Back to home

Privacy Policy

How LOOP HQ handles your data. Effective 2026-04-15.
Draft — pending legal review
This page is a scaffold. Every section tagged [TODO: legal review] must be checked by counsel before production launch. Do not treat this as a binding privacy policy.

1. Who we are

LOOP HQ (“LOOP”, “we”, “us”) is an intelligent omnichannel orchestration platform. This policy describes what personal data we collect, why, how long we keep it, and what choices you have. [TODO: legal review — confirm controller entity, registered address, and point of contact.]

2. Data we collect

  • Account data — email, name, organisation, role.
  • Authentication data — Better Auth session tokens, password hashes.
  • Workspace content — barriers, journeys, campaigns, and any content you create or upload.
  • Usage telemetry — page views, feature interactions, request latency. [TODO: legal review — confirm what telemetry is actually collected and whether it is anonymised.]
  • Cookies — session cookies for auth; preferences for UI state.

3. Why we process it

We process data to provide the service, authenticate users, secure the platform, and improve the product. [TODO: legal review — map each processing activity to a lawful basis under GDPR Art. 6 and equivalent regimes.]

4. Who we share it with

We share data only with processors strictly necessary to run the service: hosting (Vercel / Netlify), email delivery (Resend), and AI providers where the feature requires it. [TODO: legal review — enumerate all subprocessors with jurisdictions; add DPA links; confirm SCCs where applicable.]

5. Retention

[TODO: legal review — state retention periods per data category, and the deletion process after account closure.]

6. Your rights

Depending on your jurisdiction you have rights to access, correct, delete, port, or object to processing of your data. Contact us to exercise any of these. [TODO: legal review — list the rights precisely per GDPR / CCPA / PIPEDA and describe the request workflow and response SLA.]

7. Security

We use industry-standard controls: TLS in transit, hashed passwords, signed session tokens, least-privilege access for production data. [TODO: legal review — describe breach-notification posture and timelines.]

8. Changes

When this policy changes in a material way we will notify active users and update the effective date above.

9. Contact

Questions: privacy@example.com. [TODO: legal review — confirm the correct privacy contact address.]