Security

Last Updated: March 3rd, 2026

Overview

Third Loop is committed to protecting the confidentiality, integrity, and availability of customer data. Our security program is designed to safeguard information assets and maintain the trust of our customers.

Security Controls

• Access Control: Multi-factor authentication required for all systems. Role-based access controls with least privilege principles. Annual access reviews and immediate revocation upon termination.
• Data Protection: Encryption in transit (TLS 1.2+) and at rest (AES-256). Automated daily backups with encrypted storage. Secure data disposal procedures.
• Infrastructure Security: AWS cloud hosting with network segmentation, web application firewall, and intrusion detection. Automated security patching and vulnerability management.
• Monitoring & Logging: Centralized logging with real-time alerting on security events. 90-day minimum log retention. Audit trails for privileged access.
• Endpoint Security: Company-issued devices with full-disk encryption, endpoint detection and response software, and automatic security updates.

Operational Practices

• Security Training: All employees complete security awareness training during onboarding and annually thereafter.
• Incident Response: Documented incident response plan with defined escalation procedures. Affected customers notified in accordance with contractual obligations.
• Vendor Management: Third-party vendors undergo security assessments. Contracts include security and confidentiality requirements.
• Secure Development: Code review for all changes. Automated security testing in CI/CD pipelines. Annual penetration testing.

Compliance

Third Loop is currently pursuing their SOC 2 Type II audits and maintains compliance with applicable data protection regulations. This policy is reviewed and updated at least annually.

For more details, visit our Trust Center.

Contact

For security questions or to report concerns: security@thirdloop.com