> ## Documentation Index
> Fetch the complete documentation index at: https://docs.genloop.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance and Data Security at Genloop

> Genloop is SOC 2 Type II and ISO 27001 certified. Your data never leaves your infrastructure — Genloop reads directly from your sources.

This page covers Genloop's security certifications, data handling practices, encryption standards, and audit capabilities. If you're evaluating Genloop for a regulated industry or enterprise deployment, use this page alongside your security questionnaire or vendor review process.

## SOC 2 Type II

Genloop has completed a SOC 2 Type II audit, conducted by an independent third-party auditor. The audit covers the Trust Services Criteria for security, availability, and confidentiality — meaning Genloop's controls were tested over a period of time, not just at a single point.

The SOC 2 Type II report covers:

* Logical and physical access controls
* Change management procedures
* Risk assessment and monitoring
* Incident response processes
* Data encryption in transit and at rest

<Accordion title="How to request the SOC 2 report">
  The SOC 2 Type II report is available to customers and prospects under NDA. To request a copy, contact the Genloop team at [security@genloop.ai](mailto:security@genloop.ai) or reach out through your account manager.
</Accordion>

## ISO 27001

Genloop is certified to ISO 27001, the international standard for information security management systems (ISMS). Certification means Genloop has implemented a comprehensive, risk-based framework for protecting information assets — covering policies, processes, personnel, and technology controls.

ISO 27001 certification is reviewed annually by an accredited certification body.

<Accordion title="How to request the ISO 27001 certificate">
  Contact [security@genloop.ai](mailto:security@genloop.ai) to request a copy of the ISO 27001 certificate.
</Accordion>

## No data copies policy

Genloop reads directly from your source tables at query time. It does not copy, replicate, or cache your enterprise data in its own storage layer.

When you connect a database or data warehouse, Genloop:

1. Reads the schema to build a context graph
2. Issues queries against your source tables at runtime
3. Returns results to the user — nothing is stored

Your data stays in your infrastructure. Genloop never moves it to a Genloop-controlled data store.

<Note>Genloop does store conversation history and the context graph (schema metadata, business definitions, and learned context). See [Data retention](#data-retention) below for details on what you can delete.</Note>

## Encryption

<Tabs>
  <Tab title="Data in transit">
    All data transmitted between your browser, the Genloop application, and your data sources is encrypted using TLS 1.2 or higher. This applies to API calls, Slack integration traffic, and the connection between Genloop and your database.
  </Tab>

  <Tab title="Data at rest">
    Genloop does not store your source data, so there is no Genloop-side encryption requirement for your enterprise data. Data stored by Genloop — conversation history, context graph metadata, and workspace configuration — is encrypted at rest using AES-256.
  </Tab>
</Tabs>

## Audit logs

Genloop logs the following events for all workspace activity:

| Event category      | What is logged                                                                   |
| ------------------- | -------------------------------------------------------------------------------- |
| Queries             | Query text, user, timestamp, data sources accessed, and result status            |
| User actions        | Login events, role changes, member additions and removals                        |
| Context updates     | Every change to the context graph, including who proposed it and who approved it |
| Data source changes | Connection added, removed, or modified; schema refreshes                         |
| Liveboard actions   | Created, edited, shared, or deleted                                              |

Audit logs are available to Admins in **Settings > Audit log**. Logs are retained for 90 days by default. Enterprise customers can request extended retention.

<Info>Every context update Genloop learns goes through human-in-the-loop validation — your data team reviews and approves each change before it takes effect. These review actions are captured in the audit log.</Info>

## Data retention

Genloop retains two categories of workspace data:

**Conversation history** — the record of questions asked and answers returned within your workspace. This helps Genloop improve responses over time and lets your team review past analyses.

**Context graph** — schema metadata, business definitions, column descriptions, and learned context about your data. This is the core knowledge layer that makes Genloop's answers accurate.

You can delete either of these at any time:

<Steps>
  <Step title="Open Settings">
    Navigate to **Settings > Data & privacy**.
  </Step>

  <Step title="Choose what to delete">
    Select **Conversation history** to delete all past conversations, or **Context graph** to reset Genloop's learned knowledge about your data.
  </Step>

  <Step title="Confirm deletion">
    Confirm the deletion. This action is permanent and cannot be undone.
  </Step>
</Steps>

<Warning>Deleting the context graph resets all learned business definitions and schema context. Genloop will re-learn context as your team uses it, but you may see reduced answer quality immediately after a reset.</Warning>

## Requesting compliance documentation

To request any compliance documentation — SOC 2 report, ISO 27001 certificate, data processing agreement (DPA), or security questionnaire responses — contact the Genloop security team:

* Email: [security@genloop.ai](mailto:security@genloop.ai)
* For enterprise procurement: contact your dedicated Solutions Architect or reach out at [https://cal.com/ayush-genloop](https://cal.com/ayush-genloop)
