As an AI agent for LINE marketing, Lumo is designed and operated with the safe handling of your important data as its top priority. It covers infrastructure, data protection, and AI safety — as well as the security features you can use yourself.
How Lumo Approaches Security
Lumo is built around data protection across the entire service, so businesses can confidently entrust their LINE marketing to it.
- Your data is isolated per contract, so it cannot be viewed from other workspaces
- Data in transit and at rest is encrypted to protect it from being read by third parties
- Any critical operation performed by the AI agent always requires your approval first
Infrastructure
Lumo runs on a highly reliable cloud foundation backed by multiple layers of defense.
| Item | Details |
|---|---|
| Cloud foundation | Operated on a major public cloud |
| Edge defense | Multi-layered defense with CDN, WAF, and DDoS protection |
| Encryption in transit | All communication is encrypted with SSL/TLS |
| Encryption at rest | Stored data is encrypted and protected |
| Backups | Data is backed up automatically |
Data Protection
Your data is isolated and managed on a per-workspace basis.
- Data is independent for each workspace and cannot be accessed from other workspaces
- Your data is never used to train external AI models
- Information handled by the AI agent is never shared beyond the boundaries of your workspace
A workspace is identified by its Lumo ID, and Members, LINE Official Accounts, broadcast data, and more are all managed within this unit.
AI Safety
The AI agent operates on the premise of safeguards that prevent runaway behavior and mistaken operations. The key point is this: critical operations are always executed only after you approve them.
In Lumo, you handle two things — setting goals and approving — while the agent takes care of planning, preparation, broadcasting, and analysis. For high-impact operations such as executing a broadcast or activating a Workflow, the agent never proceeds on its own and always asks for your approval.
How Approval Works
Before the agent performs a critical operation, an approval confirmation is shown.
| Item | Details |
|---|---|
| Operations that require approval | High-impact operations such as scheduling or executing a broadcast and activating a Workflow |
| Approval choices | Review the details and choose "Approve" or "Cancel" |
| Approval history | You can review your past approval and rejection history afterward |
For more details on how approval works and how to configure your trust settings for the agent, please see the article about approvals.
Security Features for You
Lumo provides features to protect your account and workspace.
| Feature | Description |
|---|---|
| Two-factor authentication | Adds an extra verification code at login to protect your account |
| Member permission management | Set each Member as an "Administrator" or "General Member" to control which features they can use |
| API key management | Issue and regenerate API keys for external systems to access Lumo's API |
Two-Factor Authentication
When you enable two-factor authentication, a verification code from your authenticator app is required at login in addition to your password.
- Set it up from "Two-Factor Authentication" in your personal settings
- Scan the QR Code with your authenticator app, enter the displayed 6-digit verification code, and click "Enable"
- For detailed setup instructions, please see the article about two-factor authentication
Member Permission Management
You can assign each Member the role of either "Administrator" or "General Member."
| Role | What they can do |
|---|---|
| Administrator | Can use all features and also access the admin console menu |
| General Member | Can have usage permissions set individually per feature, such as broadcasts, Chat, and tags |
For more details on permission settings, please see the article about managing Members.
API Key Management
When integrating Lumo with external systems, you issue and use an API key.
- An API key is shown only once when it is issued, so store it in a secure place
- If an API key is leaked or no longer needed, you can regenerate it to invalidate the previous key
More Detailed Security Information
For more in-depth information such as compliance frameworks, our incident response structure, and availability design, we provide a security white paper.
If you would like a copy, please contact support.