Loopio Data Privacy & Security
A Secure, Reliable Platform Experience
We’re Committed to Protecting Your Data
Maintaining the confidentiality, integrity, and availability of your data is critical to our team. As part of our ongoing commitment to putting our customers first, Loopio has built a robust and transparent data protection program.
 Software That’s
Secure by Design 
 -   Certified by Industry StandardsEvery year, Loopio undergoes SOC 2 Type II audit by a third-party firm to ensure customers are protected across various levels. 
-   Data Encryption ProtectionWhether your data is in transit or at rest, all Loopio customer data is encrypted through industry leading-standards: TLS v1.2 in transit and AES256 at rest. 
-   Secure and Reliable InfrastructureCustomer data is hosted through Amazon Web Services (SOC 1, SOC 2, and SOC 3 certified). Our web servers and databases are load-balanced across multiple availability zones. 
 Enterprise Security
Standards 
 -   Single Sign-on SupportLoopio offers single sign-on (SSO) through Security Assertion Markup Language (SAML) 2.0 and Google authentication. Our platform integrates with standard systems including Okta, OneLogin, as well as Microsoft Azure and ADFS. 
-   Annual Penetration TestingWe conduct third-party penetration testing on an annual basis, which includes critical security risks listed by the Open Web Application Security Project® (OWASP). This simulates a real-world cyberattack to ensure our systems and your data remain secure. 
-   GDPR and CCPA CompliantLoopio handles personal information with compliance in mind. Our platform is General Data Protection Regulation (GDPR) compliant and meets the California Consumer Privacy Act (CCPA) standards. 
Restricted Access & Authorization
-   Data Segregation & SecurityCustomer data is logically separated through strict coding standards, code reviews, and database design. These records also have a unique customer identifier that ensures maximum data security. 
-   Access Management & ControlsLoopio applies access controls in accordance with the ‘principle of least privilege’. Meaning that access to customer data is only granted to authorized employees who require it to perform their roles and all system access is logged. 
-   Thorough System MangementLoopio has extensive change management controls in place. All system changes directly impacting our customers follow rigorous planning and transparent communication. 
Proactive Security Protocols
-   Employee Privacy & Security TrainingSecurity is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data. 
-   Rigorous Policies & ProceduresLoopio’s information security management system is based on industry best practices (ISO 27001). Through this framework, customers can trust that working with Loopio is a reliable, consistent, and secure experience. 
-   Stringent Vendor EvaluationsLoopio conducts thorough evaluations and security reviews of its vendors. We ensure that all vendors processing confidential customer data adhere to industry-leading control standards. Learn more about our policies on Loopio’s privacy page.