Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.genloop.ai/llms.txt

Use this file to discover all available pages before exploring further.

This page covers Genloop’s security certifications, data handling practices, encryption standards, and audit capabilities. If you’re evaluating Genloop for a regulated industry or enterprise deployment, use this page alongside your security questionnaire or vendor review process.

SOC 2 Type II

Genloop has completed a SOC 2 Type II audit, conducted by an independent third-party auditor. The audit covers the Trust Services Criteria for security, availability, and confidentiality — meaning Genloop’s controls were tested over a period of time, not just at a single point. The SOC 2 Type II report covers:
  • Logical and physical access controls
  • Change management procedures
  • Risk assessment and monitoring
  • Incident response processes
  • Data encryption in transit and at rest
The SOC 2 Type II report is available to customers and prospects under NDA. To request a copy, contact the Genloop team at security@genloop.ai or reach out through your account manager.

ISO 27001

Genloop is certified to ISO 27001, the international standard for information security management systems (ISMS). Certification means Genloop has implemented a comprehensive, risk-based framework for protecting information assets — covering policies, processes, personnel, and technology controls. ISO 27001 certification is reviewed annually by an accredited certification body.
Contact security@genloop.ai to request a copy of the ISO 27001 certificate.

No data copies policy

Genloop reads directly from your source tables at query time. It does not copy, replicate, or cache your enterprise data in its own storage layer. When you connect a database or data warehouse, Genloop:
  1. Reads the schema to build a context graph
  2. Issues queries against your source tables at runtime
  3. Returns results to the user — nothing is stored
Your data stays in your infrastructure. Genloop never moves it to a Genloop-controlled data store.
Genloop does store conversation history and the context graph (schema metadata, business definitions, and learned context). See Data retention below for details on what you can delete.

Encryption

All data transmitted between your browser, the Genloop application, and your data sources is encrypted using TLS 1.2 or higher. This applies to API calls, Slack integration traffic, and the connection between Genloop and your database.

Audit logs

Genloop logs the following events for all workspace activity:
Event categoryWhat is logged
QueriesQuery text, user, timestamp, data sources accessed, and result status
User actionsLogin events, role changes, member additions and removals
Context updatesEvery change to the context graph, including who proposed it and who approved it
Data source changesConnection added, removed, or modified; schema refreshes
Liveboard actionsCreated, edited, shared, or deleted
Audit logs are available to Admins in Settings > Audit log. Logs are retained for 90 days by default. Enterprise customers can request extended retention.
Every context update Genloop learns goes through human-in-the-loop validation — your data team reviews and approves each change before it takes effect. These review actions are captured in the audit log.

Data retention

Genloop retains two categories of workspace data: Conversation history — the record of questions asked and answers returned within your workspace. This helps Genloop improve responses over time and lets your team review past analyses. Context graph — schema metadata, business definitions, column descriptions, and learned context about your data. This is the core knowledge layer that makes Genloop’s answers accurate. You can delete either of these at any time:
1

Open Settings

Navigate to Settings > Data & privacy.
2

Choose what to delete

Select Conversation history to delete all past conversations, or Context graph to reset Genloop’s learned knowledge about your data.
3

Confirm deletion

Confirm the deletion. This action is permanent and cannot be undone.
Deleting the context graph resets all learned business definitions and schema context. Genloop will re-learn context as your team uses it, but you may see reduced answer quality immediately after a reset.

Requesting compliance documentation

To request any compliance documentation — SOC 2 report, ISO 27001 certificate, data processing agreement (DPA), or security questionnaire responses — contact the Genloop security team: