Trust
Security & trust
Lume is built to be trusted with your traffic data, by storing as little of it as possible and being explicit about the rest.
Data minimization No full client IP is ever persisted. It’s truncated to a /24 (IPv4) or /48 (IPv6) before storage. Only request metadata plus country and ASN are kept.
Token storage Ingest and API tokens are stored hashed only. A leaked database row can’t be replayed as a working token.
Infrastructure Lume runs in a single US region (GCP us-east4). One region, minimal data, clear boundaries.
Verification cryptography Agent verification uses HTTP Message Signatures (Web Bot Auth / RFC 9421, Ed25519), forward-confirmed reverse DNS, and operator-published IP ranges.
Tenant isolation Every dashboard query is scoped server-side to your project. Data never crosses tenants.
Responsible disclosure
Found something? Email [email protected]. We’ll acknowledge, investigate, and keep you in the loop.
Analytics you can defend.
No full IPs, hashed tokens, one US region. Start on the free plan.
Start for free →