Professional Use & Terms
1.0 DEFENSIVE CLASSIFICATION - CRITICAL NOTICE
LUMA Mobile Threat Analysis Software is a Defensive Forensic Log Analysis Tool. It does not perform, facilitate, enable, or contribute to any offensive surveillance, interception, exploitation, or intrusion activity, and it does not collect personal content from scanned devices (including messages, call audio, photos, contacts, credentials, or location histories), except to the limited extent the operating Examiner voluntarily enters such content as briefing notes into the Software interface. The Software's sole operational purpose is the analysis of forensic log artifacts retrieved from mobile devices, with documented consent or lawful authority, for the identification of known and behaviourally-suspicious markers associated with commercial spyware, state-sponsored implants, and stalkerware.
This defensive classification is binding. It may not be contradicted, diluted, or qualified by the Licensee's marketing materials, the Licensee's internal documentation, the Licensee's representations to End-Clients, or the Licensee's pattern of use. Any use, representation, or resale of LUMA that characterises the Software as an offensive surveillance tool, a communications interception tool, an exploitation framework, or a general-purpose investigative surveillance product is a material breach of this Disclaimer and of the LUMA End User License Agreement, and is prohibited.
1. AUDIENCE AND PURPOSE OF THIS DOCUMENT
This Professional Use Disclaimer is directed to licensed Technical Surveillance Counter-Measures (TSCM) professionals, digital forensic examiners, private investigators, managed security service providers, incident responders, and any other Qualified Forensic Examiner who operates LUMA Mobile Threat Analysis Software ("the Software") in the course of professional engagements. It supplements, and does not replace, the LUMA End User License Agreement ("EULA") and the LUMA Privacy Policy.
The purpose of this document is to state with precision (a) the classification of the Software as a Defensive Forensic Log Analysis Tool operating in a decision-support capacity, (b) the professional responsibilities of the operating examiner, (c) the mandatory verification workflow required for every finding, (d) the boundary between the Software's output and admissible evidence, and (e) the acknowledgment language that each examiner is required to affirm before a report may be exported.
2. CLASSIFICATION OF LUMA AS A DEFENSIVE FORENSIC LOG ANALYSIS TOOL OPERATING IN A DECISION-SUPPORT CAPACITY
LUMA is a Defensive Forensic Log Analysis Tool that operates in a decision-support capacity. It is designed for mobile-device forensic log analysis and for the identification of known and behaviourally-suspicious markers associated with commercial spyware, state-sponsored implants, and stalkerware. Findings emitted by LUMA are produced entirely on the local analysis workstation, through a combination of:
- Deterministic matching of device artifacts against an Indicators of Compromise (IOC) Database;
- Rule-based behavioural detectors with calibrated thresholds; and
- A deterministic Bayesian probability model ("Forensic Computation Engine") that weighs positive and negative evidence.
LUMA does not use any artificial-intelligence or large-language-model reasoning, and does not transmit forensic data, findings, or scan content to any external analysis service, in any mode of operation.
Findings are probabilistic indications intended to orient the examiner's attention. Findings are not determinations of fact, are not conclusive proof of compromise, and are not, standing alone, admissible evidence in any administrative, investigative, or judicial forum.
3. PROFESSIONAL RESPONSIBILITY OF THE EXAMINER
The examiner operating LUMA retains sole professional responsibility for the interpretation, reporting, and downstream use of every finding. By operating the Software, the examiner represents that he or she:
- Is qualified by training, certification, experience, or professional licensure to interpret mobile forensic evidence;
- Understands the evidentiary-limitations chapter embedded in every LUMA report and the four-tier acknowledgment hierarchy described in Section 24 of the LUMA EULA;
- Accepts that the Software's output is a starting point, not an end point, in the forensic workflow;
- Accepts that the professional consequences of an erroneous interpretation, whether arising from a false positive, a false negative, a misread log excerpt, or an overreading of a benign indicator, are borne by the examiner and not by TSCM Intelligence Agency Ltd.
4. HUMAN-IN-THE-LOOP VERIFICATION (MANDATORY)
The Software is intended for preliminary analysis only. Every finding presented by the Software requires independent verification by a Qualified Forensic Examiner before being presented as evidence. This Human-in-the-Loop requirement is not optional and is enforced at four distinct layers:
Tier 1 - EULA acceptance at installation;
Tier 2 - First-run modal warning acknowledged per installed version;
Tier 3 - Evidentiary-limitations chapter embedded in every exported report;
Tier 4 - Active pre-export acknowledgment by the operating examiner, including typed name and timestamp, which is embedded as metadata in the exported report.
At a minimum, Human-in-the-Loop verification requires the examiner to:
(a) Inspect the underlying log excerpts, process lists, and IOC match records upon which each finding is based;
(b) Cross-reference each finding against independent sources of threat intelligence (e.g., Amnesty International Mobile Verification Toolkit, Citizen Lab research reports, vendor security advisories);
(c) Apply professional judgment to distinguish benign behaviours (e.g., enterprise Mobile Device Management, Mobile Threat Defence agents, audited corporate VPNs, parental-control applications under consented parental supervision) from malicious indicators presenting similar artifacts;
(d) Document in the report any finding that the examiner has resolved as a false positive, together with the reasoning; and
(e) Clearly state, in the report's conclusions, the confidence level the examiner attaches to each residual finding, using the terminology and methodology conventions appropriate to the examiner's professional discipline and jurisdiction.
