02 — Family offices
Principal intelligence held under lock and audit.
Hold the most sensitive relationships your firm manages with field-level redaction and a signed trail your counsel will sign off on.
A regulator asks who viewed a principal's file last quarter. The answer takes one export.
The most sensitive records your firm holds — net worth, residences, travel, family — live in Lumos under field-level redaction. A junior analyst builds a brief referencing the principal only by codename, never seeing the underlying identity.
When counsel needs to demonstrate control, they export a complete, signed audit trail: every read, every change, every actor and timestamp — tamper-evident and built for the standards your auditors already hold you to.
Field-level redaction
Identities, financials, and private notes can be hidden field by field, per role, on a single record. There are no duplicate 'safe' copies to drift out of sync — one record, many permitted views.
Role-based access
Every role is least-privilege by default and sees only what its work requires. An analyst can move a request forward without ever touching the numbers a partner sees.
Signed audit events
Every read and every change is written as a cryptographically signed, tamper-evident event. When counsel needs to demonstrate control, the trail is already complete and exportable.
Codenames
A principal can be referenced throughout the system by codename alone. Coordinators schedule, brief, and deliver against a file without ever learning whose it is.
From first touch to closed loop.
Define
Map roles to data — who sees identities, who sees money, who sees only the task in front of them.
Enforce
Redaction and access checks run on every request, not as a setting someone can forget.
Prove
Export a signed, complete trail for any record, principal, or period on demand.