Home/Reports/Deep Dives/lumahealth
← Back to Deep Dives
lumahealthB2BSaaSAPIAIHealthcare·May 19, 2026·9 min read

Luma Health combines React 18, Webpack Module Federation, Marketo, HubSpot, and Demandbase for an enterprise healthcare sales motion—no PLG. Full tech stack analysis of GTM, product, and growth maturity.

Luma Health’s website is built on WordPress and HubSpot CMS, but their actual patient-engagement platform runs on React 18 with Webpack Module Federation—an architecture choice more common among developer-first tools than enterprise healthcare SaaS. Combine that with a simultaneous Marketo and HubSpot marketing stack, and you get a company walking a fine line between enterprise sales and modern engineering.

This isn’t accidental. Every technology choice reveals a deliberate bet: win healthcare buyers through high-touch ABM, deliver a decoupled product experience, and avoid the self-serve motions that define PLG competitors. Here’s what the stack says about their strategy, their gaps, and the implications for anyone building in patient engagement.

The Stack at a Glance

Luma Health’s technology footprint splits cleanly into two domains: a marketing-heavy public surface and a separate product core. On the public side, Cloudflare provides CDN and DNS, with DigiCert TLS certificates securing traffic. The CMS is a hybrid: WordPress hosts the main site while HubSpot CMS powers landing pages and forms, creating a dual-publishing engine that feeds into both Marketo and HubSpot marketing automation. Demandbase and Clearbit sit on top for account identification and enrichment, signaling an ABM-first demand strategy.

The product side reveals a modern front-end deployed across distinct subdomains. Authentication happens at `next.lumahealth.io`, built with React and Material-UI, protected by reCAPTCHA. Once authenticated, users move to `ui-next.lumaplatform.com`, a separate micro-frontend served via Webpack Module Federation—a pattern that lets teams deploy UI components independently. Error and performance monitoring runs through Sentry, and the API lives at `api.lumahealth.io`. This separation of concerns means the product team can iterate on the SPA without touching the marketing site, and vice versa.

What’s missing is as telling as what’s present. There’s no developer portal, no API documentation subdomain, no self-serve sign-up. A sitemap crawl capped at 200 URLs found zero references to integration guides or technical specs. In a market where competitors like Klara or OhMD often expose API docs and partner integration resources, that absence is a strategic signal: Luma Health closes deals through enterprise sales, not bottoms-up adoption.

The Enterprise Sales Engine: How Luma Health Acquires Customers

Every conversion path on Luma Health’s site funnels to a demo request. Pages like `/book-a-demo`, `/contact-us`, and even a translated `/demo-teste` for Portuguese-speaking prospects are the only gates. No pricing page, no free trial, no freemium tier. The marketing stack confirms the high-touch motion: Marketo manages complex lead scoring and nurture sequences, while HubSpot handles lighter-touch workflows and CRM sync. Running both simultaneously is unusual for a company of their size, but it makes sense when each platform serves a different go-to-market tier—Marketo for enterprise ABM campaigns, HubSpot for mid-market and inbound conversion.

Demand capture is amplified by an extensive ad tech footprint. Pixels from Bing, LinkedIn, Twitter, Reddit, and programmatic platforms show paid acquisition breadth that spans both professional networks and broad retargeting. Deep analytics come from Google Analytics, Google Tag Manager, Hotjar, and FullStory, which together provide session replay, heatmaps, and funnel tracking. Yet there’s no detectable A/B testing tool—no Optimizely, VWO, or Google Optimize. They’re capturing intent data at scale but aren’t systematically optimizing conversion paths with experimentation.

The content engine reinforces the enterprise play. A 200-page sitemap shows almost entirely buyer-education articles: pieces like “boardroom-buy-in” and vendor evaluation guides squarely aimed at healthcare executives. There’s a `/patient-success-platform` section, but it lacks technical integration guides, ROI calculators, or utility content that would attract operators or developers. Instead, the content system is a demo-request flywheel—education that primes a lead for a conversation, not self-service onboarding.

Lifecycle tooling does appear in the form of Chameleon, a product adoption platform, integrated alongside HubSpot. This suggests they’re layering in-app guidance onto the product post-sale to drive feature adoption and reduce churn—a smart move given the enterprise contract values at stake. However, partner/referral loops are invisible. No partner marketplace, no affiliate tracking, no observable channel program. The growth model is singular: spend on ads, route leads through ABM scoring, close via sales, and onboard with Chameleon nudges.

Product Architecture: A Hidden React Front-End with Enterprise Gaps

The product’s architecture is decoupled and component-driven. Webpack Module Federation enables multiple teams to own different UI slices without stepping on each other’s deployments—a powerful pattern when the product spans patient scheduling, messaging, and analytics. The use of React 18 and Material-UI on the auth gateway (`next.lumahealth.io`) suggests a contemporary SPA with a design system, likely shared with `ui-next.lumaplatform.com`. Sentry monitors both client and server errors, and the API at `api.lumahealth.io` presumably backs both the customer-facing UI and any internal tooling.

Yet this modern front-end sits behind an enterprise curtain with no window for developers. There are no public API docs, no sandbox environment, no status dashboard beyond a Statuspage subdomain for incident communication. For healthcare buyers who need to evaluate integration capabilities—EHR connectivity, HL7/FHIR support, custom workflows—this opacity forces every technical question into a sales call. That’s a deliberate moat: it prevents competitors from reverse-engineering the product and forces prospects to engage with the sales team early.

