GDPR compliance

Loom is completely GDPR-compliant for all users.  🇪🇺

We take security very seriously here at Loom and our users' privacy is at the core of our decision making. This page will walk you through our GDPR Framework:

  • Privacy Shield 
    We are an active and upstanding member of the EU-US and Swiss-US Privacy Shield programs.
  • Human-Readable Privacy Policy 
    Our human-readable privacy policy clearly details where user data goes, how it's handled, how to remove or revoke that data from certain systems, and many other things. It is the standard document under scrutiny within our Privacy Shield membership (it's legitimate).
  • Legalized Privacy Policy 
    Our legalese privacy policy details that GDPR rights extend to all users of our platform.
  • Records of Processing Activities 
    Our team internally maintains a record of processing activities with all new product build. We also designate an owner and whether the data we are handling is HR or non-HR data.


Do I need a signed DPA with Loom?

No. A question folks often have is whether they need a signed DPA with Loom. Since Loom acts as a data controller and not a data processor, you do not need a signed DPA with us, so we do not provide one.

Will you sign or fill out a security questionnaire for us?
Probably not. We'd love to be able to help all of our users and customers, but we do not have the staff and means to fill out all security questionnaires and spreadsheets companies send our way. If you are looking to sign on a significant amount of employees (50+), then we are happy to work with your team because the economics work out for us.
2 out of 2 found this helpful