Security and Trust at Luciq

Transparency into how we protect your data

Luciq is built with a security-first approach, combining strong architecture, privacy-by-design principles, and independently validated controls to protect customer data and ensure platform resilience.

FAQs

Does Luciq require sensitive data like PIl or payment information?

No. Luciq does not require PIl or payment card data to function. Customers can control and minimize any data sent through SDK configuration.

How is customer data isolated?

Data is isolated through:

  • Per-customer encryption keys
  • Logical database segmentation
  • Application-level tenant enforcement
How does Luciq handle security threats?

Luciq keeps a robust security posture through:

  • Hardened cloud-native security controls
  • Continuous monitoring and alerting
  • Vulnerability scanning and remediation
  • Regular penetration testing
  • Incident Response
Do you complete security questionnaires and answer inquiries?

Most customers find our SOC 2 and ISO 27001 documentation sufficient as they cover the majority of required regulatory or posture leveraging security controls. We address any additional targeted questions when required.

How often are your security controls reviewed?

All policies and procedures are reviewed at least annually, with continuous monitoring and improvement.

Can we access detailed security documentation?

Yes. Under NDA, we provide:

  • SOC 2 Type Il report
  • ISO 27001 certificate
  • Penetration test report
  • Security whitepaper
  • Policies and procedures

Data Protection & Privacy

Luciq processes data in accordance with strict privacy and legal frameworks:

Data Processing Role

Luciq acts as a data processor, processing data only on behalf of customers (controllers).

Data Usage

  • Data is processed strictly for service delivery
  • Luciq does not sell, share, process or require personal data

International Transfers

  • Governed by Standard Contractual Clauses (SCCs)
  • Supports GDPR, UK GDPR, and Swiss regulations

Subprocessors

  • Carefully vetted and monitored
  • Contractually bound to data protection obligations
  • Subjected to annual review

Learn More