How Loomi Connect uses AI
Overview
Loomi Connect Gateway provides access to Bloomreach systems using the model context protocol (MCP), a standard protocol for connecting AI systems to other services. This guide covers how Loomi Connect handles data, manages AI risk, and maintains transparency about its use of AI.
AI system and models
- Model type: Loomi Connect doesn't use AI models of its own. Current tools are traditional APIs—you connect your own AI model. Some underlying Bloomreach services use ML models, for example for marketing campaign predictions. Loomi Connect enables access to these services but doesn't add any new model processing.
- Hosting: You provide your own hosting for AI models.
Data handling and security
Loomi Connect enables access to data already stored in the Bloomreach customer data engine, plus services provided by Bloomreach marketing and search products. No new data is involved in how Loomi Connect functions, and there's no separate model to train.
- Customer control: You can grant data access to any model, or choose not to connect.
- Human oversight: Human-in-the-loop review for data handling is determined by you and your chosen model. Current Loomi Connect tools are read-only, so no data changes are possible through them.
Is customer data used for AI training?
No. Loomi Connect isn't an AI system and doesn't train any models.
Who has access to customer data and under what circumstances?
When you authenticate using your personal login credentials, you authorize an agent to use Loomi Connect tools. The data access enabled by Loomi Connect exactly matches the access available to your account.
Data retention
Retention periods by data type
| Data type | Retention period |
|---|---|
| User interaction data | Until you request deletion or your account is terminated |
| Model outputs | Not applicable — Loomi Connect doesn't log tool request or response payloads |
| Logs and monitoring data | Less than 90 days |
Custom retention options
Custom retention periods per data field are not supported. There are no minimum retention requirements.
Deletion process
You can request deletion of your usage data through standard support channels. After account termination, data is deleted within 30 days. This process is integrated into Bloomreach's standard termination and deletion procedures.
Privacy protections
Loomi Connect doesn't store tool request or response payloads. PII in responses is masked for users without authorization to access it for a specific project. Data is presented via tool response exactly as it appears in the product UI.
NoteLoomi Connect user email addresses aren't masked or hashed in usage log storage.
You're responsible for monitoring your usage of any systems connected to Bloomreach via Loomi Connect.
Risk management and guardrails
Risk identification
All existing security protections that apply to human usage of Bloomreach product UIs are maintained. Tool usage is logged with user and timestamp, and both call rate and output limiting are applied at the Loomi Connect layer.
Known limitations
Call rates for individual tools and all tools in aggregate are limited per user. Computationally expensive operations—such as analytics queries—have stricter limits. Analytics queries predicted to be very intensive may be blocked to protect Bloomreach systems.
Monitoring
You're primarily responsible for monitoring the behavior of your own connected systems. Loomi Connect also provides a tool that allows an LLM to self-report when it can't respond to a request.
Bias and fairness
Loomi Connect isn't an AI system and doesn't introduce bias through its own processing. You're responsible for monitoring your usage of any systems connected to Bloomreach via Loomi Connect.
Transparency and user responsibility
How we communicate AI use
Loomi Connect isn't an AI system. Tools accessed via Loomi Connect that involve ML or LLM processing are indicated as such in the tool description.
User responsibilities
Loomi Connect is an AI-enabling technology. Primary responsibility for AI behavior lies with you and the vendors of any systems you connect to Bloomreach via Loomi Connect. Bloomreach retains responsibility for any ML or AI behavior used as part of services accessed via Loomi Connect. Responsibility for prompting and interpreting results remains with you.
User settings
You're responsible for configuring PII access for the systems you connect to Bloomreach via Loomi Connect.
Prohibited uses
All restrictions that apply to Bloomreach software under the license agreement remain in force when the software is used via Loomi Connect.
Development and testing
- Secure development: Loomi Connect software and its automated tests are reviewed by experienced developers before deployment.
- Security testing: Authentication systems have been tested across normal and hostile scenarios using both human-directed and automated tests.
AI-specific security
- Access controls: The Loomi Connect Gateway is segregated by region to maintain data locality. Development and functional testing use systems segregated from those that process customer data.
- Security protections: All Bloomreach-standard data access controls apply to access via Loomi Connect. All access is authenticated via OAuth using the same credentials used for Bloomreach product UIs.
- Incident response: Bloomreach-standard 24-hour on-call response procedures apply to the Loomi Connect Gateway and all Bloomreach services accessed via Loomi Connect.
AI compliance at Bloomreach
To learn more about compliant development and deployment of AI at Bloomreach, contact:
Data Protection Officer: [email protected].
At Bloomreach, we're committed to building AI the right way. Read more about Bloomreach's AI development principles.
Updated 43 minutes ago