LoomStack
SECURITY

Security built in from the start.

LoomStack is designed for enterprise engineering organizations with strict security requirements. Here's how we handle your data and protect your systems.

Data handling

  • LoomStack accesses your engineering toolchain via APIs you configure
  • We never access your codebase directly
  • Agent access is controlled by the integrations you provide
  • Data is encrypted at rest (AES-256) and in transit (TLS 1.3)

Access controls

  • Role-based access control for all platform functions
  • SSO integration (SAML 2.0, OIDC)
  • API keys scoped to specific integrations
  • Audit log of all access and policy changes

Compliance posture

  • SOC 2 Type II — audit planned (design partner phase)
  • HIPAA-ready architecture (planned with design partners)
  • GDPR-aligned design (documentation on request)
  • Penetration testing planned before GA

Infrastructure

  • Deployed on AWS (us-east-1, eu-west-1)
  • Self-hosted option on roadmap for enterprise design partners
  • Uptime targets published at GA (design partner SLAs negotiated individually)
  • Incident response playbook available on request

Need the full security documentation?

We provide detailed security documentation, a shared responsibility model, and architecture review for design partners and enterprise customers.

Request Access