SECURITY
Security built in from the start.
LoomStack is designed for enterprise engineering organizations with strict security requirements. Here's how we handle your data and protect your systems.
Data handling
- LoomStack accesses your engineering toolchain via APIs you configure
- We never access your codebase directly
- Agent access is controlled by the integrations you provide
- Data is encrypted at rest (AES-256) and in transit (TLS 1.3)
Access controls
- Role-based access control for all platform functions
- SSO integration (SAML 2.0, OIDC)
- API keys scoped to specific integrations
- Audit log of all access and policy changes
Compliance posture
- SOC 2 Type II — audit planned (design partner phase)
- HIPAA-ready architecture (planned with design partners)
- GDPR-aligned design (documentation on request)
- Penetration testing planned before GA
Infrastructure
- Deployed on AWS (us-east-1, eu-west-1)
- Self-hosted option on roadmap for enterprise design partners
- Uptime targets published at GA (design partner SLAs negotiated individually)
- Incident response playbook available on request
Need the full security documentation?
We provide detailed security documentation, a shared responsibility model, and architecture review for design partners and enterprise customers.
Request Access