Security Service Level AgreementLoopin cares about the integrity and security of your personal information. We take pride in being a security-first organisation, and regularly conduct penetration testing with certified third-party vendors. Our security policy is built around reducing threats, reducing vulnerabilities, and improving our security capabilities.However, we cannot guarantee that unauthorised third parties will never be able to defeat our security measures or use your personal information for improper purposes.You acknowledge that you provide your check-in data, user content, and any personal information at your own risk. You are fully responsible for all interaction with the Services that occurs in connection with your registration information (including, without limitation, all purchases).You agree to immediately notify us of any unauthorised use of your registration information or any other breach of security related to your account or the Services, and to ensure that you “log off”/exit from your account with the Services (if applicable) at the end of each session.Please see our terms and conditions for requirements on managing accounts. We are not liable for any loss or damage arising from your failure to comply with any of the foregoing obligations. If you sign into the Service using a third-party platform account, such as Slack or Microsoft Teams, be sure to review the privacy and data usage policies of such platform to learn more about its personal information practices and your options, as they may differ from those governed by our Privacy Policy and these Terms.For any security issues, bugs, or vulnerabilities that you have found or have been made aware of, please refer to the section “Reporting Bugs” for the process on.Reporting BugsWe want you to responsibly disclose any bugs or security issues you have found through our dedicated support page or send us an email at enquiries@letsloopin.com.Our process when a new issue has been reported, is to act in good faith and first attempt to reproduce the issue, before aiming to provide a fix in a reasonable time-frame given the severity or difficulty of the issue. Any security issue that is reported will be immediately given priority over feature work, or other bugs, until we are confident that the system is again secure.We don't want researchers put in fear of legal consequences because of their good faith attempts to comply with our bug reporting policy. We cannot bind any third party, so do not assume this protection extends to any third party. If in doubt, ask us before engaging in any specific action you think /might/ go outside the bounds of our policy.Because both identifying and non-identifying information can put a researcher at risk, we limit what we share with third parties. We may provide non-identifying substantive information from your report to an affected third party, but only after notifying you and receiving a commitment that the third party will not pursue legal action against you. We will only share identifying information (name, email address, phone number, etc.) with a third party if you give your written permission.If your security research violates certain restrictions in our site policies, the safe harbour terms permit a limited exemption.Safe Harbour TermsTo encourage research and responsible disclosure of security vulnerabilities, we will not pursue civil or criminal action, or send notice to law enforcement for accidental or good faith violations of Terms & Conditions (“the policy”). We consider security research and vulnerability disclosure activities conducted consistent with this policy to be “authorised” conduct under the Computer Fraud and Abuse Act, the DMCA, and other applicable computer use laws such as WA Criminal Code 9A.90. We waive any potential DMCA claim against you for circumventing the technological measures we have used to protect the Loopin ecosystem.Please understand that if your security research involves the networks, systems, information, applications, products, or services of a third party (which is not us), we cannot bind that third party, and they may pursue legal action or law enforcement notice. We cannot and do not authorise security research in the name of other entities, and cannot in any way offer to defend, indemnify, or otherwise protect you from any third party action based on your actions.You are expected, as always, to comply with all laws applicable to you, and not to disrupt or compromise any data beyond what our bug bounty programs permit.Please contact us before engaging in conduct that may be inconsistent with or unaddressed by this policy. We reserve the sole right to make the determination of whether a violation of this policy is accidental or in good faith, and proactive contact to us before engaging in any action is a significant factor in that decision.If in doubt, ask us first!Limited Waiver of Other Site PoliciesTo the extent your security research activities are inconsistent with certain restrictions in our relevant site polices but are consistent with our terms and conditions, we waive those restrictions for the sole and limited purpose of permitting your security research under this bug bounty program.Just like above, if in doubt, ask us first!Patching PolicyWe take our responsibility to protect and ensure the security of information on the Loopin system seriously, and part of that responsibility is keeping our systems regularly patched. Which is a basic but vital action to prevent common malware attacks, which may result in the loss of confidentiality, integrity or availability of information.This policy aims to reduce the risks relating to loss of information security, by ensuring that technical vulnerabilities are identified and reviewed quickly, risks are evaluated, and appropriate mitigations - typically patches - are applied within a reasonable timeframe.If a patch cannot be applied, a different approach to mitigating the risk must instead be developed and approved in writing by the IT Security team.Every two to four weeks we release a new version of the Loopin platform which, is rigorously tested against our suite of unit and integration tests.Any security issues that have been reported to Loopin will take full priority over any feature work, and we will endeavour to produce a patch in a reasonable timeframe, to minimise the window of any security breach.Release notes for each new release are posted here on our release notes.Working at LoopinAny employee with access to sensitive information about our customers is required to sign a confidentiality agreement, and would be prosecuted to the fullest extent of the law if any data was shared unlawfully.All new employees that have access to our customer’s data will undergo a full background check as appropriate and legal within the country in which the employee resides.Other ConcernsIf you have any other security concerns not covered here, or are a potential or existing customers who would like talk about a specific concer before working together, 't hesitate to contact us on enquiries@letsloopin.com.
Try Loopin completely free
We know how important our tool is for managers like you. Get instant access today.
