Gumloop security docs: SOC 2 report, DPA, data retention, and zero data retention—who do I contact?
AI Agent Automation Platforms

Gumloop security docs: SOC 2 report, DPA, data retention, and zero data retention—who do I contact?

6 min read

Quick Answer: For SOC 2 reports, DPAs, data retention details, and Zero Data Retention questions, contact Gumloop through the sales/security channel at gumloop.com/contact or your existing account team. For formal privacy and compliance matters (including DPF and GDPR), you can also reach Gumloop’s Data Protection Officer (DPO) as outlined in our Privacy Policy.

Why This Matters

When you roll out reasoning agents across Slack, Salesforce, Jira, Zendesk, and your data warehouse, you’re not just buying automation—you’re extending your security perimeter. Legal, security, and data teams need clear owners for SOC 2 reports, Data Processing Addendums (DPAs), data retention policies, and Zero Data Retention (ZDR) terms before they’ll approve production use. Knowing exactly who to contact at Gumloop for each of these unlocks faster security reviews, cleaner contracts, and less back-and-forth during procurement.

Key Benefits:

  • Faster security review cycles: Route SOC 2 and DPA requests directly to the right Gumloop contacts instead of bouncing between generic inboxes.
  • Clear compliance ownership: Align legal, security, and privacy teams on who handles data retention, ZDR agreements, and DPF/GDPR questions.
  • Production-ready governance: Get the documentation and commitments your org needs (SOC 2 Type II, ZDR, DPF, GDPR) to confidently run agents against real customer data.

Core Concepts & Key Points

ConceptDefinitionWhy it's important
SOC 2 Type II reportIndependent audit report covering Gumloop’s security controls and their operating effectiveness over time.Security teams use this to assess whether Gumloop’s controls meet internal risk and compliance requirements.
DPA (Data Processing Addendum)Contractual addendum defining how Gumloop processes, protects, and retains customer personal data.Legal and privacy teams need a DPA to align Gumloop’s data processing with GDPR, DPF, and company policies.
Zero Data Retention (ZDR)Commitment that Gumloop never uses customer data to train AI models, plus ZDR agreements and DPAs with third‑party model providers.Critical for regulated and privacy-sensitive teams who can’t allow product training on their data and must prove vendor guarantees.

How It Works (Step-by-Step)

Here’s how to route different types of Gumloop security and privacy requests to the right place.

  1. Security & SOC 2 requests

    • Go to gumloop.com/contact.
    • Select the option related to sales/security or enterprise.
    • In the message, specify that you’re requesting the latest SOC 2 Type II report, security documentation, or details on virtual private cloud deployments, RBAC, SSO (Okta), audit logging, and other governance features.
    • If you already have an account team or AE, you can also route through them; they’ll coordinate with Gumloop’s security team and share the report via a secure channel or trust portal (e.g., trust.gumloop.com).

  2. DPA, data retention, and Zero Data Retention terms

    • Use gumloop.com/contact and note that your request is for:
      • A Data Processing Addendum (DPA),
      • Information on data retention policies and custom data retention rules, or
      • Confirmation of Zero Data Retention commitments and third‑party model ZDR agreements.
    • Gumloop’s team will route this to the appropriate legal/compliance contact and, where relevant, provide:
      • Standard DPA language,
      • Details on data retention options,
      • Documentation confirming that Gumloop never uses customer data to train AI models and that we maintain Zero Data Retention agreements and DPAs with third‑party providers.

  3. Formal privacy, GDPR, and Data Privacy Framework (DPF) questions

    • For regulatory and privacy‑specific questions (GDPR rights, EU‑U.S. DPF, UK Extension to DPF, CalOPPA, etc.), refer to the contact information in Gumloop’s Privacy Policy.
    • Gumloop (AgentHub Inc.) has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with applicable data protection laws and regulations; you can contact the DPO via the channels provided in the Privacy Policy.
    • This is the right route for:
      • Questions on how data subject rights are handled,
      • How Gumloop complies with EU‑U.S. DPF and the UK Extension to the EU‑U.S. DPF,
      • Clarifications on GDPR or regional privacy frameworks.

Common Mistakes to Avoid

  • Mistake 1: Sending everything to a generic support inbox.
    This slows down security reviews. Use gumloop.com/contact and clearly label your request as “SOC 2 report,” “DPA & data retention,” or “Privacy/DPF/GDPR” so it’s triaged to security, legal, or the DPO.

  • Mistake 2: Treating ZDR as a generic marketing claim.
    Gumloop’s Zero Data Retention isn’t just copy—there are ZDR agreements and DPAs with third‑party model providers. Ask specifically for ZDR documentation and how it applies to the models you intend to use (“every model out of the box — no vendor lock‑in”) so your privacy team can sign off confidently.

Real-World Example

Imagine your CISO drops into Slack:

“Before we roll out the Support Agent to handle Zendesk triage with real customer data, I need the SOC 2 report, DPA, data retention policy, and proof of Zero Data Retention. Who’s the right contact at Gumloop?”

Here’s how you’d handle it:

  1. You open gumloop.com/contact and submit a request titled:
    “SOC 2, DPA, data retention & ZDR docs for enterprise security review.”
  2. In the description, you specify:
    • Your company name and region (e.g., EU/UK/US),
    • That you need the latest SOC 2 Type II report for security review,
    • A DPA aligned with GDPR and EU‑U.S. DPF / UK Extension requirements,
    • Documentation on Zero Data Retention, including third‑party model ZDR terms,
    • Any questions about custom data retention rules for your deployment.
  3. In parallel, your privacy counsel uses the DPO contact in Gumloop’s Privacy Policy to ask DPF‑specific questions:
    • How Gumloop handles EU‑U.S. DPF and UK Extension obligations,
    • How data subject requests are processed,
    • How retention and deletion requests are handled in practice.

Within your review window, your CISO gets what they need: SOC 2 from trust.gumloop.com, a signed DPA with explicit retention terms, and written confirmation that neither Gumloop nor its model providers use your data for training, aligned with ZDR commitments. That’s what unblocks running agents across Slack, Jira, Salesforce, and your warehouse in production.

Pro Tip: When you submit your request, include your procurement timeline and list all required artifacts (SOC 2, DPA, ZDR statement, data retention summary, DPF/GDPR confirmation). This helps Gumloop’s team prioritize and bundle everything into a single response, instead of multiple back‑and‑forth threads.

Summary

If you’re looking for Gumloop’s SOC 2 Type II report, a DPA, or details on data retention and Zero Data Retention, your first stop is gumloop.com/contact. For deeper privacy and regulatory questions—including EU‑U.S. DPF, its UK Extension, and GDPR rights—use the Data Protection Officer contact listed in Gumloop’s Privacy Policy. Routing these requests to the right place keeps security reviews tight, documentation complete, and your path to production AI automation unblocked.

Next Step

Get Started

Back to AI Agent Automation Platforms

Keep Reading

More from AI Agent Automation Platforms

Yuma AI pricing: how are “tickets resolved by AI” counted, and how do automated-ticket packages + overages work?

Read more

n8n options for scheduled portal checks (login → extract → alert) with screenshots/run logs for failures

Read more

How long does it take to implement Mandolin for intake → benefits → OOP estimation → PA in a multi-site infusion network?

Read more