Compliance

MeetLoyd provides enterprise-grade compliance features to help you meet regulatory requirements and maintain strong governance over your AI operations.

Enterprise: Compliance Cockpit

Enterprise customers have access to the Compliance Cockpit -- a dedicated command center with real-time compliance scoring, evidence vault with cryptographic verification, AI risk registry, external auditor portal, scheduled report generation, and policy lifecycle management. Access it from the Compliance button in the top navigation bar.

Supported Frameworks

MeetLoyd supports 9 major regulatory compliance frameworks with real-time control monitoring and automated evidence collection.

SOC 2 Type II

19 Trust Services Criteria controls:

Category	Controls	Examples
Security (CC)	12	SSO, MFA, access reviews, encryption, incident response
Availability (A)	2	System monitoring, recovery planning
Processing Integrity (PI)	1	Data integrity controls
Confidentiality (C)	1	Data retention policies
Risk & Change (CC3, CC8)	3	Risk assessment, change management

19 controls covering all key articles:

Category	Articles	Controls
Principles	Art. 5	Purpose limitation, storage limitation
Lawfulness	Art. 6, 7	Legal basis, consent management
Data Subject Rights	Art. 15-22	Access, erasure, portability, rectification, automated decision-making
Transparency	Art. 12, 13	Privacy notices, information disclosure
Security	Art. 25, 32	Privacy by design, security measures
Accountability	Art. 30, 33, 35	Processing records, breach notification, DPIA

AI-Specific: Article 22 controls for automated decision-making safeguards and human intervention rights.

HIPAA

18 controls across all safeguard types:

Safeguard	Sections	Controls
Administrative	164.308	Security management, workforce security, incident procedures
Physical	164.310	Facility controls, device/media controls
Technical	164.312	Access control, audit controls, transmission security

EU AI Act (Enterprise)

12 controls covering high-risk AI system requirements:

Category	Articles	Controls
Classification	Art. 6, 8	High-risk AI classification, compliance requirements
Risk & Quality	Art. 9, 17	Risk management, quality management system
Data & Docs	Art. 10, 11, 12	Data governance, documentation, record-keeping
Transparency	Art. 13, 50	User information, AI content marking
Oversight	Art. 14, 26	Human oversight, deployer obligations
Security	Art. 15	Accuracy, robustness, cybersecurity

ISO 42001 (Enterprise)

AI Management System standard with 9 controls covering organizational context, leadership commitment, AI risk assessment, AI impact assessment, AI competence, system design, human oversight, monitoring, and continual improvement.

ISO 27001

Information security management with 7 control domains: Security policies (A.5), Security organization (A.6), Access control (A.9), Cryptography (A.10), Operations security (A.12), Incident management (A.16), and Compliance (A.18).

Additional Enterprise Frameworks

Framework	Focus
SOX	Financial controls, audit trails, access controls
DORA	EU financial ICT resilience
NIS2	EU cybersecurity for critical infrastructure
PCI-DSS	Payment card security, data protection
AMF/CIF	French wealth management regulatory compliance

Data Handling

Encryption

Data State	Encryption
At Rest	AES-256
In Transit	TLS 1.3
Backups	AES-256
API Keys	Hashed (bcrypt)

Data Residency

Region	Location
US	AWS us-east-1 (N. Virginia)
EU	AWS eu-west-1 (Ireland)
APAC	AWS ap-southeast-1 (Singapore)

Enterprise customers can request additional regions.

Data Isolation

Multi-tenant architecture with strict isolation: tenant-level database isolation, separate encryption keys per tenant, network-level segmentation, and no cross-tenant data access.

Retention

Data Retention Policies

Data Type	Default Retention	Configurable
Conversation Messages	90 days	Yes
Agent Memory	Indefinite	Yes
Audit Logs	1 year	Yes (min 90 days)
Task Runs	30 days	Yes
Analytics	2 years	Yes

Access Controls

Role-Based Access Control (RBAC)

Role	Permissions
Viewer	Read agents, view conversations
Member	Create/edit agents, run tasks
AI Engineer	Technical focus: agents, tools, workflows
Admin	Manage users, settings
Owner	Full access, transfer ownership

Compliance Reports

Generate compliance reports for SOC 2, GDPR, HIPAA, or combined frameworks. Reports include overall compliance score per regulation, per-module status breakdown, violation history, and configuration audit trail. Available in PDF, CSV, and Excel formats.

Scheduled Reports

Automate compliance reporting on a schedule (weekly, monthly, quarterly, or annually) with email delivery to compliance and security teams.

Certifications & Reports

Document	Availability
SOC 2 Type II Report	On request (NDA)
Penetration Test Summary	On request
Privacy Policy	Public
Terms of Service	Public
DPA	On request
BAA (HIPAA)	Enterprise only

Contact compliance@meetloyd.com or request documents from Settings > Security > Compliance Documents.

Best Practices

Enable MFA -- Require MFA for all users, especially admins
Use SSO -- Integrate with your identity provider for centralized access control
Configure retention -- Set appropriate retention policies for your compliance needs
Monitor audit logs -- Regularly review for suspicious activity
Limit permissions -- Follow the principle of least privilege
Regular access reviews -- Periodically review who has access to what

Next: Learn about Audit Logs for detailed activity tracking.

Supported Frameworks​

SOC 2 Type II​

GDPR​

HIPAA​

EU AI Act (Enterprise)​

ISO 42001 (Enterprise)​

ISO 27001​

Additional Enterprise Frameworks​

Data Handling​

Encryption​

Data Residency​

Data Isolation​

Retention​

Data Retention Policies​

Access Controls​

Role-Based Access Control (RBAC)​

Compliance Reports​

Scheduled Reports​

Certifications & Reports​