5. NO GUARANTEE OF ACCURACY
The Licensor does not warrant that log analysis performed by the Software will be free from errors or misinterpretations arising from:
- The complexity of the scanned data;
- Changes to log formats introduced by operating-system or vendor updates;
- Undocumented vendor or carrier behaviours;
- Previously unknown adversary techniques for which no IOC or detector yet exists;
- Incomplete forensic acquisitions (e.g., sysdiagnose captures without CDR or encrypted backups);
- Normal variability in mobile-device telemetry that can mimic surveillance behaviour at the statistical level.
False positives and false negatives are inherent to any forensic analysis tool that operates on incomplete or evolving data. The absence of findings does not constitute proof of the absence of compromise, and the presence of findings does not constitute proof of compromise.
6. SCOPE OF USE AS PRELIMINARY EVIDENCE ONLY
Use of the Software's output as sole evidence in legal, administrative, or investigative proceedings is at the user's sole responsibility. The examiner acknowledges that:
- A LUMA report, standing alone, is not sufficient to support a legal determination, a probable-cause finding, a search warrant application, an arrest, an employment termination, a civil cause of action, or a family-court determination;
- LUMA findings should be corroborated with independent forensic analysis, chain-of-custody documentation, and, where applicable, expert testimony;
- LUMA findings should be presented to triers of fact with the confidence levels, methodology disclosures, and known-limitations caveats embedded in the report's evidentiary-limitations chapter and the operating examiner's supplementary professional opinion;
- Any presentation of LUMA findings in a forum of record should be accompanied by a statement of the Software version, the IOC Database version, the Bug Database version, and the analysis mode used (Standard or Air-Gap), as recorded in the report's Reproducibility Block.
7. CONSENT REQUIREMENTS
The Software may be operated only under lawful authority. The examiner is solely responsible for ensuring that one or more of the following conditions is satisfied, in a manner sufficient under the law of the jurisdiction of use, prior to initiating any scan:
(a) Documented written or digital consent from the owner of the device, obtained freely and with informed understanding of the scan's nature and scope;
(b) A valid court order, search warrant, or other legally sufficient authorization issued by a competent authority;
(c) Personal ownership of the device by the examiner.
Where the examiner is engaged by a third-party End-Client (for example, an individual who believes his or her personal device is compromised, or an organization seeking to examine a corporate-owned device), the examiner is responsible for executing any required client-consent form, Data Processing Agreement (DPA), and chain-of-custody documentation.
Scanning a device without a lawful basis may constitute a criminal offense under the law of the jurisdiction of use and is an express material breach of the LUMA EULA.
8. ACKNOWLEDGMENT REQUIRED OF EVERY EXAMINER
Before exporting any forensic report produced by LUMA, the operating examiner is required to affirm, by completing the pre-export acknowledgment modal in the Software, each of the following statements:
(a) "I am a Qualified Forensic Examiner as defined in the LUMA EULA, and I am operating the Software within the scope of my professional engagement and under lawful authority."
(b) "I have read the evidentiary-limitations chapter embedded in this report, and I understand that LUMA is a Defensive Forensic Log Analysis Tool whose output requires independent verification before being presented as evidence."
(c) "I have manually reviewed every finding presented in this report. Any finding I have resolved as a false positive has been removed or annotated. The residual findings presented in this report reflect my professional interpretation and I accept personal professional responsibility for that interpretation."
(d) "I understand that this acknowledgment is embedded as metadata in the exported report, including my typed name, the Machine ID of this installation, and an ISO 8601 UTC timestamp, and that it constitutes a sworn statement of verification that may be inspected by any recipient of the report."
The Software will not permit export of the report until each element of the acknowledgment has been completed.
9. LIMITATION OF LICENSOR LIABILITY; INDEMNIFICATION
Consistent with Sections 15 and 16 of the LUMA EULA, the Software is provided "AS IS" and "AS AVAILABLE", and the Licensor's aggregate liability is limited to the fees paid by the Licensee during the twelve months preceding the event giving rise to the claim. The Licensee, and each examiner operating on the Licensee's behalf, agrees to indemnify, defend, and hold harmless TSCM Intelligence Agency Ltd. from any claim arising out of the examiner's use or misuse of the Software, including without limitation any claim arising from a presentation of Software output as sole or dispositive evidence.
10. CONTACT
TSCM Intelligence Agency Ltd.
Web: www.luma-scan.com
Company ID: 515887677
BY OPERATING LUMA IN A PROFESSIONAL ENGAGEMENT, THE OPERATING EXAMINER ACKNOWLEDGES THAT HE OR SHE HAS READ, UNDERSTOOD, AND ACCEPTS EVERY TERM OF THIS PROFESSIONAL USE DISCLAIMER, THE LUMA EULA, AND THE LUMA PRIVACY POLICY.
End of document. TSCM Intelligence Agency Ltd. | www.luma-scan.com
For legal inquiries: legal@luma-scan.com
(c) 2026 TSCM Intelligence Agency Ltd. All rights reserved.
Governing language: English. Translations provided for convenience only.