Security and compliance
Customer trust and data security are critical to everything we do at Loops.
To give you piece of mind that your ideas and designs are safe.
Loops is compliant with globally recognized data protection
Encryption in transit and at rest using AES-256
All data is encrypted in transit using TLS 1.2+ with perfect forward secrecy. Servers holding user data will use full disk, industry-standard AES 256 encryption.
Data at rest
All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Loops implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
Back ups and monitoring
On an application level, we produce audit logs for all activity, ship logs to New Relic for analysis and use S3 for archival purposes. All actions taken on production in the Loops platform are logged.
We have uptime of 99.9% or higher. You can check our past month stats at status.useloops.com
Compliant with global data protection and security frameworks
SOC 2 Type II
Loops SOC 2 Type II report covers the trust services categories of Security, Confidentiality, and Availability, in the US, and is audited annually.
ISO27001:2022 report covers the trust services categories of Security, Confidentiality, and Availability, and is audited annually.
General Data Protection Regulation (GDPR)
We comply with GDPR data retention requirements, and offer a data processing agreement (DPA) for customers in the EU.
Additional compliance features
All employees complete Security and Awareness training annually.
Loops has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
All employee contracts include a confidentiality agreement.
All payments made to Intercom go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.