Legal

Security

Lumexa turns your ideas into working software, so the trust you place in us matters. This page explains, in plain language, how we protect your data and your code. Lumexa is currently in invite-only alpha and our security program continues to mature alongside the product.

Last updated: June 26, 2026

1. You own your code

Everything Lumexa generates for you — your PRD, your application code, and your data — belongs to you. We do not claim ownership of your projects or Output, and you are free to export, host, and modify them anywhere. See our Terms of Service for the full ownership terms.

2. Encryption

Data is encrypted in transit using TLS, and encrypted at rest in our managed databases and storage. Passwords are never stored in plain text — they are stored only as salted hashes.

3. Infrastructure

Lumexa runs on Amazon Web Services, using managed databases, isolated build and compute environments, and network controls. We rely on AWS’s physical and infrastructure security and build least-privilege, isolated environments on top of it.

4. Access controls

Access to production systems is restricted on a least-privilege basis, protected by strong authentication, and logged. We monitor our systems for availability and unusual activity and maintain diagnostic logging to investigate issues.

5. AI & your data

To generate Output, Lumexa sends relevant portions of your Inputs to AI model providers. We do not sell your Inputs or Output, and we do not use your private project content to train publicly shared foundation models. We contractually require our AI sub-processors to process your content only to provide their service to us — see our Privacy Policy for details.

6. Privacy & GDPR

We collect only what we need to operate the Service, and we support data-subject rights including access, correction, deletion, and portability. If you are in the EEA or UK, we process personal data under recognized legal bases and use appropriate safeguards for international transfers. Full detail lives in our Privacy Policy.

7. Export & portability

Your project is never locked in. You can export your generated code and take it elsewhere at any time — no proprietary runtime is required to run what Lumexa builds for you.

8. Reporting a vulnerability

We welcome responsible disclosure. If you believe you have found a security issue, please email security@lumexa.ai with details and steps to reproduce. Please give us a reasonable opportunity to investigate and remediate before any public disclosure. We appreciate the security community’s help in keeping Lumexa and our users safe.

Questions about this document? Email us at legal@lumexa.ai. This page is provided for general information and does not constitute legal advice.