Eco-LoomBack to site

Security Overview

How we protect your emissions data

Last updated: March 26, 2026

Our Security Commitment

Security is fundamental to Eco-Loom's mission of helping organizations track and reduce emissions.

We implement comprehensive security measures to ensure your data remains protected, private, and available when you need it.

Data Encryption

All data is encrypted both in transit and at rest:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest in our databases
  • Encrypted backups with secure key management
  • End-to-end encryption for sensitive API communications

Authentication & Access Control

Secure Authentication

  • Token-based authentication with secure hashing
  • Session management with automatic expiration
  • Multi-factor authentication support
  • Secure password policies and complexity requirements

Role-Based Access

  • Granular permissions for different user roles
  • Admin and standard user access levels
  • Data isolation between organizations
  • Audit logs for all access and changes

Infrastructure Security

Our infrastructure is built with security as a foundation:

  • Cloud Security: Hosted on enterprise-grade cloud providers
  • Network Security: VPC isolation and security groups
  • Database Security: PostgreSQL with advanced security features
  • Backup Security: Encrypted, geographically distributed backups
  • Monitoring: 24/7 security monitoring and alerting

Compliance & Certifications

We maintain compliance with industry standards:

  • SOC 2 Type II compliance for security controls
  • GDPR compliance for data protection
  • ISO 27001 information security management
  • Regular audits by independent security firms
  • Penetration testing conducted quarterly

Incident Response

We have comprehensive incident response procedures:

  • 24/7 monitoring for security events
  • Incident response team available around the clock
  • Transparent communication during security incidents
  • Post-incident analysis and improvement
  • Customer notification within required timeframes

Third-Party Security

We carefully vet all third-party services and vendors:

  • Security assessments of all vendors
  • Data processing agreements with all partners
  • Regular security reviews of third-party services
  • Minimal data sharing with external services

Your Security Responsibilities

While we secure the platform, you play an important role:

  • Use strong, unique access tokens
  • Enable multi-factor authentication when available
  • Report suspicious activity immediately
  • Keep your contact information current
  • Follow data handling best practices

Security Updates

We regularly update our security measures and will communicate important security information through our platform and email.

For security-related questions or to report vulnerabilities, please contact us at security@eco-loom.com