AI coaching for leaders, teams and enterprises
ThriveLoop AI

Security

Last updated: January 20, 2025

Our Commitment to Security

At ThriveLoop AI, security is at the core of everything we do. We understand that you're entrusting us with sensitive information about your professional development, and we take that responsibility seriously. This page outlines our comprehensive approach to keeping your data safe and secure.

Data Encryption

All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols. This ensures that your information remains private and secure during transmission.

  • 256-bit AES encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for sensitive coaching conversations
  • Regular security audits and penetration testing

Infrastructure Security

Our infrastructure is built on enterprise-grade cloud platforms with multiple layers of security:

  • SOC 2 Type II certified data centers
  • Regular automated backups with encryption
  • Distributed denial-of-service (DDoS) protection
  • Network segmentation and firewall protection
  • 24/7 security monitoring and incident response

Access Controls

We implement strict access controls to ensure that only authorized personnel can access your data:

  • Multi-factor authentication (MFA) for all team members
  • Role-based access control (RBAC) with principle of least privilege
  • Regular access reviews and audit logs
  • Secure password policies and management
  • Automatic session timeout and re-authentication

Compliance & Certifications

ThriveLoop AI adheres to industry-leading security standards and compliance frameworks:

  • GDPR compliant for European users
  • CCPA compliant for California residents
  • SOC 2 Type II certification (in progress)
  • ISO 27001 information security management
  • Regular third-party security assessments

AI Model Security

Our AI models are designed with security and privacy in mind:

  • Data anonymization and pseudonymization techniques
  • No training on your personal conversations without explicit consent
  • Secure model deployment with isolated environments
  • Regular model audits for bias and security vulnerabilities
  • Transparent AI practices and explainability

Incident Response

In the unlikely event of a security incident, we have a comprehensive response plan:

  • 24/7 security operations center (SOC) monitoring
  • Immediate incident containment and investigation
  • Transparent communication with affected users
  • Post-incident analysis and remediation
  • Continuous improvement of security measures

Your Role in Security

Security is a shared responsibility. Here's how you can help keep your account secure:

  • Use a strong, unique password for your ThriveLoop AI account
  • Enable multi-factor authentication (MFA) when available
  • Keep your contact information up to date
  • Be cautious of phishing attempts and suspicious emails
  • Log out of your account when using shared devices
  • Report any suspicious activity immediately

Reporting Security Issues

If you discover a security vulnerability or have concerns about our security practices, please contact our security team immediately:

Email: security@thriveloop.ai
PGP Key: Available upon request

We appreciate responsible disclosure and will work with security researchers to address any legitimate concerns promptly.

Questions?

If you have any questions about our security practices, please don't hesitate to reach out to us at security@thriveloop.ai or visit our Help Center for more information.