Loops logo

Security and compliance

Customer trust and data security are critical to everything we do at Loops.
To give you piece of mind that your ideas and designs are safe.

lock sticker

Loops is compliant with globally recognized data protection

Encryption in transit and at rest using AES-256

All data is encrypted in transit using TLS 1.2+ with perfect forward secrecy. Servers holding user data will use full disk, industry-standard AES 256 encryption.

Data at rest

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.

Incident response

Loops implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Back ups and monitoring

On an application level, we produce audit logs for all activity, ship logs to New Relic for analysis and use S3 for archival purposes. All actions taken on production in the Loops platform are logged.


We have uptime of 99.9% or higher. You can check our past month stats at status.useloops.com

red heart sticker

Compliant with global data protection and security frameworks

SOC 2 Type II

SOC 2 Type II

Loops SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, in the US, and is audited annually.

ISO 27001:2022

ISO 27001:2022

ISO27001:2022 report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

happy sticker

Additional compliance features


All employees complete Security and Awareness training annually.


Loops has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.


All employee contracts include a confidentiality agreement.

PCI Obligations

All payments made to Intercom go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

red heart sticker

Report a security issue

Have any issues or questions about our security? Feel free to get in touch regarding your issue or questions you may have.

Email support

Report an issue anonymously

Found a security vulnerability? Report this issue anonymously via our whistleblower channel.

Report anonymously

thumbs up sticker

Create with