Security posture
Lunas uses authenticated API routes, server-side plan and ownership checks, signed file access, content validation, audit logs, and rate limits for sensitive actions.
The product is designed to minimize structured PII in health records where possible. Account data, clinical free text, timeline notes, and uploaded files are treated as sensitive data.