Security

Security isn't a feature. It's the foundation.

8 layered security systems. 32 feature flags. 3 threat modes. Built for the most security-conscious teams in the world.

๐Ÿ—‘๏ธ

Zero Transcript Storage

Audio files are processed and permanently deleted within 7 days. We never store raw recordings. Your transcripts and actions live only in your workspace โ€” nowhere else.

๐Ÿ”‘

HMAC Authentication

Every API request is signed with SHA-256 HMAC with timestamp-based replay protection. Unsigned or expired requests are rejected automatically.

๐Ÿ”Ž

Threat Fingerprinting

Loopion recognises bad actors even when they switch IPs or devices. Each request is scored 0โ€“100 on risk. High-risk actors are automatically throttled or blocked.

๐Ÿซฅ

Stealth Containment

When a threat is detected, it's contained silently. Attackers receive normal-looking responses while their actions are logged and neutralised. They never know they've been caught.

โฑ๏ธ

Rate Limiting

Adaptive rate limits with soft and hard thresholds protect against abuse. Legitimate users are never affected. Burst detection handles sudden spikes intelligently.

๐Ÿ”Œ

Circuit Breaker

Three threat modes โ€” Normal, Elevated, Lockdown โ€” automatically engage based on threat levels. If something goes wrong, the system locks down before damage spreads.

๐Ÿงช

Attack Simulation

8 simulation types let you test your own workspace defences. Replay attacks, brute force, privilege escalation, injection โ€” verify your posture before an attacker does.

๐Ÿ”„

Self-Healing Recovery

Three-tier recovery automatically diagnoses and fixes processing failures. No manual intervention needed. Your pipeline recovers before you even notice.

Data protection

Your data, protected at every level

Encryption

  • โ€ข AES-256-GCM encryption for sensitive data at rest
  • โ€ข TLS 1.3 for all data in transit
  • โ€ข Encrypted OAuth token storage
  • โ€ข No plaintext secrets in logs or errors

Access Control

  • โ€ข Role-based access (admin, member, viewer)
  • โ€ข 5-hour forced session expiry
  • โ€ข CSRF protection on all mutations
  • โ€ข Session binding with hardware fingerprint

Infrastructure

  • โ€ข EU data residency (Supabase eu-north-1, eu-west-1)
  • โ€ข Edge network via Vercel
  • โ€ข Azure Container Apps for compute
  • โ€ข Automated backups with point-in-time recovery

Monitoring

  • โ€ข Real-time security event logging
  • โ€ข Health score per meeting pipeline
  • โ€ข Automated alerting on anomalies
  • โ€ข Full audit trail for all operations
Compliance

Compliance & certifications

GDPR

Full compliance with EU General Data Protection Regulation. Data stored in EU. DPA available.

UK DPA 2018

Compliant with UK Data Protection Act 2018. ICO registered.

SOC 2 Ready

Architecture designed for SOC 2 Type II certification. Audit trails, access controls, and monitoring in place.

ISO 27001 Aligned

Security controls aligned with ISO 27001 information security management standards.

Security resources

Privacy Policy โ†’GDPR Compliance โ†’Subprocessors โ†’Data Processing Agreement โ†’Recording Consent โ†’AI Usage Policy โ†’

Need to talk security?

Our team is ready to answer your security questions and provide documentation.

Contact Security Team โ†’Request DPA