Privacy Policy
1. INTRODUCTION
TSCM Intelligence Agency Ltd. ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard information when you use LUMA Mobile Threat Analysis Software ("the Software").
The guiding principle of LUMA's design is that forensic analysis is performed entirely on the analysis workstation. LUMA does not send forensic artifacts, scan findings, scan content, or report contents to us or to any third-party service for analysis, in any mode of operation.
2. OPERATING MODES AND DATA FLOW
All forensic analysis performed by LUMA is executed locally on the analysis workstation using a deterministic Forensic Computation Engine (FCE). LUMA does not use any cloud-based or third-party artificial-intelligence analysis service, and it does not transmit forensic artifacts, findings, or report contents off the device for analysis under any circumstances.
The only information that ever leaves the analysis workstation is the limited operational information described in Section 3, and only in Standard Mode. LUMA operates in two modes:
2.1 Standard Mode
Forensic analysis is performed entirely on the local machine. All scan findings and forensic artifacts remain on the user's system. In Standard Mode, and only when the workstation is online and operating under a networked (non-offline) license, the Software may exchange the following limited operational information with our own servers:
(a) License activation and validation data (Section 3.1); and
(b) Anonymous operational scan telemetry (Section 3.3), which consists of metadata only - never forensic findings, files, or scan content.
Separately, where the operating Examiner chooses to use the optional Remote Upload feature (Section 3.4), a device backup file is transmitted to our secure transfer storage solely to make that file available to the Examiner's workstation for local analysis, and is automatically deleted (Section 3.4). Remote Upload is operator-initiated and never automatic.
2.2 Air-Gap Mode (No Network) - Zero Outbound Data
When Air-Gap Mode is enabled, LUMA makes no outbound network calls of any kind. This is enforced in the Software: in Air-Gap Mode there is no telemetry, no license validation call, no database update check, and no other network activity whatsoever. In Air-Gap Mode we receive no information from the Software of any kind. Air-Gap Mode is intended for classified, diplomatic, and high-sensitivity engagements in which no information may leave the analysis workstation. The license continues to operate locally against its cached state.
3. INFORMATION WE COLLECT
3.1 License & Account Information
License key, Machine ID, company name, contractor email address, and purchase details. This information is used to activate and validate the license against our license server (Standard Mode only; suppressed entirely in Air-Gap Mode).
3.2 Technical Information
Operating system, software version, IOC database version, Bug database version, usage statistics, and error logs.
3.3 Scan Telemetry - Metadata Only (Automatic in Standard Mode; Suppressed in Air-Gap Mode and for Offline Licenses)
After each scan, and only when the workstation is online under a networked license, LUMA transmits a single operational telemetry record to our servers. The telemetry record is metadata only. It never contains forensic findings themselves, forensic artifacts, files, message content, media, or any scan content - only a count of findings and the categorical metadata enumerated below. The record contains exclusively the following fields and no others:
- scan_id : a universally unique identifier generated locally for the scan
- engine_profile : a general categorical indicator of the local analysis engine profile used
- resource_index : a normalized indicator of computational resources consumed by the scan, used for quota management
- processing_volume_metrics : aggregate volume indicators (input size class, output size class) used for capacity planning
- duration_sec : the total wall-clock duration of the scan in seconds
- scan_type : the scan profile (e.g., "ios_sysdiagnose", "android_bugreport", "ios_deep", "android_full")
- device_model : the scanned device model string (e.g., "iPhone 14 Pro")
- device_os : the scanned device operating-system version string (e.g., "iOS 17.4.1")
- luma_version : the LUMA software version that produced the record
- threat_level : the overall verdict enumeration (e.g., "CLEAN", "INCONCLUSIVE", "INVESTIGATE", "COMPROMISED")
- findings_count : the COUNT of findings emitted by the scan (a number only - not the findings themselves)
- timestamp_utc : the ISO 8601 UTC timestamp at which the scan completed
- license_id : the Licensee's license identifier
- contractor_id : the Licensee's contractor identifier
- company_name : the Licensee's company name as recorded at license issuance
For clarity, operational telemetry is limited to computational resources, processing-volume metrics, analysis-duration parameters, device metadata, a findings count, the verdict category, and license identifiers. It does not disclose per-unit financial cost figures, which remain commercially confidential to the Licensor.
The telemetry record is used exclusively for (i) license quota management and enforcement, (ii) operational analytics, (iii) capacity planning, and (iv) quality-assurance investigation of anomalous scan behavior. Telemetry is not used for marketing, is not sold, and is not shared with any third party except as described in Section 6.
