Security and compliance

All data is encrypted in transit using TLS 1.2+ with perfect forward secrecy. Servers holding user data will use full disk, industry-standard AES 256 encryption.

All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.

Loops implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

On an application level, we produce audit logs for all activity, ship logs to New Relic for analysis and use S3 for archival purposes. All actions taken on production in the Loops platform are logged.

We have uptime of 99.9% or higher. You can check our past month stats at status.useloops.com

SOC 2 Type II

Loops SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, in the US, and is audited annually.

ISO 27001:2022

ISO27001:2022 report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.

General Data Protection Regulation (GDPR)

We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.

Report a security issue

Have any issues or questions about our security? Feel free to get in touch regarding your issue or questions you may have.

Report an issue anonymously

Found a security vulnerability? Report this issue anonymously via our whistleblower channel.