Security and Compliance
Customer trust and data security are critical to everything we do at Loops. Giving you piece of mind that your ideas and designs are safe.
Compliant with global data protection and security frameworks
General Data Protection Regulation (GDPR)
We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.
ISO 27001:2022
ISO27001:2022 report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.
SOC 2 Type II
Loops SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, in the US, and is audited annually.
Loops is compliant with globally recognized data protection
Encryption in transit and at rest using AES-256
All data is encrypted in transit using TLS 1.2+ with perfect forward secrecy. Servers holding user data will use full disk, industry-standard AES 256 encryption.
Back ups and monitoring
On an application level, we produce audit logs for all activity, ship logs to New Relic for analysis and use S3 for archival purposes. All actions taken on production in the Loops platform are logged.
Data at rest
All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.
Incident response
Loops implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
Uptime
We have uptime of 99.9% or higher. You can check our past month stats at status.useloops.com.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Additional compliance features
Confidentiality
All employee contracts include a confidentiality agreement.
PCI obligations
All payments made to Intercom go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
Policies
Loops has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Training
All employees complete Security and Awareness training annually.