Loopin Privacy Policy

This policy is effective as of 1 May 2025
Last updated: 1 May 2025

Your privacy is important to us. It is Loopin's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://www.loopin.sh, our application at https://app.loopin.sh, and other sites we own and operate.

Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

This policy is effective as of 1 May 2025
Last updated: 1 May 2025

Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

Voluntarily provided information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.

Automatically collected information refers to any information automatically sent by your devices in the course of accessing our products and services.

Personal Information We Collect

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, company name, and business address
• Authentication Data: Login credentials for magic link, Google OAuth, and Microsoft OAuth authentication
• Calendar Data: Calendar events and scheduling information when you connect Google or Microsoft calendar services
• Voice Data: Voice recordings, call transcripts, and voice patterns for AI voice cloning and response generation
• Payment Information: Billing details processed through Stripe for subscription management
• Usage Data: Information about how you use our AI receptionist service, call logs, and interaction patterns
• Marketing Preferences: Your consent to receive marketing communications and promotional materials

Service Infrastructure and Data Processing

Our AI receptionist service operates through the following infrastructure:

• Application Hosting: Our main application is hosted at app.loopin.sh with API routes via api.loopin.sh
• Database Storage: User data is stored using Supabase infrastructure across multiple regions (USA, Singapore, and Australia)
• Voice Processing: Phone calls are handled through Twilio, with voice cloning and AI responses powered by ElevenLabs
• AI Processing: Conversation analysis and response generation using OpenAI's language models
• CRM Integration: Lead management and customer data processing through HubSpot CRM
• Payment Processing: Subscription billing and payment processing via Stripe

How We Collect Information

We collect information by and through the following means:

• Account Registration: When you create an account using magic link, Google OAuth, or Microsoft OAuth
• Service Usage: When you use our AI receptionist service, make or receive calls, or interact with our platform
• Calendar Integration: When you connect your Google or Microsoft calendar for scheduling features
• Lead Capture Forms: When you submit contact information through our website forms
• Voice Interactions: During phone calls processed through our AI voice agent
• Payment Transactions: When you subscribe to our services or make payments through Stripe
• Marketing Consent: When you opt-in to receive marketing communications from us

How We Use Information

We may use information collected about you for the following purposes:

• Provide and operate our AI receptionist service
• Process voice calls and generate AI responses using your voice clone
• Manage your account, authentication, and subscription billing
• Integrate with your calendar systems for scheduling functionality
• Store and manage leads in our HubSpot CRM system
• Send marketing communications when you have provided consent
• Improve our AI models and service quality
• Comply with legal obligations and resolve disputes

When We Disclose Information

We may disclose personal information to:

• a parent, subsidiary or affiliate of our company
• third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors, and payment systems operators
• our employees, contractors, and/or related entities
• our existing or potential agents or business partners
• sponsors or promoters of any competition, sweepstakes, or promotion we run
• credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
• courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
• third parties, including agents or sub-contractors who assist us in providing information, products, services, or direct marketing to you
• third parties to collect and process data
• an entity that buys, or to which we transfer all or substantially all of our assets and business

Third parties we currently use include:

• Supabase: Database hosting and management (USA, Singapore, Australia)
• Twilio: Phone call handling and telecommunications infrastructure
• ElevenLabs: Voice cloning and AI voice response generation
• OpenAI LLC: Large language model inference and AI processing (USA)
• HubSpot: CRM and lead management system
• Stripe: Payment processing and subscription billing
• Google: OAuth authentication and calendar integration services
• Microsoft: OAuth authentication and calendar integration services
• Google Analytics
• Vercel Analytics
• MailChimp
• Google AdSense
• Meta Ads
• Next Auth
• Resend

International Transfers of Personal Information

The personal information we collect is stored and/or processed in Australia, Singapore, United States of America or where we or our partners, affiliates, and third-party providers maintain facilities. Our Supabase database infrastructure specifically operates across these three regions to ensure data availability and compliance with local data residency requirements.

The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example, providing user support), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.

OAuth Integration and Calendar Access

Loopin integrates with Google and Microsoft services through OAuth authentication to provide enhanced functionality:

Google Services Integration

When you connect your Google account, we may access:

• Basic profile information (name, email address)
• Calendar events and scheduling data (when calendar integration is enabled)
• Authentication tokens for secure access

Microsoft Services Integration

When you connect your Microsoft account, we may access:

• Basic profile information (name, email address)
• Outlook calendar events and scheduling data (when calendar integration is enabled)
• Authentication tokens for secure access

You can revoke these permissions at any time through your Google or Microsoft account settings. Revoking access will disable related features in our service but will not affect your core AI receptionist functionality.

Voice Data Processing and AI Services

Our AI receptionist service processes voice data through several specialized providers:

Twilio Call Processing

Phone calls are routed through Twilio's telecommunications infrastructure. Call metadata, recordings, and transcripts may be processed and stored according to Twilio's data handling practices.

