doloop.io
Code Read, gate, and teach your AI - on your machine The doloop CLI Read a codebase you have never opened, gate a change against its own conventions, and emit those rules to AGENTS.md so your AI writes fitting code. Local, deterministic, bring your own model. The diff you can't trustwhy AI code that compiles and passes tests still breaks the codebase's own rules Merge with confidencethe reviewer's no that no test can explain, made visible Read any reposee how a repo you've never opened works, in a minute In your editorwhere to look, painted into VS Code and Cursor Security rulesthe universal injection sinks, caught deterministically Legacy modernizationhand the AI the safe parts, keep your architects on the risks Documents Auditable Intelligence for Documents Extract data you can trust Pull data from contracts, statements, and filings with every value located at its source on the page - not generated, so it cannot hallucinate a number that is not there. Try it on a PDFthe live extraction viewer, every value tied back to the page The data roomM&A diligence: every figure tied out and traced to the page Model risk · SR 26-2why a located value sits outside the model-risk regime Does your LLM dream of electric sheep?a 60-second test for whether you can trust what your model extracted Loops A loop for every kind of AI output All the loops Every kind of output your AI produces, each closed by its own deterministic loop. Codecheck an AI change against your codebase's own conventions Answer engineanswers from your own content, or says it doesn't know Documentspull tables and numbers out of a PDF, every cell tied back to the page Writingcatch AI filler, hedging, and padding in prose Defensive engineering The platform, and the proof Deterministic gates for AI output The whole approach in one page: why a reproducible check beats an LLM reviewing itself. Model risk · SR 26-2why a rule-based check sits outside the model-risk regime The method & the evidencehow the inference works, the studies, the theory, and the honest nulls AI Code Barometerconvention rates read live across millions of public files Answersthe questions a skeptic asks first Playground Sign in

Security & Compliance

Last updated: 2026-06-25  ·  Covers all doloop products

What cannot happen by construction — not by policy.

The answer engine cannot generate novel text. Every answer is a human-authored string frozen at configuration time. The document extractor cannot send your files to an AI model. The extraction pipeline is deterministic arithmetic with no external calls. These are structural properties, not configuration choices. A misconfiguration cannot change them.

The answer engine (doloop chat)

What is collected

FieldPurposeStored?
Question textRouting decisionYes — query log (see below)
Routing outcomeroute / ask / refuseYes — query log
Menu selectionImprove future routingYes — selection log
IP address—No
User-agent—No
Session or user identity—No

The query log records question text and routing outcome. It is a capped ring buffer — oldest entries are evicted automatically. It is not a permanent store. We recommend that users not enter personal data (name, email, account number) into the widget; the UI does not prompt for it.

How the learning loop works

When a visitor picks from a disambiguation menu, their choice is recorded. This is protected by an HMAC token issued by the prior response — a selection can only be recorded for a menu the engine itself generated. The fold step that improves routing runs offline, produces a gated proposal, and requires human review before anything changes. Question text is never sent to an AI model. The fold step reads routing outcomes (was this routed, asked, or refused?), not the question text itself.

Data residency — answer engine

LegProtocolNotes
Browser → Fly.ioHTTPS / TLS 1.2+TLS terminated at the Fly edge
Fly edge → appWireGuard (Fly private network)Encrypted in transit
App → databaseLocal disk I/OFly persistent volume, same region

Region: fra (Frankfurt, EU). All data is stored and processed in the EU. No data is transferred to third-party AI services at runtime — the serve path is arithmetic, with no external model calls.

The document extractor (WYSIWYD)

What is collected

PDFs you upload are stored temporarily on the API server for the duration of your session. They are deleted within 24 hours. They are not backed up, archived, or copied elsewhere. We do not use uploaded documents to train, fine-tune, or evaluate any model. We do not share them with third parties.

The extraction pipeline is fully deterministic and runs on our own infrastructure. No third-party AI service is invoked for the standard extraction flow.

Data residency — document extractor

API server: Fly.io, San Jose region (United States). Uploaded PDFs: Fly.io tmpfs on the API container, deleted within 24 hours. Free-tier usage counter: Fly.io persistent volume, San Jose region.

Security controls

Injection hardening

The answer engine applies a regex pre-filter before routing. Detected prompt-injection attempts receive a flat refusal and are never processed. Because the serve path has no generation step, a successful injection cannot cause the engine to produce a novel harmful string — the structural limit is stronger than the filter.

Learning loop poisoning

Menu selections require an HMAC token issued by the preceding response. Rate limiting is applied per source. The selection log uses a capped ring buffer. Single-source spam is inert; meaningful learning requires independent sources.

Auditability

Every answer response carries a corpus_version (the exact configuration that produced it) and a state hash (the in-memory engine state at serve time). Any answer is reproducible by restarting the engine at the same corpus_version.

Deployment pipeline

All code changes are deployed via GitHub Actions on push to the main branch. No code reaches production uncommitted. API tokens are stored as scoped GitHub Actions secrets.

Compliance posture

We are a small company. We are honest about what we hold and what we don't.

CertificationStatus
SOC 2 Type IINot certified. Our infrastructure provider (Fly.io) is. doloop as a company is not yet.
ISO 27001Not certified.
GDPRControls in place (EU hosting for the answer engine, limited retention, DPA available on request). Not independently audited.
Penetration testNot conducted by a third party. Internal adversarial review completed 2026-06-14.

Clients with mandatory certification requirements should contact us to discuss timelines or alternative deployment arrangements.

GDPR — answer engine deployments

For clients who embed the answer engine widget on their own site: the client is the data controller (they determine the purpose and means of their website and the widget's deployment); doloop is the data processor. The query log does not link questions to an identified individual (no user ID, no session ID, no IP). A Data Processing Agreement is available on request.

Contact

Security issues: hello@doloop.io with subject line Security. We aim to respond within 24 hours on business days.

Compliance and DPA enquiries: hello@doloop.io.

Infrastructure provider: Fly.io legal & compliance.

doloop WYSIWYD Thesis Privacy Terms Security Ask Contact

Built deterministically.

Ask doloop

Routes you to a real page, asks when ambiguous, or refuses. No model on the answer path, so it never invents.

Deterministic · reproducible at a published state · never invents
Ask doloop

Routes you to a real doloop page, asks when your question is ambiguous, or tells you when there is no answer. No model runs on the answer path, so it cannot invent one.

Deterministic · reproducible · cannot invent