We only use strictly necessary cookies for authentication and payment processing — no tracking or marketing. Privacy Policy

Security

Security at CrashLoom

Security is core to what we do. Here's how we protect your data and keep your customers' trust.

Infrastructure

  • Hosted on Google Cloud Platform in the European Union
  • TLS 1.2+ enforced on all connections
  • Encryption at rest for all stored data
  • Automated encrypted backups

Application Security

  • Automated dependency scanning via Dependabot
  • Periodic internal security reviews
  • Industry-standard authentication protocols for all API access
  • All processing logged for audit purposes

Access Control

  • Principle of least privilege — minimal permissions requested
  • Workspace isolation — each workspace's data is fully separated
  • LLM provider API keys encrypted using Google Cloud KMS
  • All stored data encrypted at rest via Google Cloud managed disk encryption

Sandboxed Execution

  • Code runs in isolated sandbox environments — one per job
  • Sandboxes are destroyed automatically after use
  • Your code cannot be accessed by other users or workspaces
  • Source code is never stored — accessed temporarily and discarded
  • Self-hosted option available — run sandboxes on your own cluster (Pro)

Your Data

  • Your source code is never stored by CrashLoom
  • GitHub access is read-only (write permission only to create PRs)
  • AI providers accessed via public commercial APIs — you choose the provider
  • We do not sell your data

Payments

  • Payments processed via Stripe Checkout
  • CrashLoom never stores card numbers or payment credentials
  • Stripe is PCI DSS compliant

Responsible Disclosure

If you discover a security vulnerability in CrashLoom, please report it to contact@crashloom.com. We take all reports seriously and will respond promptly.