LOOOM
Back

Compliance Statement

Introduction:
Looom AI is committed to maintaining the highest standards of data protection, security, and regulatory compliance. Our platform is designed to serve audit firms, corporates, and other organizations handling sensitive data while adhering strictly to GDPR, POPIA, and SOC 2 principles.

  1. SOC 2 Compliance
  • Looom AI  follows the Trust Service Criteria defined under SOC 2.
  • Key controls implemented include:
    • Security: Multi-layer access controls, secure authentication, encryption of data at rest and in transit, and continuous monitoring for unauthorized access.
    • Availability: Redundant hosting infrastructure, backup procedures, and incident response protocols to ensure uninterrupted service.
    • Processing Integrity: AI and analytics outputs are validated through systematic checks and human review to ensure reliability.
    • Confidentiality: All sensitive client and operational data is protected through encryption, access restrictions, and audit logging.
    • Privacy: Collection, storage, and processing of personal data follow GDPR and POPIA principles, ensuring transparency, consent, and user control.
  • Our compliance framework is reviewed regularly, and audit evidence is maintained to support SOC 2 Type 2 readiness.
  1. POPIA & GDPR Compliance
  • Data Collection: We collect only necessary personal or client-specific information required to operate and deliver AI-driven risk insights.
  • Purpose Limitation: Data is used solely for platform functionality, AI processing, and client reporting.
  • Consent & Rights: Users and clients can manage consent, request data access, correction, or deletion, and exercise other rights defined under POPIA and GDPR.
  • Cross-Border Data Transfers: When using cloud services (e.g., Azure OpenAI), we ensure data residency controls and comply with international data transfer requirements.
  1. Cloud Security & Data Protection
  • Looom AI is hosted on hostking’s infrastructure with:
    • Regional data residency options to comply with client jurisdiction.
    • Advanced firewalls, intrusion detection, and encryption protocols.
    • Secure API communication between client systems, platform modules, and AI services.
  1. AI Governance
  • AI models used on Looom AI adhere to privacy-by-design principles:
    • No client-sensitive data is stored or reused for training when processed via OpenAI or Azure OpenAI APIs.
    • Human-in-the-loop verification ensures all AI outputs are reviewed before action or client communication.
    • Audit logs are maintained for every AI query, output, and data processing event.
  1. Certifications & Statements
  • SOC 2 readiness: All security, availability, confidentiality, processing integrity, and privacy controls are designed for audit evidence.
  • POPIA & GDPR adherence: Data handling policies, user rights management, and consent tracking are implemented throughout the platform.
  • Encryption & Access Control: AES-256 encryption at rest, TLS 1.2+ in transit, role-based access, and multi-factor authentication.
  • Continuous Compliance Monitoring: All controls are reviewed and updated periodically to reflect evolving regulations and best practices.

Conclusion:
Looom AI is engineered to provide secure, compliant, and auditable risk and audit solutions. Clients can trust that sensitive information is handled responsibly, protected against unauthorized access, and processed in accordance with global compliance standards.