AlphaLoops is built with compliance and regulatory requirements at its core. Every task and operation is timestamped and logged. AI reasoning is captured, and tested against our proprietary truthfulness tests. We are SOC 2 Type II and GDPR compliant. Our security pack is available on request.
Customer data is logically isolated and encrypted, with per-tenant access controls, encryption keys and audit trails. No cross-tenant training, no shared inference cache. Single-tenant and on-premise deployments are available for enterprise customers.
Workflows are streamlined end-to-end, but every action the platform takes on your behalf — whatever its form or destination — requires explicit validation before release. Fully automated execution is not offered.
Every output is linked to the source data from which it was derived. Provenance is recorded alongside the answer, reducing model-hallucination risk to a level institutional users can audit.
Every action, approval and change is captured in a signed register, to meet governance and regulatory recordkeeping requirements.
(Last modified: May 2026)
These are the questions we hear most often from compliance, technology and procurement teams in the opening stage of a review.
Users can choose between two review modes: “manual” review, where every outbound message is individually approved by a human, or “format approval,” where a sample of generated messages is shown for review and the approved format is then applied automatically to all subsequent messages. There is no auto-send mode that skips review. Every CRM update appears as a diff with easy one-click revert.
Customer data is logically isolated at every layer — per-tenant access controls, encryption keys, and audit trails — so one firm's documents, conversations, and embeddings are never visible to another. UK customers can pin to UK data residency at provisioning; EU and US regions are also available.
Customer data is never used to fine-tune models for other tenants, and there is no shared inference cache across firms.
For enterprise customers, single-tenant deployments — dedicated database, dedicated object storage, dedicated embedding index — and on-prem or air-gapped options are available on request.
All of our models are hosted exclusively on secure Azure instances. Enterprise customers have the flexibility to choose which specific models are permitted for their deployment and to select their preferred region for model hosting. Private, air-gapped, and regional deployments are available according to your requirements.
A signed register of every outbound message, every CRM change, every approval — generated as it happens. Most compliance teams move to a weekly read of the register rather than a sample-rate audit; some run both for a quarter.
The register exports to signed PDF, raw JSON or the audit API.
A typical first-tenant rollout is six working days: tenant provisioning & SSO (day 1–2), CRM connector + field mapping (day 3–4), knowledge base ingestion and first drafts (day 5–6). Compliance review of the rollout itself usually adds a week.
Customer data is exported in your chosen format and erased from our systems within 30 days of contract end. We issue a signed certificate of destruction. Backup copies are erased within a further 60 days under documented procedure.
Two PDFs: the SOC 2 Type II report (under NDA) and the controls catalogue (open).
