Security & trust
Last updated: May 1, 2026
Lunar is built for businesses sending personal communications to their customers. We treat every contact record, campaign, and API key as sensitive by default. This page summarises the controls in place.
Data in transit and at rest
- All traffic to Lunar is served over TLS 1.2+. HTTP requests are redirected to HTTPS at the edge.
- The database is encrypted at rest using AES-256 managed by our infrastructure provider.
- Backups are encrypted and retained on a rolling 7-day window with point-in-time recovery.
Tenant isolation
Every tenant-owned table enforces row-level security. Each query made by your session is scoped to your user_id at the database layer — not just in application code — so an application bug cannot cause cross-tenant reads.
Authentication
- Email + password and Google sign-in, with email verification before first sign-in.
- Sessions are short-lived JWTs with refresh tokens stored in httpOnly storage.
- Admin actions (tenant suspension, ticket triage) require an explicit admin role granted server-side.
API keys & webhooks
- API keys are hashed with SHA-256 before storage. The plaintext is shown to you exactly once.
- Public endpoints are IP-rate-limited and webhook callbacks from email providers are HMAC-verified.
- You can revoke any key from your dashboard at any time. Every ingestion call is logged with status code and source IP.
Audit logging
Sensitive system actions — administrative state changes, support ticket triage, billing changes — are written to an append-only audit log retained for at least 12 months and reviewable by admins.
Privacy & compliance
- GDPR-aligned: account holders can export all of their data as JSON or request full erasure from settings.
- CAN-SPAM compliant: every dispatched email contains a one-click unsubscribe link backed by a server-side suppression list.
- See our privacy policy, data processing addendum, and terms of service.
Subprocessors
- Cloud hosting & database — managed Postgres provider.
- Email delivery — Resend.
- Payments — Paddle (merchant of record).
Responsible disclosure
Found something? Please email security@lunar.app with steps to reproduce. We acknowledge reports within two business days, do not pursue legal action against good-faith researchers, and credit reporters in our release notes when desired.
Live status
For the current state of the API, database, and dispatch worker see the live status page.