ElevenLabs Voice Cloning

Voice samples are processed by ElevenLabs to create personalized AI voice responses. This includes:

• Voice pattern analysis and modeling
• Generation of AI voice responses in your voice
• Temporary storage of voice data for processing

OpenAI Language Processing

Conversation content is processed by OpenAI's language models to generate appropriate responses. This includes:

• Call transcript analysis
• Context understanding and response generation
• Intent recognition and routing decisions

All voice data processing is performed in real-time with minimal retention periods. Voice data is encrypted in transit and processed according to each provider's security standards and our contractual agreements.

CRM and Lead Management

We use HubSpot CRM to manage leads and customer relationships. When you provide contact information through our service, this data is stored in HubSpot and may include:

• Contact details (name, email, phone, company)
• Lead source and interaction history
• Communication preferences and consent records
• Service usage and engagement data

By providing your contact information, you consent to receive marketing communications from us. You can opt-out of marketing communications at any time by contacting us or using the unsubscribe links in our emails.

Payment Processing and Billing

Subscription payments are processed through Stripe. We do not store complete payment card details on our servers. Stripe handles:

• Secure payment processing and card tokenization
• Subscription billing and recurring payments
• Payment method storage and management
• Compliance with PCI DSS standards

Billing information and transaction records are retained according to legal requirements and our business needs. You can update your payment information or cancel subscriptions through your account settings.

Data Retention

We retain personal information for different periods depending on the type of data:

• Account Data: Retained while your account is active and for up to 7 years after closure
• Voice Recordings: Retained for service improvement and up to 2 years unless deleted earlier
• Call Logs: Retained for up to 3 years for service quality and billing purposes
• Payment Records: Retained for up to 7 years for tax and legal compliance
• Marketing Data: Retained until you opt-out or for up to 5 years of inactivity

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of data processing
• Right to Data Portability: Request transfer of your data
• Right to Object: Object to processing based on legitimate interests

To exercise these rights, please contact us using the details provided below. We will respond to your request within one month.

CCPA Compliance (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

We do not sell personal information to third parties. To exercise your CCPA rights, please contact us using the details provided below.

Australian Privacy Act Compliance

As an Australian company, we comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs). You have the right to:

• Know what personal information we collect and how we use it
• Access your personal information
• Correct inaccurate or incomplete information
• Make a complaint about our privacy practices

If you wish to make a privacy complaint, you can contact the Office of the Australian Information Commissioner:
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

Canadian PIPEDA Compliance

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to:

• Know what personal information we collect
• Access your personal information
• Correct inaccurate information
• Withdraw consent for certain uses

If you have concerns about our privacy practices, you can contact the Privacy Commissioner of Canada:
Phone: 1-800-282-1376
Website: www.priv.gc.ca

UK GDPR Compliance

For UK residents, we comply with the UK General Data Protection Regulation. You have the same rights as outlined in the GDPR section above.

If you wish to make a complaint, you can contact the Information Commissioner's Office (ICO):
Phone: 0303 123 1113
Website: www.ico.org.uk

Google Workspace API Disclosure

Loopin uses Google's Application Programming Interface (API) Services to enable the user authorization feature for accessing the Loopin platform.

Loopin's use and transfer of data to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use Requirements.

Loopin does not use data obtained from Google Workspace APIs to develop, improve, or train generalized AI or machine-learning models.

The Google information you provide as a user is used to deliver or enhance user-facing features that are central to your user experience. Subject to your permission, this may include access to your calendar data. Loopin policies and procedures strictly prohibit the unauthorized use of data within the platform, ensuring compliance with security and privacy standards.

We place significant importance on protecting your data. For detailed information regarding our privacy practices, refer to our Privacy Policy.

Google Calendar™ is a trademark of Google LLC, and its use is subject to Google Permissions. Access to your calendar is requested only with your explicit permission during the authorization process. You have the ability to review and control which permissions you grant before proceeding.

Microsoft Services Integration

Similarly, Loopin integrates with Microsoft services including Outlook Calendar and Microsoft 365 authentication. We adhere to Microsoft's data handling requirements and only access calendar information with your explicit consent. Microsoft Outlook™ and Microsoft 365™ are trademarks of Microsoft Corporation.

AI Processing and Data Transmission to OpenAI

When you use our AI receptionist service, Loopin securely transmits certain data to our AI provider OpenAI LLC (United States) for real-time processing and response generation. This includes:

• Calendar Information: Event details, scheduling data, and availability when calendar integration is enabled
• Call Content: Voice transcripts, conversation context, and call metadata
• User-Disclosed Information: Any information you provide during calls or through the platform
• Business Context: Company information, contact details, and service preferences

Data Protection Measures:
• Data is encrypted in transit using TLS 1.2+ encryption
• OpenAI acts as a data processor bound by contract to strict data protection requirements
• Content is retained only temporarily for request fulfillment and is never used to train or improve generalized AI models
• Processing occurs in real-time with minimal data retention
• All transmissions comply with applicable privacy laws and regulations

You can control AI processing by adjusting your service settings or by contacting us to modify data sharing preferences. Disabling AI features may limit the functionality of our receptionist service.

Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

Loopin Team
hello@loopin.sh
Brisbane, Australia