Data Security & Privacy

We are committed to:

• Protecting the confidentiality, integrity, and availability of client data

• Processing data lawfully, fairly, and transparently

• Using secure, modern Microsoft cloud services

• Applying least-privilege access at all times

Security is built into how we work — not added as an afterthought.

Depending on client preference and technical setup, we work in one of the following ways:

​

1. Client Tenant Model (Preferred)

​

Where possible, work is carried out directly within the client’s Microsoft 365 / Power BI tenant.

• Access is granted via a secure guest account

• Data remains entirely within the client’s environment

• The client retains full ownership and control of all data and reports

​​

2. Consultant Tenant Model

​

This is not recommended, however, data may be processed within Luminova Analytics’ Microsoft 365 tenant.

• Each client is assigned a dedicated Power BI workspace

• Client data is fully isolated and never shared between clients

• Access is restricted to authorised individuals only

​​

The chosen model is agreed in advance with the client.

Client data is handled using the Microsoft 365 and Power BI platform, which provides enterprise-grade security features, including:

• Encryption at rest and in transit

• Secure identity and access management

• Role-based access controls

• Audit logging

Additional safeguards include:

• Multi-Factor Authentication (MFA) on all administrative accounts

• Encrypted devices used for any development work

• No long-term storage of client data on local machines

We apply a least-privilege approach to access:

• Client users are granted viewer access unless otherwise required

• Administrative permissions are restricted and reviewed

• Shared accounts are not used

• Access is revoked promptly at the end of an engagement

To reduce the risk of unauthorised disclosure:

• “Publish to Web” is not used

• Reports are shared only with explicitly approved users

• External sharing is disabled unless agreed with the client

• Export and download permissions are reviewed on a case-by-case basis

Client data is retained only for the duration of the engagement unless otherwise agreed.

​

Upon project completion or termination:

• Power BI datasets and reports are deleted

• Access permissions are revoked

• Recycle bins are cleared

• Written confirmation of deletion can be provided on request

In the unlikely event of a suspected data security incident:

• The issue is investigated immediately

• Access is restricted where necessary

• Affected clients are notified promptly

• Appropriate corrective actions are taken

Where required, incidents will be handled in line with UK GDPR breach notification requirements.

Luminova Analytics acts as a data processor when handling client data and processes information only on documented client instructions.

​

We follow the principles of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, including:

• Data minimisation

• Purpose limitation

• Security by design and by default

Clients remain the data controller for their own data.

Luminova Analytics carries Professional Indemnity insurance appropriate for analytics and advisory services. Additional cover can be arranged where required by client engagements.

If you have specific security, privacy, or compliance requirements, these can be discussed before any work begins. We are happy to tailor our approach to meet your organisation’s needs.