Looops

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy explains how 9487-5606 Québec inc., doing business as “Looops” (“Looops”, “we”, “us”, “our”), collects, uses, discloses, and protects information when you use looops.ai and the related Service.

We aim to keep this short and honest. If anything is unclear, email us at [email protected] and we will explain.

1. Information We Collect

Account information

When you sign up we collect your email address. If you sign in with Google we also collect your name and profile image as provided by Google. You may add or update a name and avatar later. We do not store passwords because we use email magic codes and OAuth.

Project content

We store the prompts you send to the AI, the conversations and message history, files you upload, the generated code and assets that make up your projects, project metadata, and version history. This content is what the Service is designed to process for you.

Billing information

For Paid Plans we use Stripe to process payments. Stripe collects your payment-method details directly — we do not see or store your card number. We receive and store a Stripe customer reference, your subscription status, billing history, and invoices.

Form submissions on your sites

Sites you publish can include forms. When a visitor fills out one of those forms, Looops receives the submission so we can deliver it to you (typically by email). For this data, you are the data controller and Looops acts as a processor on your behalf. You are responsible for telling your visitors how their data is used in your own privacy policy.

Technical and usage data

When you use the Service we automatically collect logs that include your IP address, browser type, device characteristics, the pages and API endpoints you access, timestamps, and error information. We use this data to operate, secure, debug, and improve the Service.

Cookies and local storage

The Service uses your browser’s local storage to keep you signed in (an authentication token) and to remember small UI preferences such as a return URL after login. We do not currently use third-party advertising cookies. We do not run a third-party product-analytics tracker.

2. How We Use Information

We use the information we collect to:

  • operate the Service, including authenticating you, generating AI output, hosting previews, and publishing your sites;
  • process payments, manage subscriptions, and apply credit allowances;
  • communicate with you about your account, security alerts, transactional notices, and service updates;
  • provide support through the in-product live chat and email;
  • monitor usage to detect, prevent, and respond to fraud, abuse, and security incidents;
  • comply with legal obligations and enforce our Terms.

3. Legal Bases (EEA, UK, and Switzerland users)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR / UK GDPR:

  • Contract: to deliver the Service you requested.
  • Legitimate interests: to secure, debug, and improve the Service, prevent abuse, and operate our business in a reasonable way.
  • Legal obligation: to keep tax and accounting records and to respond to lawful requests.
  • Consent: where we ask for it (for example, certain marketing emails). You can withdraw consent at any time.

4. AI Model Providers

When you use the AI features, your prompts and the relevant project context are sent to one or more third-party large-language-model providers to generate the output you requested. The providers we currently use include Anthropic, xAI, OpenAI, and Google (for Gemini). These providers process your inputs under their own terms and, for API-based access, generally do not use those inputs to train their models.

Looops does not train models on Your Content. We do not sell, rent, or share Your Content with third parties for advertising or for training models that we do not operate.

5. Sub-Processors and Service Providers

We rely on the following third-party services to operate Looops. Each receives only the data it needs for its specific purpose:

  • Amazon Web Services (AWS) — hosting, databases, file storage (EFS, S3), email delivery (SES), background jobs (SQS), and preview environments (ECS). Region: United States.
  • Cloudflare — hosting of published sites (Pages), object storage (R2), and DNS / TLS for custom domains.
  • Stripe — payment processing, subscription management, invoicing.
  • Google — OAuth sign-in (when you choose it) and Gemini AI model API.
  • Anthropic, xAI, OpenAI — large-language-model APIs used to generate code and text in response to your prompts.
  • Unsplash, Runway, ElevenLabs — optional media services (stock images, AI video, AI voice). Used only when you trigger the relevant feature.
  • GitHub — deployment infrastructure.
  • Slack — internal channel for receiving error alerts and support messages from Looops staff.
  • Upstash (Redis) — transient state and caching.

We will keep this list reasonably up to date. If we add a new sub-processor that materially changes how we handle your data, we will update this page.

6. International Data Transfers

We are based in Canada, and several of our sub-processors are based in the United States. Personal data therefore moves across borders, including to the United States and other countries where our service providers operate. Where required, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses, the UK Addendum, and equivalent safeguards offered by our providers. Canada has been recognized by the European Commission as providing an adequate level of protection for personal data transferred from the EEA.

7. Data Retention

  • Account data: kept while your account is active and for up to 30 days after a deletion request, except for records we must keep longer for legal or accounting reasons.
  • Project content (Paid Plans): kept while your subscription is active.
  • Project content (free tier): projects inactive for 30 days may be deleted; we send a warning email at day 27.
  • AI conversation history: retained for up to 90 days of inactivity, after which messages may be deleted.
  • Billing records: retained for the period required by tax and accounting law (typically 6–7 years).
  • Technical logs: retained for a short period (generally 30–90 days) for debugging and security.

8. Your Rights

Depending on where you live, you may have rights to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your data (“right to be forgotten”);
  • restrict or object to certain processing;
  • receive a copy of your data in a portable format;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local data-protection authority.

To exercise any of these rights, message us in the in-product live chat or email [email protected]. We will respond within 30 days. We may need to verify your identity before completing a request. We will not discriminate against you for exercising a right.

Account deletion: the fastest way to delete your account is through the live chat in the product. We will permanently delete your account and content within 30 days, subject to retention required by law.

9. California Residents

California residents have additional rights under the CCPA / CPRA, including the right to know what categories of personal information we collect, to delete personal information, to correct inaccurate personal information, to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising, and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising and we do not use sensitive personal information for inferring characteristics. To exercise these rights, contact us as described in Section 8.

10. Security

We use industry-standard practices to protect your data, including encryption in transit, encryption at rest where supported by our providers, role-based access controls, signed authentication tokens, and isolated preview environments. No system can be guaranteed completely secure. If we ever experience a breach that affects you, we will notify you and the relevant authorities as required by law.

11. Children

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe a child under 13 has provided us with personal information, contact us at [email protected] and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes — including a change to the legal entity that operates the Service — we will give you at least 30 days’ notice on this page and, where reasonable, by email.

13. Contact

Questions, requests, and complaints can be sent to:

9487-5606 Québec inc. (d/b/a Looops)
Email: [email protected]
Live chat: available inside the product

If you are in the EEA, the UK, or Switzerland and are not satisfied with our response, you may contact your local data-protection authority. If you are in Canada, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.