SOC 2 Type II
Genloop has completed a SOC 2 Type II audit, conducted by an independent third-party auditor. The audit covers the Trust Services Criteria for security, availability, and confidentiality — meaning Genloop’s controls were tested over a period of time, not just at a single point. The SOC 2 Type II report covers:- Logical and physical access controls
- Change management procedures
- Risk assessment and monitoring
- Incident response processes
- Data encryption in transit and at rest
How to request the SOC 2 report
How to request the SOC 2 report
The SOC 2 Type II report is available to customers and prospects under NDA. To request a copy, contact the Genloop team at security@genloop.ai or reach out through your account manager.
ISO 27001
Genloop is certified to ISO 27001, the international standard for information security management systems (ISMS). Certification means Genloop has implemented a comprehensive, risk-based framework for protecting information assets — covering policies, processes, personnel, and technology controls. ISO 27001 certification is reviewed annually by an accredited certification body.How to request the ISO 27001 certificate
How to request the ISO 27001 certificate
Contact security@genloop.ai to request a copy of the ISO 27001 certificate.
No data copies policy
Genloop reads directly from your source tables at query time. It does not copy, replicate, or cache your enterprise data in its own storage layer. When you connect a database or data warehouse, Genloop:- Reads the schema to build a context graph
- Issues queries against your source tables at runtime
- Returns results to the user — nothing is stored
Genloop does store conversation history and the context graph (schema metadata, business definitions, and learned context). See Data retention below for details on what you can delete.
Encryption
- Data in transit
- Data at rest
All data transmitted between your browser, the Genloop application, and your data sources is encrypted using TLS 1.2 or higher. This applies to API calls, Slack integration traffic, and the connection between Genloop and your database.
Audit logs
Genloop logs the following events for all workspace activity:
Audit logs are available to Admins in Settings > Audit log. Logs are retained for 90 days by default. Enterprise customers can request extended retention.
Every context update Genloop learns goes through human-in-the-loop validation — your data team reviews and approves each change before it takes effect. These review actions are captured in the audit log.
Data retention
Genloop retains two categories of workspace data: Conversation history — the record of questions asked and answers returned within your workspace. This helps Genloop improve responses over time and lets your team review past analyses. Context graph — schema metadata, business definitions, column descriptions, and learned context about your data. This is the core knowledge layer that makes Genloop’s answers accurate. You can delete either of these at any time:1
Open Settings
Navigate to Settings > Data & privacy.
2
Choose what to delete
Select Conversation history to delete all past conversations, or Context graph to reset Genloop’s learned knowledge about your data.
3
Confirm deletion
Confirm the deletion. This action is permanent and cannot be undone.
Requesting compliance documentation
To request any compliance documentation — SOC 2 report, ISO 27001 certificate, data processing agreement (DPA), or security questionnaire responses — contact the Genloop security team:- Email: security@genloop.ai
- For enterprise procurement: contact your dedicated Solutions Architect or reach out at https://cal.com/ayush-genloop
