Loop takes the security and privacy of your data very seriously, with robust policies, controls, and systems in place to keep your information safe and secure.
Loop has multiple integration options for organizations, including on-premise and Loop’s cloud platform (using Amazon Web Services). The below security and privacy whitepaper describes an integration with Loop’s cloud platform.
All Loop employees are required to understand and follow strict internal policies and standards. All employees are trained on security topics including but not limited to device security, preventing spyware/malware, physical security, data privacy, account management, and incident reporting.
The Loop development team follows security best practices. All code is version controlled and goes through peer review and continuous integration tests to screen for potential security issues. Changes to the production environment are logged and the development team is notified of each release.
Loop users connect to third party applications (e.g. Google, Office365, Slack, Asana, Trello, Dropbox) using OAuth 2.0, an industry standard for authorizing secure access to external apps. Loop does not receive or store user passwords at any time. Users may revoke Loop access at any time and also are able to request their data be deleted.
All data in transit between users, Loop, and third party services is encrypted using 256-bit SSL/TLS. These protocols are revised as new threats and vulnerabilities are identified.
Loop divides its systems into separate networks using logically isolated Virtual Containers in Amazon Web Services data centers. Systems supporting testing and development activities are hosted in a separate network from systems supporting Loop’s production services. Customer data only exists and is only permitted to exist in Loop’s production network. Network access to Loop’s production environment is restricted. Only network protocols essential for delivery of Loop’s service to its users are open at Loop’s perimeter. All network access between production hosts is restricted using firewalls to only allow authorized services to interact in the production network.
Loop’s infrastructure is built on top of Amazon Web Services, and is housed in data centers operated by Amazon. Amazon has strict policies for physical security, including 24-hour video surveillance and strict access restrictions which are described in detail here: https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Whitepaper.pdf
All employee devices must meet our security standards. These standards require all computers to have strong passwords, encrypt data on disk, run anti-virus software, and lock automatically when idle. No data is stored on employee computers or servers in the office.