<!doctype html>

Luura Security Policy

Last updated: 19/01/2026

1) Our approach to security

Luura is built with security and privacy as foundational principles. We take a proportionate, risk-based approach that reflects how the app is currently used and the sensitivity of the data involved. In Phase 1, Luura supports secure bank connections via Open Banking and uses native in-app purchasing for subscriptions.

2) Open Banking and bank connections

Luura connects to your bank using Open Banking through Yapily Connect Ltd, an FCA-authorised open banking provider.

Bank access is read-only
Luura never sees or stores your bank login credentials
You authenticate directly with your bank during connection
You can revoke access at any time via your bank or within Luura
Yapily manages consent, authentication, and secure transmission of data between banks and Luura.

3) Platform and infrastructure security

Luura is built on the Bubble platform and hosted on Amazon Web Services (AWS).

All data is encrypted in transit using HTTPS
AWS provides physical, network, and infrastructure-level security
Bubble performs ongoing platform-level security monitoring
Luura uses Bubble’s separation between development and live environments to reduce change risk.

4) Application security

Passwords are securely hashed and never stored in plain text
Access to user data follows least-privilege principles
Administrative access is restricted and protected
Input validation reduces common application security risks

5) Data access and internal controls

Access to production data is tightly controlled.

Only authorised personnel can access live systems
Access is granted solely for operational or support purposes
Administrative access is restricted. Access is granted only when required for operational/support purposes and is reviewed periodically.
No third party is given unrestricted access to user data
Multi-factor authentication is enabled on key administrative accounts where available.

6) In-app purchase security

Luura uses native in-app purchasing provided by the Apple App Store and Google Play Store.

Luura does not process or store payment card details
Payments are handled directly by Apple or Google
Luura receives only limited purchase and subscription status data
All payment processing follows platform security requirements

7) Data storage, backups and resilience

User data is stored securely on AWS via Bubble
Backups and resilience controls are provided by the hosting/platform provider as part of their managed service. We follow provider guidance and maintain operational procedures to support recovery.
Systems are designed to recover from service interruptions
Availability and performance are monitored

8) Incident response

If a security incident or personal data breach is identified:

The issue is investigated and contained promptly
Affected systems are secured
Users are notified where required by law
Regulators are informed in line with UK GDPR obligations

9) Continuous improvement

Luura’s security measures are reviewed regularly and will evolve as the product grows, including enhanced controls as new features are added.

10) Your role in staying secure

Use a strong, unique password
Keep your login details private
Log out on shared devices
Contact us if you notice suspicious activity

11) Contact

For security questions or to report a concern: Email: info@luurafinance.app Company: Luura Finance Ltd, 167-169 Great Portland Street, London, England, W1W 5PF