Telemetry is suppressed entirely (i) in Air-Gap Mode and (ii) for offline licenses. In those cases no telemetry record is transmitted.
3.4 Remote Upload Data (Optional; Operator-Initiated Only)
Where the operating Examiner chooses to use the optional QR-based Remote Upload feature, a device backup file is transmitted to our secure transfer storage for the sole purpose of making the file available to the Examiner's workstation for local analysis. Such files are encrypted in transit and at rest, are not sent to any analysis or artificial-intelligence provider, and are automatically deleted within seventy-two (72) hours of upload, or within twenty-four (24) hours of the Examiner downloading the file to their local workstation, whichever occurs first. Remote Upload is never automatic; it occurs only when the Examiner initiates it.
Separately, if an end-client chooses to send their own device file to the Examiner by an independent channel of the client's own choosing (for example, a messaging application such as WhatsApp), that transmission is the client's own act performed with the client's own consent through a third-party service; LUMA does not perform, control, or receive that transmission, and it is governed by the terms and privacy policy of the service the client uses.
3.5 Acknowledgment Records
The Software records first-run modal acknowledgments (Tier 2) and pre-export examiner acknowledgments (Tier 4) as described in Section 24 of the EULA. Acknowledgment records contain the Machine ID, the acknowledging operator's typed name, the LUMA software version, and an ISO 8601 UTC timestamp. These records are stored locally and are embedded as metadata in exported forensic reports; they are not transmitted to Licensor's servers.
3.6 No Scan Content Collection
Regardless of operating mode, LUMA does NOT collect, transmit, or retain:
- Raw device backup files (outside the optional operator-initiated Remote Upload feature in Section 3.4)
- Photos, videos, or media files
- Message content (SMS, iMessage, WhatsApp, email body text, or any other messaging application)
- Call audio, voicemail, or call content
- Keychain contents, iCloud Keychain contents, or any stored credentials
- Browser bookmarks, history content, or cookies
- Passwords, financial data, banking information, or authentication tokens
- Contact lists, address books, or calendar contents
- Location history, GPS traces, or precise coordinate data
- Personal identifiable information of the scanned device owner, beyond what the Licensee voluntarily enters in the examiner briefing notes
In Standard Mode, beyond the operational telemetry enumerated in Section 3.3 and any file the Examiner voluntarily uploads via the Remote Upload feature (Section 3.4), we do not collect any forensic scan data, findings, or device content. In Air-Gap Mode we collect no information whatsoever.
4. THIRD-PARTY SERVICE PROVIDERS
We do not use any third-party analysis or artificial-intelligence provider; all forensic analysis is performed locally on the user's workstation.
We use cloud infrastructure providers only to host (i) operational scan telemetry (Section 3.3) and (ii) optional Remote Upload files (Section 3.4). This infrastructure is located in Israel (me-west1 region). Data is encrypted in transit (TLS 1.2+) and at rest. We do not guarantee the availability, uptime, or uninterrupted operation of these hosted services; their unavailability does not affect the Software's ability to perform local forensic analysis, including in Air-Gap Mode.
5. HOW WE USE INFORMATION
- License validation, quota management, and renewal lifecycle communications
- Scan cost tracking and operational analytics (telemetry)
- Technical support
- Software updates, IOC database updates, and security patches
- Product improvement, including investigation of anomalous scan behaviors
6. INFORMATION SHARING
We do not sell or rent your information. We may share information with:
- Cloud infrastructure providers for telemetry storage and Remote Upload hosting
- Service providers bound by confidentiality agreements
- As required by law, court order, or legal process
6.1 Corporate Use and Data Processing Agreement (DPA)
Where the Software is licensed by a corporate entity, government body, or organization (the "Data Controller") for the purpose of analyzing devices belonging to its employees, personnel, or third parties, TSCM Intelligence Agency Ltd. shall act solely as a "Data Processor" (or "Sub-Processor" if licensed via an MSP) under applicable data protection frameworks, including the GDPR. In such B2B engagements involving the processing of personal data, the data processing activities shall be governed by a separate Data Processing Agreement (DPA) to be executed between the parties, which will outline the strict security, compliance, and processing obligations governing the relationship.
6.2 Legal Process and Subpoenas
If we receive a subpoena, warrant, court order, or other valid legal process from law enforcement or government agencies requesting access to your data or telemetry, we will make commercially reasonable efforts to notify you (the Client/Controller) prior to disclosure, unless we are legally prohibited from doing so (e.g., under a strict gag order or sealed warrant). This prior notice is intended to provide you with an opportunity to seek a protective order or otherwise contest the disclosure in the appropriate court. For clarity, we do not hold any forensic scan findings or report contents, as these never leave the analysis workstation.
