Evaluating AI vendors for compliance?
Book a 15-minute call and map LuMay controls directly to your SOC 2, HIPAA, GDPR, or internal policy requirements.
Platform · Security & Governance
Audit-Ready. Your Data Stays Yours.
SSO, RBAC, row-level tenant isolation, full audit trail with correlation IDs, PII controls, and human-in-the-loop gates. Built so your security and compliance teams can sign off the first time.
Overview
Security in LuMay is structural, not cosmetic. Tenant isolation is enforced at the PostgreSQL layer using Row-Level Security, not an application filter that can be bypassed by a bug.
Authentication flows through Keycloak (or your own identity provider). Authorization uses a three-role RBAC model applied at every API route. Audit trails include correlation IDs linked to OpenTelemetry traces end-to-end.
Trust boundaries around every action
Network boundary
Application boundary
Data boundary
Clientrequest
→JWTvalidate
→RBACroles
→Policyguardrail
→RLStenant enforced
IdentitySSO, OIDC, JWT - verified at every boundary.
IsolationTenant rules enforced at the database layer.
EvidenceAudit trail, logs, traces, and outcomes.
Security Controls
| Control | Implementation |
|---|---|
| Authentication | Keycloak SSO with SAML/OIDC and JWT bearer tokens on every API call. |
| Authorization (RBAC) | Three roles: authenticated, customer_admin, internal_admin. Applied as route-level decorators. |
| Tenant isolation (RLS) | PostgreSQL RLS with app.current_customer_id set per query. Isolation is enforced by the database engine. |
| Audit trail | X-Correlation-ID on every request with end-to-end OpenTelemetry tracing. |
| PII controls | Tenant-configurable PII detection and masking before reasoning pipeline entry. |
| HITL gates | Human approvals for sensitive actions at orchestration layer. |
| Secrets management | Azure Key Vault with workload identity, no credentials in env/config files. |
Book a 15-min call
The Dual-User Database Model
App user
Every application query runs under this user with RLS enforced. Queries can only access rows for the authenticated tenant via app.current_customer_id.
Admin user
Reserved for Alembic migrations only. Bypasses RLS for schema changes but is never used in normal application request paths.
This design keeps the isolation boundary at the database layer, so cross-tenant access cannot occur through normal application query paths.
Compliance Alignment
- SOC 2 Type II: Audit logging, RBAC, TLS encryption, and tenant isolation support trust service criteria.
- GDPR / UK GDPR: PII masking, configurable residency, and audit support for data rights workflows.
- HIPAA: Private cloud or on-premises deployment with BAA and enterprise controls.
Industry Compliance
Healthcare
PHI stays inside controlled boundaries, BAA support, RBAC, audit trails, and encryption in transit and at rest.
Finance and Insurance
Regulator-ready audit evidence, configurable data residency, and strict tenant-level data isolation.
Legal and Professional Services
Confidential matter isolation, PII masking, and HITL review gates for sensitive output workflows.
Manufacturing and Supply Chain
Supports private deployment postures for OT/IT separation and secure workflow automation.
Security FAQ
Your data never co-mingles with another tenant's data. LuMay enforces tenant isolation at the PostgreSQL layer using Row-Level Security. For maximum control, LuMay supports private cloud and on-premises deployment where your data never leaves your infrastructure.
Ready to move your AI from pilot to production?
Book a 15-minute discovery call. We will assess compliance requirements, map controls to obligations, and confirm the deployment model that fits your environment.