Security

Last Updated: January 2025

Security

At LuminEvent, we take the protection of your data seriously. Our Security Policy outlines the technical and organizational measures we implement to ensure the confidentiality, integrity, and availability of your personal and transactional data.

1. Data Encryption

  • All data transmissions between your browser and our servers are protected using 256-bit SSL/TLS encryption.
  • Sensitive data (such as passwords, payment information) is encrypted at rest and in transit.
  • Passwords are stored using industry-standard hashing algorithms (e.g., bcrypt) and never in plain text.

2. Secure Payment Processing

  • We do not store full credit card numbers or CVVs on our servers.
  • All payments are securely processed through PCI-DSS-compliant third-party payment gateways (Paystack).
  • LuminEvent ensures that all payment interactions follow NIBSS/Nigerian payment security guidelines.

3. User Account Protection

  • Users are required to use strong passwords and are encouraged to update passwords regularly.
  • Failed login attempts are monitored, and multi-factor authentication (MFA) is being considered for additional account protection.
  • Users should not share login credentials. LuminEvent is not liable for actions taken from compromised accounts where user negligence is involved.

4. Vulnerability Management & Updates

  • We conduct regular vulnerability scans and security assessments.
  • Patches and updates are applied to our systems and frameworks promptly upon discovery of critical security issues.
  • We maintain bug bounty or responsible disclosure channels for ethical hackers to report potential vulnerabilities.

5. Third-Party Integrations

  • Any third-party services or plug-ins used on LuminEvent are vetted for security compliance, and we ensure Data Processing Agreements (DPAs) are in place where necessary.
  • Third-party services do not have access to user data unless essential to platform functionality (e.g., email delivery, payment processing).

6. Incident Response

  • In the event of a security breach, users will be notified within 72 hours as required by data protection laws.
  • Our team will promptly investigate the breach, isolate affected systems, and mitigate any damage or unauthorized access.

7. Your Role in Security

  • Log out after each session.
  • Avoid accessing their LuminEvent accounts from public or shared devices.
  • Report suspicious activity immediately to contact@luminevent.com.