Security

Security controls for hiring data workflows

Lumen is designed for recruiting operations that process candidate and employer personal data. Controls include authenticated access boundaries, secure session handling, upload validation, and policy-linked governance. Final posture depends on production configuration, key management, and customer access practices.

Platform controls

Role-based access controls for client and job-seeker workspaces
HTTP-only auth cookies and authenticated API route guards
Upload validation and retention windows for resume artifacts
Rate limiting on high-risk public endpoints
Security headers: CSP, HSTS, frame protections, and no-sniff

Data handling standards

  • Collect only data needed for hiring workflows and operational support.
  • Use secure transport and authenticated access boundaries for sensitive operations.
  • Apply retention and cleanup policies for uploaded resume data.
  • Avoid placing unnecessary sensitive content into free-text fields.

Shared responsibility

Lumen secures application controls within its scope. Customers remain responsible for account hygiene, least-privilege access, submitted data quality, and lawful hiring decisions.

Privacy PolicyTerms of Service

Security inquiries

For security questions, data processing terms, or incident-related communication, contact data@lumenrecruit.com.

Include your organization name, environment (production/staging), and reproducible steps so our team can triage quickly.

General customer support: contact@lumenrecruit.com.

For suspected incidents, include affected route/account context, timestamps, and screenshots/log excerpts. Lumen targets first response within one business day.