The more capable an agent runtime becomes, the more access it needs — to your data, your tools, your systems. That makes security less of a feature and more of a precondition. We're pursuing SOC 2 Type II, and rather than bolt the controls on later, we've been building toward them from the start.
The foundations#
- Encryption everywhere — data encrypted in transit and at rest, including the OAuth tokens connectors rely on.
- Tenant isolation — one customer's workflows, runs, and credentials are never reachable by another.
- Least privilege — connectors request only the scopes a workflow needs, and sensitive actions sit behind approval gates.
- Auditability — every step of every run is recorded, so there's a complete account of what an agent did.
We don't train on your data#
Your inputs, outputs, and traces are yours. We don't use them to train models, full stop. The data exists to run your workflows and to give you observability over them — nothing else.
SOC 2 is a milestone, not the goal. The goal is that a security team can look at how LoopLlama handles their data and tools and reach the same conclusion we did: that trust has to be designed in, not promised after the fact.
Written by The LoopLlama team.