Security and Compliance

Customer trust and data security are critical to everything we do at Loops. Giving you piece of mind that your ideas and designs are safe.

Compliant with global data protection and security frameworks

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

ISO 27001:2022

ISO 27001:2022

ISO27001:2022 report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.

SOC 2 Type II

SOC 2 Type II

Loops SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, in the US, and is audited annually.

Loops is compliant with globally recognized data protection

Encryption in transit and at rest using AES-256

All data is encrypted in transit using TLS 1.2+ with perfect forward secrecy. Servers holding user data will use full disk, industry-standard AES 256 encryption.

Back ups and monitoring

On an application level, we produce audit logs for all activity, ship logs to New Relic for analysis and use S3 for archival purposes. All actions taken on production in the Loops platform are logged.

Data at rest

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.

Incident response

Loops implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Uptime

We have uptime of 99.9% or higher. You can check our past month stats at status.useloops.com.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.

Additional compliance features

Confidentiality

All employee contracts include a confidentiality agreement.

PCI obligations

All payments made to Intercom go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

Policies

Loops has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Training

All employees complete Security and Awareness training annually.

Contact us

Security questions

If you have any questions or concerns about our security, please reach out to us. We're here to help with any issues or inquiries you may have.

Report an issue anonymously

Discovered a security vulnerability? Report it anonymously through our whistleblower channel.