Compliance frameworks, security audits, and quality certifications this company maintains.
Loom maintains SOC 2 Type II certification, providing enterprise customers with third-party assurance that Loom's video storage, sharing, and access control infrastructure meets rigorous standards for security, availability, and confidentiality of recorded video content.
Loom is GDPR-compliant, offering EU enterprise customers data processing agreements, EU data residency options, and controls for data subject requests — enabling teams in regulated European industries to use Loom for async video communication without violating data protection rules.
Loom supports CCPA compliance for California-based enterprise customers, providing data deletion workflows, opt-out mechanisms, and privacy disclosures that allow companies to deploy Loom while meeting California consumer privacy obligations.
Loom holds ISO 27001 certification through its parent Atlassian's information security management program, ensuring that video recording, storage, and sharing infrastructure meets international standards for data confidentiality and integrity.
Loom Enterprise supports SAML 2.0 SSO with identity providers including Okta, Azure AD, and Google Workspace, enabling large organizations to provision and deprovision Loom access automatically as part of their centralized identity management programs.
Loom is FERPA-compliant for educational institutions, allowing K-12 schools and universities to use Loom for instructional video content and student communication while protecting student education records under federal law.
Loom complies with COPPA for its education-focused deployments, ensuring that Loom for Education does not collect personal information from children under 13 without appropriate parental consent, supporting safe use in K-12 classroom environments.
Security
Atlassian Trust Program
As an Atlassian product, Loom participates in Atlassian's Trust Management Program, which provides enterprise customers with shared compliance documentation, penetration test results, and security questionnaire responses covering Loom's platform infrastructure.
Loom Enterprise offers data residency controls allowing organizations to specify that video content and metadata be stored in a designated geographic region — supporting compliance with EU data sovereignty requirements and industry-specific data localization mandates.
Security
Penetration Testing
Loom undergoes annual third-party penetration testing of its video storage, sharing, and API infrastructure as part of Atlassian's security assurance program, with results available to enterprise customers under NDA upon request.
