Mentorloop is Cyber Essentials certified and GDPR compliant, with data hosted on Amazon and Google infrastructure across Australia, the UK, and the US. This page covers all security, privacy, and compliance documentation.
Governance, risk management, and compliance
Is Mentorloop security certified?
Mentorloop is Cyber Essentials certified, verified by external auditors. All data is encrypted in transit (TLS 1.2 or above) and at rest. The platform runs on Amazon and Google cloud infrastructure, all with secure, audited data centres.
We work with third-party security services and network scanning tools to reduce vulnerabilities. To express interest in ISO 27001 or SOC 2 compliance documentation, email security@mentorloop.com.
Is Mentorloop GDPR compliant?
Yes. Mentorloop is fully GDPR compliant and registered with the ICO, the UK's Data Protection Regulator. We have published our Data Processing Addendum and maintain a register of third-party subprocessors.
More detail is available in our article: GDPR — How We've Handled It.
Is Mentorloop a Certified B Corporation?
Yes. Mentorloop is a Certified B Corporation, reflecting our commitment to using business as a tool for positive change and holding ourselves accountable to that standard.
What does Mentorloop's Corporate Social Responsibility policy cover?
Our CSR Policy covers our supplier code of conduct, environmental responsibility, community and social responsibility, ethical conduct, and anti-bribery and corruption statement.
What is Mentorloop's business continuity and disaster recovery plan?
Mentorloop's Business Continuity & Disaster Recovery plan identifies critical business activities, defines a tested incident response process, and documents recovery procedures. It covers critical activities, incident response, key contacts, and facility unavailability.
How does Mentorloop manage risk?
Our risk management process is developed in accordance with ISO 31000:2018 and follows five steps: identify, analyse, control, monitor & review, and report.
Data privacy
Mentorloop is compliant with the Australian Privacy Act 1988, including the Australian Privacy Principles (APPs).
What does Mentorloop's privacy policy cover?
Our Privacy Policy sets out how Mentorloop collects, uses, stores, and discloses personal information, and how individuals can exercise their rights. It covers collection, cookies, use, third-party disclosure, data retention, international transfers, and complaints.
What is Mentorloop's information security policy for staff?
Our Staff Information Security Policy applies to all employees, contractors, and anyone with access to Mentorloop systems or data. Access follows the principle of least-privilege. All staff complete InfoSec training on employment and every six months.
Security
What does Mentorloop's security policy cover?
The Security Policy covers identity management, access controls, data centre management, audit logging, OS maintenance, data segregation and classification, backups, and vetting of staff and third parties.
How does Mentorloop respond to security incidents?
Our Security Incident Response Plan covers how we identify, investigate, contain, recover from, and disclose security incidents. Web application penetration testing is performed annually by an authorised third party.
Where does Mentorloop host data?
Application data centres are located in Sydney (AU), London (UK), and the United States. A program is hosted in the data centre matching the customer's primary location. All data in transit uses TLS 1.2 or above; all application data is encrypted at rest. The platform is protected by a Web Application Firewall (WAF).
To request the full cloud architecture document, contact support@mentorloop.com.
Application
What authentication methods does Mentorloop support?
Mentorloop supports password login, social sign-on with Google and LinkedIn, and single sign-on via SAML with Microsoft Azure AD and Okta. Mentorloop staff administrator access is secured with MFA. Participant MFA can be enforced as part of an SSO configuration if required.
What apps and integrations does Mentorloop support?
Mentorloop integrates with calendar platforms (Google, Outlook, Apple iCloud, Exchange), video conferencing (Zoom and Microsoft Teams), and Slack for notifications. HRIS and CRM integrations (Salesforce, HubSpot, SAP SuccessFactors, BambooHR, Oracle) are available on Enterprise. See the full Apps & Integrations list.
Is Mentorloop WCAG compliant?
Mentorloop is partially compliant with WCAG 2.2 Level AA. Some platform areas meet or exceed AAA standard. If you have specific accessibility requirements, contact your Mentorloop representative.
What are the minimum IT requirements for Mentorloop?
See the Minimum IT Requirements article for supported operating systems, browsers, and other IT considerations.
What third-party platforms does Mentorloop use?
To maintain GDPR compliance and manage risk, Mentorloop maintains a register of third-party subprocessors, including their own compliance status with relevant privacy legislation.