TSCM Intelligence Agency Ltd. | www.luma-scan.com | Company ID: 515887677
LUMA Mobile Threat Analysis Software
Effective Date: March 2026 | Version 2.0
TSCM Intelligence Agency Ltd. ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard information when you use LUMA Mobile Threat Analysis Software ("the Software").
LUMA operates in two distinct modes, each with different data handling characteristics:
When an internet connection is available, LUMA transmits forensic scan findings and device metadata to secure cloud-based AI servers for advanced forensic analysis. In this mode, extracted forensic artifacts (such as system logs, process lists, IOC match data, and behavioral indicators) are sent to third-party AI service providers for processing. No raw device backups, personal content (photos, messages, files), or user credentials are transmitted -- only forensic analysis data required for threat assessment.
When no internet connection is available, or when the user selects offline analysis, ALL data processing occurs entirely on the local machine. No data of any kind is transmitted to external servers. Analysis is performed using a local deterministic computation engine and, where available, a locally installed AI model. In offline mode, all scan data remains exclusively on the user's system.
If cloud AI services are unavailable (due to network issues, service outages, or configuration), LUMA automatically falls back to offline mode. This transition is seamless and requires no user intervention.
License key, machine identifier, company name, email address, and purchase details.
Operating system, software version, IOC database version, usage statistics, and error logs.
After each scan, LUMA transmits anonymous operational telemetry to our servers, including: scan identifier, analysis engine used (online/offline), processing duration, token usage, estimated cost, device type (iOS/Android), and overall threat level classification. This telemetry does NOT include any personal data from the scanned device, scan findings, forensic reports, or identifying information about the device owner.
When operating in online mode, the following data is transmitted to AI service providers for forensic analysis:
When the optional QR-based remote upload feature is used, device backup files are transmitted to our secure cloud storage for processing. These files are encrypted in transit and at rest, and are automatically deleted after analysis is complete or after a configurable retention period.
Regardless of operating mode, we do NOT collect:
In offline mode, we additionally do NOT collect any forensic scan data, findings, or device metadata -- all processing remains entirely local.
We use the following categories of third-party service providers for data processing:
Forensic analysis data (as described in Section 3.4) is processed by third-party AI service providers. These providers process data solely for the purpose of generating forensic analysis and do not retain scan data beyond the processing session. Their use of data is governed by their respective privacy policies and data processing agreements.
Scan telemetry (Section 3.3) and remote upload files (Section 3.5) are stored on cloud infrastructure services with data centers located in Israel (me-west1 region). Data is encrypted in transit (TLS 1.2+) and at rest.
TSCM Intelligence Agency Ltd. relies on third-party cloud infrastructure and AI service providers for online analysis capabilities. We do not guarantee the availability, uptime, or uninterrupted operation of these third-party services. In the event of third-party service disruption, the Software automatically falls back to offline local analysis mode. TSCM shall not be held liable for any service disruptions, outages, or changes to third-party provider infrastructure.
We do not sell or rent your information. We may share information with:
Where the Software is licensed by a corporate entity, government body, or organization (the "Data Controller") for the purpose of analyzing devices belonging to its employees, personnel, or third parties, TSCM Intelligence Agency Ltd. shall act solely as a "Data Processor" (or "Sub-Processor" if licensed via an MSP) under applicable data protection frameworks, including the GDPR. In such B2B engagements involving the processing of personal data, the data processing activities shall be governed by a separate Data Processing Agreement (DPA) to be executed between the parties, which will outline the strict security, compliance, and processing obligations governing the relationship.
If we receive a subpoena, warrant, court order, or other valid legal process from law enforcement or government agencies requesting access to your data, telemetry, or forensic scan results, we will make commercially reasonable efforts to notify you (the Client/Controller) prior to disclosure, unless we are legally prohibited from doing so (e.g., under a strict gag order or sealed warrant). This prior notice is intended to provide you with an opportunity to seek a protective order or otherwise contest the disclosure in the appropriate court.
We implement encryption (AES-256 for data at rest, TLS 1.2+ for data in transit), secure storage, access controls, and HMAC authentication for server communications. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
While we employ rigorous security measures, no system is entirely invulnerable. In the event of a confirmed security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your data, TSCM Intelligence Agency Ltd. will notify affected users and the relevant supervisory authorities without undue delay (and typically within 72 hours of becoming aware of the breach), in accordance with our obligations under applicable data protection regulations, including the GDPR.
Data may be transferred to and processed in Israel, which is recognized by the EU as providing an adequate level of data protection. AI service providers may process data in other jurisdictions; their data processing locations are governed by their respective privacy policies.
You have the right to:
Users who do not wish any scan data to be transmitted externally may operate LUMA in offline mode. In this mode, all analysis is performed locally and no forensic data leaves the user's system.
Scan telemetry is transmitted automatically in both online and offline modes for operational purposes. Telemetry contains no personal data from scanned devices.
The Software is not intended for use by individuals under 18 years of age.
We may update this policy from time to time. Material changes will be communicated through the Software or via email. Continued use of the Software after changes constitutes acceptance of the updated policy.
TSCM Intelligence Agency Ltd.
Email: support@luma-scan.com | Web: www.luma-scan.com
Privacy Policy v2.0 | © 2026 TSCM Intelligence Agency Ltd.