Official APIs only
We go through the official APIs of each platform (TikTok Business, Meta Graph, YouTube Data, X v2, LinkedIn, AT Protocol). No scraping, no bot, no grey automation. Your accounts are not at risk of a ban
AES-256 encryption at rest
Your OAuth tokens are encrypted with AES-256-GCM before storage. The encryption key sits in Google Secret Manager, accessible only by the publishing workers
TLS 1.3 in transit
All browser and server requests use strict TLS 1.3. HSTS enabled with preload. No unencrypted communication is possible
European infrastructure
Everything is hosted on Firebase europe-west1 region (Belgium). Your data never leaves Europe. Built-in GDPR compliance
Strong authentication
Native Google and Apple OAuth. Passwords hashed with bcrypt and high rounds. 2FA available and recommended for team workspaces
Auditable logs
Every post is traced with date, user and API result. In case of an account incident, we can help you understand what happened
Security questions
What happens if Luma Post gets hacked?+
Tokens are encrypted at rest with an external key, a database dump would give nothing usable. We would notify within 72h per GDPR
Do you resell my data?+
Never. No sale, no sharing with third parties for marketing. Our business model is subscription, we have no incentive to monetize your data
Are my posts private?+
Yes, your drafts and scheduled posts are only visible to you and your workspace members. Our team only accesses them on explicit support request
Can I delete all my data?+
Yes. Full account deletion from the dashboard, GDPR article 17 compliant. Everything is purged within 30 days, including backups
Do you have certifications?+
GDPR compliance, Firebase hosting certified SOC 2 and ISO 27001. Standalone Luma Post SOC 2 targeted for 2027
How do I report a security issue?+
Email [email protected]. We reply within 24h and take all legitimate reports seriously