Security

Last updated: 16 June 2026.

Tenant Isolation

Each business workspace is fully isolated. Users cannot access data from other tenants.

Role-Based Access Control

Role-based access control with distinct permissions for Owner, Admin, Accountant, HR Admin, Employee, and other roles.

Two-Factor Authentication

Authenticator-app two-factor authentication is required for platform administrators, Free-tier owners, employees, accountants, and HR admins before accessing the platform.

Upload Validation

All uploaded files are validated for allowed types (PDF, JPG, PNG), magic-byte verification, file size limits, and extension/content-type matching. SVG and executable files are rejected.

Storage Limits

Workspace storage is enforced server-side. Uploads exceeding quota or per-file limits are rejected.

Audit Logging

Security-relevant actions are logged for monitoring and investigation.

Secrets

Sensitive credentials are stored server-side only. TOTP secrets, recovery codes, and API keys are never exposed to the frontend.

No SMS Login

SMS is not used for login authentication. SMS OTP is used only for Pro/Business signup validation.

Responsible Disclosure

If you discover a security vulnerability, please contact info@luqverse.com. We will respond promptly.

TODO: Full security documentation and penetration test results will be published before paid production launch.