Data Security and Privacy

Clients have trusted Loom Analytics with their sensitive data across the legal, medical, and insurance industries for years. Security, privacy, and access controls are central to the design and foundation of all our products.

Data Storage and Data Residency

All data, including media files, documents, and transcripts, is stored on Amazon AWS servers. We offer clients the option to choose the region in which their data is processed and stored to comply with local regulations. You can select from one of four regions: the United States, the United Kingdom, Canada, or Australia, providing you the freedom to maintain control over the geographical location of your data while aligning with regional compliance requirements.

Amazon AWS Hosting

Loom Analytics' cloud infrastructure is hosted on Amazon AWS for our transcription and document automation services, as they are the world’s leading enterprise-level provider of a platform for cloud-hosted solutions.

More about Amazon AWS

Amazon AWS maintains uncompromising security standards and processes to ensure the highest level of data privacy and security. AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals.

AWS supports global regulations and ensures they are meeting all security and compliance requirements through regular audits and certifications from accreditation bodies and third-party auditors.

Uptime reliability

AWS is renowned for its dependable cloud infrastructure, designed to maintain continuous service availability. Availability Zones within each region are isolated from one another to prevent failures from spreading across zones. This design supports fault tolerance and enables seamless failover in case of disruptions. AWS also incorporates features like automatic scaling, load balancing, and data replication to enhance resilience and ensure applications remain operational under varying conditions. These built-in capabilities, combined with AWS's global infrastructure, contribute to Loom Analytics’ reputation for the reliability of its services.

Scalability

AWS provides on-demand resources, allowing Loom Analytics to easily scale up or down based on your needs. This elasticity ensures your turnaround times are not impacted during peak workload periods.

Amazon AWS

Security certificates

  • ISO/IEC 27001:2022
    Information technology – Security techniques – Information security management systems – Requirements

  • ISO/ IEC 42001:2023
    Artificial Intelligence Management System (AIMS) - Information technology – Security techniques – Information security management systems – Overview and vocabulary

  • Security Organization Controls (SOC 1, SOC 2, and SOC 3)

  • United Kingdom General Data Protection Regulation and Data Protection Act 2018

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Information Security Registered Assessors Program (IRAP) Security Standards in Australia

  • EU General Data Protection Regulation (GDPR)

  • Health Information Trust Alliance (HITRUST)

  • National Health Service (NHS) Data Security and Protection Toolkit (UK)

  • eHealth Insurance Portability and Accountability Act (HIPAA)

  • FIPS 140-2 – Federal Information Processing Standard

Data Security and Encryption

HTTPS encryption

Transcriptions are always created, sent, and stored with industry-standard AES 256-bit encryption – in the web app using a secure AWS environment, in the iOS or Android app on the phone. Transcriptions sent to the Loom Analytics transcription service are processed by and then sent through encrypted HTTPS to their secure servers.

Multifactor authentication

Email and/or phone-based multi-factor authentication (MFA) adds an extra level of security. Loom Analytics uses a secure authentication service by AWS that prevents security risks such as brute force attacks. The setting can be enforced by the account admin.

File access

Transcriptions can only be viewed by authorized owners with a username and password. User management and backup are only available for administrators.

Payment

Payments are processed by our payment provider, Stripe, which meets Payment Card Industry Data Security Standard (PCI DSS) compliance to ensure that payment information is processed, stored, or transmitted in a secure environment.

Speech Recognition

Tailored Data Retention

Ranging from Immediate Delete to Never Delete

We understand that your business is unique with its own data retention requirements. Loom Analytics provides you with the flexibility to configure data retention policies according to your specific needs. Our options range from immediate deletion of data after transcription to retaining data indefinitely. This empowers you to align your transcript production to your organization's data governance and compliance policies seamlessly.

Data transfer

All files sent to our speech-to-text engine are sent securely through an encrypted channel. We use HTTPS to encrypt client-to-server and server-to-server communication.

File processing

The speech recognition engine uses the highest-security standards servers in the US, Canada, the EU, and Australia.

Data storage

When using the desktop app for speech-to-text service, no audio or text is saved on Loom Analytics’ servers. Data is processed and saved entirely on the user’s desktop device. When using the mobile app for our speech-to-text service, data is processed on our cloud servers and is deleted automatically as per the user’s data retention policies. Any files saved are encrypted at rest and accessible by the user only.

Vendors

As part of our strict vendor management policy, we only cooperate with industry-leading service providers. Each new vendor undergoes an extensive security audit before we incorporate them into our activities. This way, we can ensure the highest security and compliance standards are met.

Personnel access security

Non-disclosure agreement

All employees and contractors must mandatorily sign a Non-Disclosure Agreement (NDA). This NDA serves to protect the data Loom Analytics is entrusted with.

Logical access

All trained employees and contractors who have access to our systems interact with data securely, using a device with relevant access control procedures. Access controls are reviewed regularly.

Trained personnel only

All employees and contractors receive mandatory year-round privacy and security training before they are allowed access to the system for maintenance, support, and development.

Endpoint security

We use a VPN connection to ensure that employees who have access to sensitive data can do this safely from our corporate network from multiple endpoints.

Asset control

All computers of Loom Analytics personnel are protected with antivirus, disk encryption, automatic device blocking, password managers, and security patches.