Enterprise readiness signals are mixed. The site includes a `/business-associate-agreement` page, meeting a fundamental HIPAA requirement. DNS security is robust: DMARC set to quarantine, DNSSEC enabled, and DKIM configured for email authentication. The SPF record has a soft fail caveat, meaning some spoofed emails might still reach secondary inboxes—a minor weakness in an otherwise solid email security posture. A dedicated trust center with visible certifications like SOC 2 or HITRUST is not captured in the 200-page sitemap, which could slow procurement cycles for larger health systems that expect published compliance artifacts before engaging.

Sentry monitoring and the Statuspage incident communication site are both positive signals for operational maturity. They suggest the engineering team practices observability-driven development and has a defined process for customer communication during outages—critical for a product handling patient communications. However, the lack of a public changelog, developer newsletter, or API version history leaves the product’s evolution opaque to prospects evaluating long-term viability.

Growth Maturity: Paid Scale Without Optimization Rigor

Luma Health’s growth stack reveals a company that can pour on the paid acquisition spigot but hasn’t instrumented the funnel for systematic conversion rate optimization. Deep behavioral analytics come from FullStory and Hotjar, with Google Analytics and Tag Manager tracking every event—yet no A/B testing tool is wired up. This means the team can watch where users drop off but can’t run structured experiments to fix those leaks. For a company spending across Bing, LinkedIn, Twitter, Reddit, and programmatic channels, that lack of experimentation represents a significant efficiency gap.

The conversion architecture itself is rigid: demo request or nothing. No chatbot-led qualification, no progressive profiling, no content-gated ROI calculators. While Demandbase and Clearbit enrich anonymous traffic into firmographic accounts for sales follow-up, the on-site experience doesn’t adapt to known visitors. A returning visitor from a 500-bed hospital sees the same generic demo CTA as a first-time small practice viewer. HubSpot and Marketo have the capability for dynamic content, but it’s not evident in the public surface.

Lifecycle tooling is present but thin. HubSpot likely handles email nurture sequences, and Chameleon triggers in-app messages post-login. However, there’s no visible community, user group, or advocacy program. Competitors investing in PLG often build out self-service knowledge bases, developer communities, and certification programs that create network effects. Luma Health’s model bets that in healthcare, the enterprise buyer doesn’t want a community—they want a secure, compliant product and a dedicated account team. That bet may hold as long as the average sales price justifies the high-touch cost, but it limits organic virality and makes the company dependent on ad spend to drive pipeline.

The absence of a self-serve tier also means the product team gets less organic usage data. In PLG companies, free tiers generate massive anonymized data that sharpens the roadmap. Luma likely relies on guided pilots and sales-led implementations, which produce rich qualitative feedback but slower quantitative learning loops.

What Luma Health’s Stack Means for Competitors

The technology choices paint a picture of a company optimized for selling into large healthcare systems with long procurement cycles and complex integration requirements. The sales-led motion, backed by Marketo and Demandbase, can absorb high customer acquisition costs because the contract values justify it. The React 18 front-end with Webpack Module Federation suggests a capable engineering organization that can deliver a modern UI—but the absence of developer-facing resources means they’re not getting “pulled” into deals by technical champions the way API-first competitors can.

For founders building in patient engagement, Luma Health’s stack offers several lessons. First, running both HubSpot and Marketo simultaneously creates segmentation flexibility but duplicates cost and complexity; smaller teams should pick one and master it. Second, Webpack Module Federation is a strong architectural choice for multi-team product development but requires front-end discipline that’s hard to backport into monolithic apps. Third, skipping A/B testing while spending heavily on paid acquisition leaves money on the table—adding a tool like VWO or Optimizely could yield immediate conversion gains.

Competitively, Luma Health’s moat is their ABM data engine and vertical-specific content, not product-led growth loops. A well-funded PLG entrant with a strong integration ecosystem and developer docs could undercut them on time-to-value for smaller providers, while a legacy EHR vendor with embedded patient engagement might squeeze them from above. The company’s reliance on Cloudflare and Sentry signals operational competence, but the missing trust center and integration transparency could become liabilities in an industry where security reviews are non-negotiable.

Key Takeaways for Builders and Competitors

  • Dual marketing automation is a power move, not a redundancy. Running Marketo and HubSpot side by side lets Luma Health run complex ABM plays for enterprise accounts while maintaining nimble inbound tactics—at a cost few competitors will match.
  • Module Federation signals a product built for sustained feature velocity. If you’re competing on product breadth, expect their engineering team to ship UI components independently and quickly, even if they don’t expose those capabilities to external developers.
  • The lack of experimentation tooling is a weak point. A competitor who instruments rigorous A/B testing on their own demand gen can out-optimize Luma Health’s funnel spend over time, potentially stealing market share in paid channels.
  • No developer docs means technical evaluation is gated. For buyers who want to validate integrations before talking to sales, this is friction. Building a light developer portal with sandbox APIs could be a differentiator for a PLG alternative.
  • Security posture is solid but not showcase-ready. The BAA and DNS security are table stakes. A dedicated trust center with published certifications would accelerate enterprise deals and deny competitors an easy FUD angle during procurement battles.
Tech stack detected from public signals — using automated code analysis, DNS profiling, and browser-level inspection across https://www.lumahealth.io. No privileged access. No guessing.

Send lumahealth's Full Strategy Report

Get the complete 5-module analysis delivered to your inbox

GTM Stack

Demand generation & routing

Funnel Design

Conversion path & user journey

Product Architecture

Infrastructure & delivery

Growth Maturity

SEO, content & lifecycle

Enterprise Readiness

Trust, security & scale