Most CRM platforms treat HIPAA as a tier upgrade. A "secure" plan at 2x the regular price, with a few extra features bolted on. That model creates a two-track product, where the compliance posture is a marketing line, not an architectural one.
Lumè doesn't have a "secure tier." Every customer is on the HIPAA-compliant architecture because there's only one architecture. Tenant isolation, role-based permissions, audit logging, and PHI containment are foundational. They're built into the models and the middleware, not patched on as an upsell.
What "HIPAA-compliant" means here
Lumè is built on a defense-in-depth architecture: least privilege, traceability, change management, separation of duties. Production runs on AWS services covered by a Business Associate Agreement. Postgres is KMS-encrypted at rest. Email goes through SES with the right SPF, DKIM, and DMARC posture. Backups are encrypted, key rotation is automated, access is logged.
The product also makes the hard choice consistently. Email containing PHI (a signed-consent copy, for example) sends only when an operator initiates it, because automated PHI delivery would require per-customer authorization most spas don't capture today. CSV exports of per-customer data fire a confirmation gate before the download. Every confirmation is logged.
Production posture
Production runs on AWS under a signed BAA. Postgres encrypted at rest with KMS. Backups encrypted, key rotation automated. SES handles email with DKIM, SPF, and DMARC configured. Audit log tables are append-only at the database trigger level. UPDATE and DELETE statements are rejected.
If your compliance team needs documentation — architecture diagrams, control mappings, or answers to a vendor questionnaire — we respond directly. Contact us at security@lumècrm.com.