Trust Center
Security you can verify.
Liulum is built to protect your revenue — and your data. Here's exactly how we do it.
Security
Liulum uses HTTPS in transit and AES-256-GCM for stored provider credentials.
- HTTPS for browser and API communication
- AES-256 encryption for stored credentials
- JWT-based session authentication (7-day expiry)
- HMAC-signed webhooks (Razorpay, custom)
- Signed telemetry snippets prevent spoofing
Credential Storage
Your hosting tokens (Vercel, Cloudflare) and automation credentials are encrypted at rest and never exposed in logs.
- AES-256-GCM encryption via memory/crypto.ts
- Tokens validated before storage
- Never logged or included in error reports
- Per-project credential isolation
Backups & Data Retention
Liulum provides retention, export, deletion, and recovery controls; provider backup status is verified separately.
- 30-day data recovery on account deletion
- Self-service data export (JSON)
- Automated retention sweep (daily cron)
Audit Logs
Every action in Liulum is logged with an immutable audit trail.
- Append-only JSONB audit trail on every repair step
- Incident timeline (diagnosis, repair, verification, resolution)
- Admin action logging
- Client-visible activity history
Incident Response
When Liulum detects an issue, safe responses can be automated and every attempted action is auditable.
- Automated detection across operational and business signals
- Safe Repair Mode (snapshot → repair → verify → restore)
- Automatic rollback on repair failure
- Business verification after every repair
Responsible Disclosure
Found a vulnerability? We want to hear from you.
- Email security@liulum.com with details
- Reports are triaged by severity
- Coordinated disclosure is tracked to resolution
Compliance roadmap
| Standard | Status | Details |
|---|---|---|
| GDPR | Controls available | Export, deletion, retention, and DPA controls; obtain legal advice for your use case |
| SOC 2 | Roadmap | No current attestation |
| PCI DSS | N/A | We never store payment data — Razorpay handles all payments |
| ISO 27001 | Roadmap | No current certification |