TRUST CENTER

Security isn't a slide. It's the system.

We build for insurance, pharma, and financial clients, industries where a security failure isn't an incident, it's a headline. Here's exactly how we handle your data, your IP, and the AI systems we deploy on your behalf.

TRUST & PRESENCE

Diligence questions, answered upfront.

2016
FOUNDED

Building enterprise software for clients across North America, Europe, and the Middle East since day one.

Jencap
ACQUIRED OUR CLIENT

The platform we built for Foresite Sports was part of its 2024 acquisition.

HIPAA
HEALTHCARE READY

Built to the HIPAA Security Rule, with a signed BAA available for healthcare clients.

GDPR
DATA PROTECTION

EU-compliant processing with a standard DPA on every engagement.

100%
UPWORK JOB SUCCESS

Top Rated Plus standing after 13,000+ hours and $400K+ of rated client work.

Compliance status

We build and operate our clients' applications to the standards their industries demand. We also engineer to SOC 2 and ISO 27001 control objectives across our own systems, with formal certification on our roadmap. We'd rather earn the badge than borrow the language.

Compliant
GDPR

We build and operate client applications to GDPR standards: standard DPA with every engagement, data-subject rights supported by design, and EU data residency available on request.

Ready
HIPAA

For healthcare engagements we build to the HIPAA Security Rule, including PHI handling controls, access logging, and encryption, with a signed BAA available.

AI safety & governance

Most agencies bolt AI onto old delivery processes. We treat AI systems as production software with their own failure modes, and we engineer for them explicitly.

Your data never trains models

Client data is never used to train, fine-tune, or improve any model, whether ours or a vendor's. All LLM API calls run with training opt-outs enforced contractually and technically.

Full agent observability

Every agent action is logged: inputs, tool calls, model versions, outputs, and confidence scores. You get a complete audit trail for every automated decision.

Human-in-the-loop by design

Agents flag low-confidence outputs for human review instead of guessing. Judgment thresholds are configurable per workflow and tightened for regulated decisions.

Model-agnostic architecture

No vendor lock-in. Systems are built against an abstraction layer, so you can swap OpenAI, Anthropic, Google, or open-weights models without rewriting your workflows.

Evals before deployment

Every AI feature ships with a regression eval suite: golden datasets, accuracy thresholds, and hallucination checks that run on every prompt or model change.

Kill switch on every agent

Every autonomous workflow has an instant off switch and graceful degradation to manual process. Automation should never hold your operations hostage.

Data handling at a glance

Encryption in transitTLS 1.2+ everywhere
Encryption at restAES-256, all environments
Data isolationStrict multi-tenant boundaries
Access controlRole-based, least-privilege, MFA enforced
BackupsEncrypted, tested restores quarterly
Data residencyUS / EU regions available
Data retentionContractual, deleted on request
Penetration testingAnnual third-party pen test

Subprocessors

Third parties that may process client data as part of our service delivery. We notify clients before adding new subprocessors to their engagement.

Amazon Web ServicesCloud infrastructure & hostingUS / EU
OpenAILLM API (training opt-out enforced)US
AnthropicLLM API (training opt-out enforced)US
VercelWeb hosting & edge networkGlobal
GitHubSource code managementUS

For procurement teams

Can you complete our security questionnaire?

Yes. A completed security questionnaire is available within 24 hours on request. We also complete SIG Lite, CAIQ, and custom vendor questionnaires when your process requires them.

Do you sign NDAs and custom DPAs?

Yes. We sign mutual NDAs before any discovery conversation, include our standard DPA with every engagement, and can work from your DPA template when needed.

Where is your team located and how is access controlled?

Our team is based in Ahmedabad, India. All access to client systems is role-based, MFA-protected, logged, and revoked immediately on role change. We can restrict client data access to named individuals.

What happens to our data and IP when the engagement ends?

You own 100% of the IP: code, models, prompts, and data pipelines. On termination, we return or destroy client data per the DPA and certify destruction in writing.

Can we audit your work or run our own pen test?

Yes. Client audits are welcomed with reasonable notice, and you're free to pen-test systems we build for you. We'd rather you find issues than anyone else.

Legal entity

Registered name
RadicalLoop Technolabs LLP
GSTIN
24AAUFR2815E1Z6
Registered office
601/A, Parshwanath ESquare, Corporate Road, Prahladnagar, Ahmedabad 380015, Gujarat, India
Contact

Something we didn't cover?

Security reviews move fastest when engineers talk to engineers. Get our lead architect on a call with your security team.

Book a security review call