[SR] User asking us to fill in a security form or sign an NDA

Applicable to: All Lumion versions

1. Question:

1.1: A user wants us to sign an NDA or fill in a questionnaire for security compliance purposes, to get approval for purchasing Lumion, or to share one of their files for troubleshooting.

2. Standard Reply:

2.1: Answer (if the user is asking us to sign an NDA):

We cannot agree to sign any NDAs, however, to address any concerns regarding what data Lumion processes, there are a few brief points:

1. If the legal department has concerns about storing any of the Projects on our servers, I can confirm that anything stored/created by a user is simply local and there is no such thing as an online backup. This means that whatever you create in Lumion is stored on your PCs (or on your own network, if that's the data structure of the office), data to which we don't have access.

2. Lumion only records telemetry information to improve customer experience. The data is detailed here. However, when a user opens Lumion for the first time, they are prompted to either accept or reject User Analytics. When rejected, no data is processed. This can be changed by the user at any time in the Settings panel.

3. If in need of Technical Support, in some cases, we may request files to assist in the case. Those files are only used for the duration of troubleshooting the issue at hand and under strict confidentiality agreements.

4. We are not equipped for phone support but we do our best to communicate things in writing. If your legal department has any concerns, please ask them to make a list and forward it to us.

There is one type of data that is stored and, at all times is accessible to the License holder by getting in touch with us, which is License info. This only keeps track of which IP address Lumion was opened and when. This is necessary for two main reasons:

• This is how our License system works - you cannot work in Lumion without the License Server verifying the validity of the License as a security measure.
• To prevent potential License abuse.

Let us know if you have any more questions.

Source:

Policy Update: We no longer offer to sign NDA's:

email from Miguel Jan 27, 2021

 

Please be aware, the "General Terms of Service" has been updated to include a distinction between data shared with the Community and data shared between a customer and our Customer Care services. See the changes under point 3.4-C of the terms.

 

In this distinction, we point out that Act-3d considered all content exchanged within our Customer Care service to be confidential and will never be shared with the public.

 

Please update your templates accordingly:
Instead of saying: "3. The .LS Project file (we can sign NDA if necessary):"
please say something like: "3. The .LS Project file (your data is kept confidential per our General Terms of Service):"

 

If a customer is not satisfied with this and they themselves ask for an NDA to be signed even after we point them to our General Terms of Service, please let me know and we'll deal with it on a case-by-case basis.

 

If there are any questions please let me know!

2.2: Answer (If the user is asking us to complete a security questionnaire):

Unfortunately, it is currently company policy to not complete the information for such requests. So at the moment I/we are unable to provide those details.

Now I certainly understand that from your company's perspective they want to ensure the best security, especially in these days and times.  As we do too, from both sides.

We have the details online that you have taken a look at and management currently considers that should meet our customer requirements to know about data security and usage.

• Lumion Website: Legal

I also wonder if, for example, we were unable to accurately answer some questions, or some answers could not be provided how that could potentially lead to some liability. As you can imagine, some of the possibilities leave us in a predicament.

There is also the aspect that we cannot test every situation of usage of our software in other organizations' computer environments. It could be more directly suitable to your company's systems that someone there do any needed tests to identify that the use of our software is OK.

Certainly, in terms of our high level of customer care and service aims we would like to help but doing so could put us, the company, and our other customers also at risk.

We will keep an eye on issues of security and requests such as yours and raise them with our management team so that we are doing the best for our customers.

Regrettably, we decline your request. Sorry about that.

2.3: Answer to when and how Lumion accesses the internet.

Lumion uses connections for 4 major things:

• Sending/receiving anonymous telemetry data - you can opt in/out when you start the software for the first time or later in the Settings of the software.
• Checking the validity of the License Keyon startup and shutdown of the application (this is a call to our servers and it is absolutely necessary to occur, otherwise Lumion will not start).
• OpenStreetMaps - as the data is downloaded upon request.
• Uploads to MyLumion portal for Panoramas.

You can find a full list of all the domains and connections that Lumion requires below:

• Knowledge Base: Which domains and ports does Lumion need access to?

3. Cause/Background information:

3.1: Reference:

• Zendesk Support Requests:

1. https://lumion.zendesk.com/agent/tickets/20811
2. https://lumion.zendesk.com/agent/tickets/42145
3. https://lumion.zendesk.com/agent/tickets/31051
4. https://lumion.zendesk.com/agent/tickets/34918

4. See Also:

• Internal Knowledge Base: [SR] Customer requires forms to be completed as proof of compliance with certification standards
• Internal Knowledge Base: [SR] What PC and user information does Lumion and the license system store?