Trust

Security

Lux Cloud is built on the open-source Lux engine. This page documents the current security posture and the areas we expect production users to evaluate before launch.

Report a vulnerability

Email hello@pompeiilabs.com with reproduction steps, impact, and affected versions. Please do not open public GitHub issues for vulnerabilities.

Access model

Direct database access uses the database password and is intended for trusted infrastructure. Browser and server apps should use the project API with publishable or secret Cloud gateway keys. Auth-enabled projects issue user JWTs for app sessions.

Data durability

Lux core includes write-ahead logging, snapshots, restart recovery tests, and container smoke coverage. Public RPO/RTO guarantees should only be claimed after the production readiness gates pass.

Compliance

Lux Cloud has Terms, Privacy, and DPA pages. SOC 2 and formal compliance reports are not yet available.