encrypted databases — completely separate from every other user. There is no shared data store where user content could accidentally mix. Each user gets isolated, encrypted storage for settings, memory, and each research project.

This architecture means GDPR deletion is absolute. When you delete your account, your entire data directory is removed. Because it's encrypted with your keys, there's no residual plaintext anywhere in our systems.

Recovery without backdoors

We don't hold a master key to your data. Recovery is designed around trust anchors you control:

  • Multiple devices: enroll more than one device as trust anchors. If you lose one, the other can restore access.
  • Printed recovery code: a QR code you print and store securely, protected by a password you choose.
  • Enterprise escrow: organizations can configure HSM-backed recovery keys managed by their security team.

If all recovery methods are lost, your data is irrecoverable. This is by design — it means no one, including us, can access your encrypted data without your authorization.

Infrastructure

  • All servers located in the European Union — sovereignty, not just residency
  • TLS encryption for all data in transit
  • No third-party advertising trackers
  • Security-relevant events logged with tamper-evident audit trail
  • Standard Contractual Clauses for any data processed outside the EU

Want the full technical details?

Read our Security Whitepaper →