Security

Security controls for hiring data workflows

Lumen is designed for recruiting operations that process candidate and employer personal data. Controls include authenticated access boundaries, secure session handling, upload validation, and policy-linked governance.

Platform controls

Role-based access controls for client and job-seeker workspaces
HTTP-only auth cookies and authenticated API route guards
Upload validation and retention windows for resume artifacts
Rate limiting on high-risk public endpoints
Security headers: CSP, HSTS, frame protections, and no-sniff

Data handling standards

  • Collect only data needed for hiring workflows and operational support.
  • Use secure transport and authenticated access boundaries for sensitive operations.
  • Apply retention and cleanup policies for uploaded resume data.
  • Avoid placing unnecessary sensitive content into free-text fields.

Shared responsibility

Lumen secures application controls within its scope. Customers remain responsible for account hygiene, least-privilege access, submitted data quality, and lawful hiring decisions.

Privacy PolicyTerms of Service

SMS and A2P compliance controls

Lumen maintains communication controls aligned with carrier and A2P registration expectations for consent, disclosure, and channel-level preference management.

  • Explicit consent capture on contact/support forms with policy links and timestamped submission records.
  • Required messaging disclosures: message frequency context and “message/data rates may apply” language.
  • Channel-level opt-out support (email, phone, service SMS, marketing SMS) through the preference center.
  • STOP/HELP handling language in legal notices and consent flows.
  • Suppression records retained to enforce communication preferences and prevent accidental re-contact.
  • Dedicated public Privacy Policy and Terms links for messaging-program review during sender registration.

Compliance requirements vary by jurisdiction and use case. Lumen provides technical controls, while customers remain responsible for lawful messaging programs and regulatory review.

Privacy PolicyTerms of ServiceCommunication Preferences

Security inquiries

For security questions, data processing terms, or incident-related communication, contact data@lumenrecruit.com.

Include your organization name, environment (production/staging), and reproducible steps so our team can triage quickly.

General customer support: contact@lumenrecruit.com.

For suspected incidents, include affected route/account context, timestamps, and screenshots/log excerpts. Lumen targets first response within one business day.

Have security questions? Let’s talk.

AI assists. Humans decide.

Book a Demo