LoopLlama
Get API access
Security

Security is the foundation, not a feature.

LoopLlama runs your agents against real systems and real data. We design for isolation, encryption, and auditability from the first line of code.

How we protect your data

Encryption everywhere

Data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Connector OAuth tokens and other secrets are encrypted with envelope encryption and isolated from workflow data.

Tenant isolation

Every workflow, run, key, and connector is scoped to your organization and enforced at the data layer. One tenant can never read or trigger another tenant's resources.

Least-privilege access

Role-based access controls govern the dashboard and API. Internal access to production is gated, logged, and granted only on a need-to-know basis.

We never train on your data

Workflow inputs and outputs belong to you. We do not use customer data to train models, and we don't share it with third parties beyond the model providers needed to run your workflows.

Auditability

Per-step traces and audit logs record what ran, when, and on whose behalf — so you can answer security and compliance questions with evidence.

Secure development

Code review, dependency scanning, and secrets detection run in CI. Production changes are deployed through automated, reviewed pipelines.

Compliance & data handling

SOC 2 Type II

Our SOC 2 Type II program is in progress. Reach out for our current report and security questionnaire.

Data processing

We offer a DPA covering GDPR and CCPA obligations. PII redaction and custom retention windows are available on Enterprise.

Deployment options

Enterprise customers can run LoopLlama single-tenant, in a dedicated VPC, or fully self-hosted to meet residency and isolation requirements.

Responsible disclosure

We welcome reports from security researchers. If you believe you've found a vulnerability, email security@loopllama.ai with steps to reproduce. We'll acknowledge your report within one business day and keep you updated as we investigate. Please give us a reasonable window to remediate before any public disclosure, and avoid accessing or modifying data that isn't yours while testing.

Need our security documentation?

We're happy to share our latest report, complete a security questionnaire, or walk your team through our architecture.

Contact us