Architecture & deployment

Luma BI is a managed offering — we host every customer's instance on dedicated infrastructure. This page documents how we run that stack so you know what's under the hood and what your auditors see when they ask.

Self-hosting? Not offered today. Every Luma BI deployment is operated by us on per-customer isolated infrastructure. The Architecture below describes the platform we run for you.

Stack

Runtime: Node 20 + Express
Database: PostgreSQL 14+ (per-customer instance, not shared)
Cache: Redis (per-customer instance)
Frontend: React 18 + Vite + Tailwind, served by the same Node process
AI provider: Anthropic Claude (Sonnet 4.6)

Hosting & isolation

Per-customer dedicated instance. Your Postgres, Redis, and Express containers are isolated — no multi-tenant shared compute or shared databases.
Reference target: Coolify on a hardened Linux host (the build is nixpacks.toml-driven). Enterprise customers can request a dedicated VPC.
Region. UK by default. EU and US regions available on Growth and Enterprise.
TLS termination at the reverse proxy. All connector traffic to your warehouses uses TLS or VPC peering.

Configuration surface

These are the environment variables we configure for your instance. They're documented for transparency / audit; you don't need to set them.

Identity

| Var | Purpose | | --- | --- | | GOOGLE_CLIENT_ID | Google OAuth client ID for SSO | | ALLOWED_EMAIL_DOMAINS | Domains permitted to sign in | | ADMIN_EMAIL_DOMAINS | Domains granted admin privileges |

Cost controls

| Var | Default | Purpose | | --- | --- | --- | | AI_DAILY_BUDGET_USD | 5 | Per-admin daily dollar cap on AI Analyst spend | | AI_USER_DAILY_LIMIT | 2 | Per-non-admin daily run cap on AI Analyst |

Optional integrations

| Var | Purpose | | --- | --- | | SLACK_WEBHOOK_URL | Enables “Post to Slack” on AI Analyst reports |

First-boot behaviour

When we provision (or restart) your instance the server:

Runs schema.sql via runMigration() — creates tables (idempotent) and applies any ALTER TABLE ... ADD COLUMN IF NOT EXISTS migrations
Runs any scheduled connector syncs that are due
Starts the AI Analyst scheduler (15-minute tick) — re-runs any scheduled reports whose cadence has elapsed

Server logs are tagged with [DB], [Import], [Connector], and [Scheduler] prefixes.

Admin gating model

Authentication is domain-gated Google SSO (Okta / Azure AD / generic SAML on Enterprise). Any email matching the configured allow-list can sign in. A separate admin domain list decides who can run admin actions:

Generate new AI Insights reports
Trigger new AI Analyst runs (subject to the daily dollar cap)
Delete any report
Pin reports to the top of history
View the Admin · Users and Admin · AI Spend dashboards
Trigger a manual connector resync

The frontend hides admin-only UI for non-admins, and every admin-gated endpoint re-checks server-side via the requireAdmin() middleware — defence in depth.

Data ingestion

Three paths feed data into your instance — see Getting started for the full breakdown:

Warehouse connectors — read-only role on BigQuery / Redshift / Snowflake / Postgres / MySQL, synced on a configurable cadence
SaaS API connectors — Stripe, GA4, HubSpot, Segment, Shopify, Mixpanel (Growth+)
File drops — CSV / XLSX through the admin UI, header-detected, SHA-256 deduped

Redis caching

All dashboard compute endpoints are cached via Redis with a 90-day TTL. The cache key is versioned — when we ship a fix that changes a metric, we bump the version and your cache invalidates automatically. If your Redis is briefly unavailable, dashboards fall back to running fresh against Postgres.

Backups & recovery

Starter: daily full backup, 7-day retention
Growth: daily full backup, 30-day retention, point-in-time restore
Enterprise: daily full backup, 90-day retention, point-in-time restore, cross-region replica

SLA

| Tier | Uptime SLA | | --- | --- | | Starter | 99.5% | | Growth | 99.9% | | Enterprise | 99.95% |

Questions not covered here? Email us — we'll answer and add it to this page.