7. DATA SECURITY
We implement encryption (AES-256 for data at rest, TLS 1.2+ for data in transit), secure storage, access controls, and HMAC authentication for server communications. No method of transmission or storage is one hundred percent secure, and we cannot guarantee absolute security.
8. DATA BREACH NOTIFICATION
While we employ rigorous security measures, no system is entirely invulnerable. In the event of a confirmed security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your data, TSCM Intelligence Agency Ltd. will notify affected users and the relevant supervisory authorities without undue delay (and typically within seventy-two (72) hours of becoming aware of the breach), in accordance with our obligations under applicable data protection regulations, including the GDPR.
9. DATA RETENTION
- License information: Retained while license is active, and for seven (7) years thereafter for audit and regulatory purposes
- Technical logs: Retained up to twelve (12) months
- Scan telemetry: Retained for operational analytics purposes, with personally identifying fields (license_id, contractor_id, company_name) retained for the duration of the license plus seven (7) years, and the remainder retained as aggregated statistics indefinitely
- Remote Upload files: Deleted within seventy-two (72) hours of upload, or within twenty-four (24) hours of the Examiner downloading the file, whichever occurs first
- Forensic reports: Generated and stored locally on the user's system only; never transmitted to or retained by Licensor
- Release artifacts (installers, IOC Databases, Bug Databases, manifests, Validation Reports, Known Limitations documents): Retained per the release artifact retention policy in Section 25 of the EULA
10. INTERNATIONAL TRANSFERS
Data (limited to operational telemetry and any optional Remote Upload files) is transferred to and processed in Israel, which is recognized by the EU as providing an adequate level of data protection. We do not transfer any forensic data to third-party analysis or artificial-intelligence providers, whether in Israel or in any other jurisdiction, because no such providers are used.
11. YOUR RIGHTS
You have the right to:
- Access your personal information
- Request correction or deletion
- Opt out of marketing communications
- Request information about data processing activities
- GDPR rights for EEA residents (access, rectification, erasure, portability, objection)
- Operate the Software in Air-Gap Mode to prevent all outbound network activity, including operational telemetry
12. USER CONTROL
12.1 Local Analysis in All Modes
All forensic analysis is performed locally in both modes; no forensic scan data, findings, or content is transmitted to any external analysis provider in any mode. In Standard Mode, only operational telemetry (Section 3.3) and any file the Examiner chooses to send via the optional Remote Upload feature (Section 3.4) leave the workstation.
12.2 Telemetry Content
Scan telemetry contains no personal data from scanned devices, no scan findings, no forensic report contents, and no identifying information about the scanned device owner. The exhaustive list of telemetry fields is provided in Section 3.3.
12.3 Air-Gap Mode - The Complete Suppression Control
Users who do not wish any information whatsoever to be transmitted to Licensor's servers may enable Air-Gap Mode in the Software's settings. Air-Gap Mode is the only mechanism that suppresses operational telemetry. When Air-Gap Mode is enabled:
- All outbound network connections are blocked at the application layer
- No license validation call is made; license validation is performed locally against the cached license state
- No telemetry record is transmitted at the end of a scan
- No IOC Database or Bug Database update check is made; updates must be applied manually by the operator
- Forensic analysis continues locally using the deterministic Forensic Computation Engine, exactly as in Standard Mode
Air-Gap Mode is intended for classified engagements, diplomatic casework, high-sensitivity investigations, and any scenario in which no information may leave the analysis workstation. Licensees who rely on remote license validation for quota enforcement should note that Air-Gap Mode prevents remote quota synchronization; the license continues to operate against its cached state.
13. CHILDREN'S PRIVACY
The Software is not intended for use by individuals under eighteen (18) years of age.
14. CHANGES TO THIS POLICY
We may update this policy from time to time. Material changes will be communicated through the Software or via email. Continued use of the Software after changes constitutes acceptance of the updated policy.
15. CONTACT
TSCM Intelligence Agency Ltd.
www.luma-scan.com
Page _ of _ | Privacy Policy v2.2 | (c) 2026 TSCM Intelligence Agency Ltd.
End of document. TSCM Intelligence Agency Ltd. | www.luma-scan.com
For legal inquiries: legal@luma-scan.com
(c) 2026 TSCM Intelligence Agency Ltd. All rights reserved.
Governing language: English. Translations provided for convenience only.