Lumber Security Practice

Lumber takes security practice very seriously and has the highest standard of security policies built in our platform and processes. Our team has decades of experience building products for verticals like finance, health and constructions. Some of these verticals have very high standards for security policies.  Describing some of the practices we use below-

Data Security

We have multiple levels of data security. We ensure no unauthorized person can access the data, also data is encrypted so nobody can decrypt and use it.

  • Data is always stored in encrypted form by us.
  • Data is transferred in the browser in secured form.
  • All data sources are stored in private spaces.

Platform Security

We ensure that all our platforms are SOC complaints and also we have a platform secured against DDOS attacks.

  • WAF is implemented at access points to ensure no DDOS attack possible,
  • All platform providers handling PII, Payroll data are SOC compliant.
  • Authorization is implemented for all operations.

Security Testing and Policies

We do multiple levels of security testing to ensure security issues are caught earlier.

  • We do static code, open source, dynamic testing for each release.
  • We have integrated all security testing in daily build operations to run it continuously.

Lumber Information Security


Data Security

  • Encrypted data (Transit and rest)


Cloud Security

  • SOC/ISO/PCI compliant
  • Private dataspace
  • WAF implementation
  • TLS authentication


Architecture Security

  • Thread modeling
  • RBAC implementation
  • Security inbuilt with CI/CD 
(Daily security automated testing)


Team Background

  • Extensive experience in highly regulated industries such as healthcare, banking and construction
  • Team expertise with modern secure frameworks