Every serious CRM was built decades ago and never fully rebuilt.

Lumenbase is a new CRM for the AI age that helps you prioritize your day and engage with the right people in your network.

Full-funnel CRM with lists, leads, deals, and accounts; Lumo AI for daily priorities and outreach; automations, lead scoring, forecasting, and integrations with Gmail, Outlook, Slack, LinkedIn, and more.

Try for free · Features · How it works · AI site digest

    Lumenbase

    Security

    Security disclosure

    We welcome responsible reports that help keep Lumenbase and our customers safe.

    Report a vulnerability

    Email security reports to security@lumenbase.io. Include a concise description, reproduction steps, affected URLs or accounts, and any screenshots or logs that help us validate the issue.

    Email security teamPrivacy requests

    In scope

    • Authentication, session, authorization, or tenant-isolation issues.
    • Access to another workspace's customer data.
    • Stored or reflected cross-site scripting.
    • Server-side request forgery, remote code execution, or privilege escalation.
    • Credential, token, webhook, or API-key leakage affecting Lumenbase systems.

    Out of scope

    • Social engineering, phishing, or physical attacks.
    • Denial-of-service or load tests without written approval.
    • Destructive testing, data exfiltration beyond proof of access, or persistence attempts.
    • Automated scanner output without a confirmed exploitable issue.
    • Issues in third-party services unless they directly expose Lumenbase customer data.

    Safe harbor

    If you act in good faith, avoid privacy violations and service disruption, and report findings promptly, we will not pursue legal action for security research that follows this policy. Stop testing and notify us immediately if you encounter customer data or sensitive secrets.

    Response expectations

    • We aim to acknowledge credible reports within two business days.
    • We prioritize issues by customer impact, exploitability, and data exposure risk.
    • We will keep reporters updated when a validated issue requires a longer remediation window.