Security at LumenQuery
LumenQuery is designed for secure API access and blockchain data infrastructure. We do not store private keys, seed phrases, or signing credentials.
Core Security Principle
LumenQuery is a read-only blockchain data platform. It cannot sign transactions, move funds, or access private keys. All data served through our APIs is publicly available on the Stellar network.
API Key Security
- •API keys are generated using cryptographically secure random number generators
- •Keys are transmitted exclusively over HTTPS (TLS 1.2+) and never sent in plaintext
- •API keys can be revoked immediately from the dashboard at any time
- •Keys are hashed before storage in the database and cannot be retrieved in plaintext after creation
- •Each API key is scoped to a single user account and cannot access other accounts' data
Authentication
- •User sessions are managed via NextAuth.js with JWT tokens and a 7-day expiry
- •Passwords must be at least 8 characters with uppercase, lowercase, and numeric characters
- •Passwords are hashed with bcrypt before storage and are never stored in plaintext
- •Secure, HTTP-only cookies are used in production to prevent XSS-based session theft
- •Password reset tokens are single-use, expire after 1 hour, and invalidate all existing sessions
Data Handling
- •LumenQuery provides read-only access to public blockchain data and does not store private keys, seed phrases, or signing credentials
- •The platform cannot sign transactions or move funds on behalf of any user
- •Portfolio features read account balances via the public Horizon API and do not require account authorization
- •User data (email, usage logs, API keys) is stored in a PostgreSQL database with access restricted to application services only
- •Redis is used for caching public blockchain data with short TTLs and does not store sensitive user information
Infrastructure Security
- •All traffic is served over HTTPS with TLS certificates managed by Let's Encrypt via Traefik
- •HSTS is enforced with a 1-year max-age, includeSubDomains, and preload directives
- •Content Security Policy (CSP) restricts script execution, frame embedding, and resource loading
- •Additional headers include X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff, and X-XSS-Protection
- •All services run in isolated Docker containers with no shared file system access
- •UFW firewall restricts port access to only necessary services, with monitoring ports limited to internal networks
Rate Limiting & Abuse Protection
- •Multi-layer rate limiting is applied at both the Traefik reverse proxy level and the application middleware level
- •Authentication endpoints have strict limits: 5 signups per hour, 10 sign-ins per minute, 3 password resets per email per hour
- •General API endpoints are limited to 60 requests per minute for authenticated users
- •Rate limit responses include Retry-After headers so clients can implement proper backoff
- •Excessive abuse triggers temporary IP-level blocks at the infrastructure layer
Logging & Monitoring
- •Prometheus collects metrics from all application services, databases, and infrastructure components
- •cAdvisor monitors container-level resource usage including CPU, memory, network, and disk I/O
- •Dedicated exporters track PostgreSQL query performance and Redis cache health
- •Admin actions are logged to an immutable audit trail with IP address and user agent information
- •Access logs are maintained at the Traefik layer for all incoming requests
Responsible Disclosure
If you discover a security vulnerability in LumenQuery, we encourage you to report it responsibly. Please send details to support@lumenquery.io with a description of the issue, steps to reproduce, and any relevant technical details.
- •Please allow us reasonable time to investigate and address the issue before public disclosure
- •Do not access or modify data belonging to other users during your research
- •We will acknowledge receipt of your report within 48 hours and provide updates on our investigation
Enterprise Security Review
Enterprise customers can request a detailed security review covering LumenQuery's infrastructure architecture, data handling practices, access controls, and incident response procedures. Security reviews are available as part of the Enterprise onboarding process.
What the review covers
- Infrastructure architecture and isolation
- Data flow and storage practices
- Authentication and authorization model
- Incident response procedures
- Third-party dependency management
How to request
- Contact sales at support@lumenquery.io
- Specify your compliance requirements
- Include any questionnaires or frameworks
- Reviews are typically completed within 2 weeks
- NDA available upon request
Security Headers
Frequently Asked Questions
Do you store private keys?
No. LumenQuery never stores private keys, seed phrases, secret keys, or any signing credentials. The platform provides read-only access to public blockchain data. There is no mechanism for LumenQuery to access or control any Stellar account.
Can LumenQuery sign transactions?
No. LumenQuery is a data infrastructure platform that reads from the Stellar blockchain. It does not have transaction signing capabilities and cannot submit transactions, move funds, or modify any on-chain state on behalf of users.
How are API keys protected?
API keys are generated using cryptographically secure random number generation, transmitted exclusively over HTTPS, and hashed with bcrypt before database storage. Keys can be revoked instantly from the user dashboard. After initial creation, the plaintext key cannot be retrieved from the system.
Do you support enterprise security reviews?
Yes. Enterprise customers can request a security review that covers our infrastructure architecture, data handling practices, access controls, and incident response procedures. Contact our sales team at support@lumenquery.io to arrange a review.
Do you provide audit logs?
Yes. Administrative actions are logged to an immutable audit trail that records the action type, administrator identity, target user, IP address, user agent, and timestamp. API usage is tracked per key with request counts, response times, and data transfer volumes.
What security headers do you set?
LumenQuery sets HSTS (1 year, includeSubDomains, preload), Content-Security-Policy (strict script and resource loading), X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff, X-XSS-Protection: 1; mode=block, Referrer-Policy: strict-origin-when-cross-origin, and Permissions-Policy (camera, microphone, and geolocation disabled).
Questions about security?
If you have security questions, need a detailed review for your compliance team, or want to report a vulnerability, we are here to help.