At Loma, we take data security seriously. This page explains the technical and organizational measures we implement to protect your family's information. We've written it in plain language so you can understand how we safeguard your data.

Encryption and Data Protection

• Transport Encryption: We use industry-standard SSL/TLS encryption to protect data as it travels between your device and our servers.
• Storage Encryption: All data stored on our servers is encrypted at rest using strong encryption algorithms.
• Password Security: Your passwords are hashed using secure algorithms and never stored in plain text.
• Key Management: We use secure key management practices to protect encryption keys and ensure they are rotated regularly.

Access Controls and Authentication

• Role-Based Access: We implement role-based access controls to ensure employees only have access to data necessary for their job functions.
• Authentication: We require strong authentication methods, including multi-factor authentication for administrative access.
• Employee Training: All employees undergo security training and sign confidentiality agreements.
• Access Logging: We maintain detailed logs of who accesses what data and when, which we regularly audit.

Security Monitoring and Testing

• Continuous Monitoring: We use automated systems to monitor for security threats, unusual activity, and potential vulnerabilities 24/7.
• Regular Audits: We conduct regular security audits and vulnerability assessments to identify and address potential risks.
• Penetration Testing: We engage third-party security experts to test our systems and identify potential weaknesses.
• Security Updates: We promptly apply security patches and updates to all systems and software.

Data Retention and Deletion

• Retention Policy: We retain your data only as long as necessary to provide our services or as required by law.
• Account Deletion: When you delete your account, we remove your personal data from our active systems within 30 days.
• Backup Retention: Deleted data may remain in encrypted backups for a limited period as part of our disaster recovery procedures.
• Legal Requirements: We may retain certain data longer if required by law or to resolve disputes.

Incident Response

• Response Plan: We maintain a comprehensive incident response plan to quickly address any security incidents.
• Notification: If a security incident affects your personal information, we will notify you promptly and provide details about what happened and what we are doing about it.
• Investigation: We thoroughly investigate all security incidents to understand what happened and prevent future occurrences.
• Remediation: We take immediate steps to contain and remediate any security issues.

Security Standards and Compliance

• Industry Standards: We follow industry best practices and security frameworks, including SOC 2 principles.
• Third-Party Audits: We undergo regular security audits by independent third parties to verify our security practices.
• Regulatory Compliance: We comply with applicable data protection regulations, including GDPR, CCPA, and COPPA.
• Certifications: We maintain relevant security certifications and continuously work to improve our security posture.

Contact Us About Security

• If you have questions, concerns, or want to report a security issue, please contact our Security Team:
• Email: security@loma.com
• We take all security inquiries seriously and aim to respond within 48 hours.