Security & Privacy
LoopCLI is built for developers who care about trust. Local-first automation keeps your scripts on your machine, and hosted runs execute inside short-lived, isolated containers. Here’s how we protect your workflows today and what’s coming next.
Local-First Automation
Loops run on your machine by default. Anything you execute locally keeps secrets in your environment variables or shell session, never leaving your terminal unless you opt into hosted execution.
Managed Hosted Runs
If you enable hosted scheduling, workflows execute inside short-lived, isolated containers in our managed cloud. Containers are wiped after each run and only receive the credentials required for that execution.
Data We Store
Account profile, project IDs, loop definitions for hosted runs, billing metadata, and support conversations. We retain hosted execution logs so you can review history, and you can request deletion at any time by reaching out via the contact form or Discord.
Secrets Today
API keys for hosted loops are stored as environment variables in our managed infrastructure. Only the hosted runner can read them during execution. For local loops we recommend .env files or your existing secret manager.
Authentication & Access Control
LoopCLI uses Supabase Auth for email/password and Google sign-in. Passwords are salted and hashed, API keys can be rotated, and every dashboard action requires authentication. We encourage teams to use unique accounts and 2FA where available.
Monitoring & Incident Response
We monitor uptime, error rates, and hosted execution health. If an incident occurs we post updates on the status page and notify affected customers. Use the contact form or Discord for urgent issues.
Security Roadmap
We’re actively investing in deeper controls for teams who rely on LoopCLI in production.
Encrypted Secrets Vault
A central vault for hosted runs so you can store and rotate credentials without managing raw environment variables. Secrets will stay encrypted at rest, with per-project scoping and audit history.
Fine-Grained Access Controls
Role-based permissions and organization workspaces so larger teams can grant least-privilege access to projects and hosted runs.
External Security Review
Independent penetration testing and SOC 2 preparation are on the roadmap as we move toward GA and enterprise plans.
Have a security question?
Feel free to reach out for security reviews, data-deletion requests, or further disclosure. Fill out the form on our Contact page, or post your message in the Discord #security channel.