Privacy Policy Information

Loop Technologies Inc.
Last Updated: Jan 23, 2024
  1. Introduction

This Privacy Policy (“Policy”) explains how Loop Technologies Inc. (“Loop,” “we,” “us,” “our”), a Delaware corporation headquartered , collects, uses, discloses, and safeguards personal information through our software-as-a-service (SaaS) platform, applications, websites, and related services (the “Services”). This Policy applies to:

  • Clients: Businesses or organizations using Loop’s loyalty program technology.
  • End Users: Customers participating in loyalty programs managed by Clients.

By using the Services, you consent to the practices described in this Policy. For jurisdiction-specific rights (e.g., GDPR, CCPA), see Section 8.

  1. Data We Collect

2.1 Information Provided Directly

  • Clients:
    • Business name, contact details (email, phone, address).
    • Payment information (credit card, billing address).
    • User account credentials (names, emails, roles).
  • End Users:
    • Contact details (name, email, phone) when signing up for loyalty programs.
    • Transaction history (purchases, reward redemptions).
    • Preferences (communication settings, reward choices).

2.2 Information Collected Automatically

  • Usage Data:
    • IP addresses, device type, browser, and operating system.
    • Logs of interactions with the Services (e.g., API calls, dashboard activity).
  • Cookies & Tracking Technologies:
    • Necessary cookies (e.g., session IDs for login).
    • Analytics cookies (e.g., Google Analytics to track engagement).
    • Marketing cookies (with consent, where required).

2.3 Data from Third Parties

  • Clients: Information from integrated services (e.g., CRM tools, POS systems).
  • End Users: Data shared by Clients or partners (e.g., purchase history from retailers).
  1. How We Use Data

We process personal information to:

  • Deliver the Services:
    • Configure and manage loyalty programs for Clients.
    • Provide analytics and reporting on program performance.
  • Communicate:
    • Send service updates, invoices, or security alerts to Clients.
    • Facilitate promotional messages to End Users (on behalf of Clients).
  • Improve Functionality:
    • Develop new features or troubleshoot technical issues.
  • Legal & Security:
    • Comply with laws (e.g., tax reporting, fraud prevention).
    • Investigate unauthorized access or misuse of the Services.

Legal Bases Under GDPR:

  • Contractual necessity (e.g., processing payments).
  • Legitimate interests (e.g., improving Services).
  • Consent (e.g., marketing communications).
  1. Data Sharing & Disclosure

4.1 With Clients

End User data (e.g., transaction history, reward activity) is shared with Clients to operate their loyalty programs.

4.2 With Third-Party Providers

  • Service Providers:
    • Payment processors (e.g., Stripe, PayPal).
    • Cloud hosting providers (e.g., AWS, Google Cloud).
    • Analytics tools (e.g., Mixpanel, Hotjar).
  • Legal Obligations:
    • Disclose data if required by law (e.g., subpoenas, court orders).

4.3 Business Transfers

Data may be transferred during mergers, acquisitions, or asset sales, with notice to affected parties.

4.4 International Transfers

Data may be processed globally. For transfers outside the EU/EEA, we use safeguards such as:

  • Standard Contractual Clauses (SCCs).
  • Privacy Shield-certified partners (where applicable).
  1. Data Retention

We retain data only as long as necessary:

  • Clients: Until account closure + 3 years for legal/audit purposes.
  • End Users: As directed by Clients or until loyalty program termination.
  • Cookies: Session cookies expire after browser closure; persistent cookies up to [24 months].
  1. Your Rights & Choices

6.1 General Rights

  • Access/Correction: Request a copy of your data or update inaccuracies.
  • Deletion: Ask to erase data (subject to legal exceptions).
  • Restriction/Objection: Limit processing or opt out of marketing.
  • Portability: Receive data in a machine-readable format.

6.2 Jurisdiction-Specific Rights

  • GDPR (EU/EEA): Withdraw consent or lodge complaints with a supervisory authority.
  • CCPA (California):
    • Opt out of “sales” of personal information (if applicable).
    • Non-discrimination for exercising rights.
  • Canada (PIPEDA): Challenge compliance via our Privacy Officer.

To Exercise Rights: Submit a request via [Privacy Request Form] or email [privacy@useloop.co].

  1. Data Security

We implement safeguards including:

  • Encryption: Data in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls: Role-based permissions and multi-factor authentication.
  • Audits: Regular vulnerability assessments and penetration testing.

Breach Notification: We will notify regulators and affected individuals within 72 hours of confirming a breach (where required by law).

  1. Children’s Privacy

The Services are not directed at individuals under 16 (or 13 under U.S. COPPA). We do not knowingly collect data from children without parental consent.

  1. Cookies & Tracking Technologies

9.1 Types of Cookies

  • Necessary: Essential for Services functionality (no consent required).
  • Analytics: Track usage patterns (opt-out via browser settings).
  • Advertising: Serve personalized ads (consent required in the EU).

9.2 Managing Preferences

Adjust cookie settings via our [Cookie Consent Banner] or browser tools (e.g., Chrome’s “Privacy and Security” menu).

  1. Policy Updates

We may update this Policy periodically. Material changes will be notified via email or in-app alerts. Continued use after updates constitutes acceptance.

  1. Contact Us

For Privacy Inquiries:
Loop Technologies Inc.
Attn: Privacy Officer
Email: [privacy@useloop.co]

EU Data Protection Officer:
[DPO Name]
Email: [dpo@useloop.co]

CCPA Requests:
Web Form: [useloop.co/ccpa-request]