Privacy Policy

1. Information We Collect

We collect information in several ways depending on how you interact with our platform.

Personal Information

When you create an account or contact us, we may collect:

• Name and email address
• Profile picture (if provided or imported via Google OAuth)
• Billing and payment information (processed by our payment provider)
• Account credentials and authentication data
• Communication preferences

Usage Data

We automatically collect certain information when you access or use our platform:

• IP address, browser type, and operating system
• Device identifiers and device information
• Pages visited, features used, and time spent on the platform
• Referring URLs and search terms
• Interaction data with Aura, our AI agent, including prompts and commands
• Crash reports and performance logs

Content Data

When you use Loopdesk for video editing, we process the following content:

• Videos, images, and audio files you upload for editing
• Project files, timelines, and editing configurations
• AI-generated edits, suggestions, and outputs produced by Aura
• Exported or rendered video files
• Captions, metadata, and annotations associated with your content

2. How We Use Your Information & Our Lawful Bases

We use the information we collect for the purposes listed below. For each purpose we indicate (a) our lawful basis under the EU/UK GDPR and (b) the corresponding basis under India’s Digital Personal Data Protection Act, 2023 (DPDPA). DPDPA recognizes only two categories of lawful processing: consent(§6) and a closed list of “certain legitimate uses” (§7). Where a processing activity does not fall within §7, we rely on your consent, which you can withdraw at any time (see Section 6).

We do not train our AI models on your identifiable User Content. We use only anonymized and aggregated signals (which cannot be reasonably linked back to you) to evaluate and improve our models and services. We do not rely on “legitimate interests” as a basis for processing your identifiable User Content for AI training — no such processing takes place.

You can withdraw any consent you have given at any time by emailing privacy@loopdesk.ai. Withdrawal does not affect the lawfulness of processing already carried out based on consent prior to its withdrawal, and certain processing (for example, retention for legal compliance) may continue under a different lawful basis.

3. How We Share Your Information

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). We may share your information in the following circumstances:

Service Providers & Sub-processors

We share information with carefully selected third-party vendors who perform services on our behalf, such as cloud hosting and storage, payment processing, email delivery, customer support, analytics, error monitoring, and AI inference. These providers are contractually obligated to protect your data and use it only for the purposes we specify. A current list of our material sub-processors is available on request by emailing privacy@loopdesk.ai.

Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request (including from authorities in India), or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

If Loopdesk is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. We also retain certain information where required by law, to resolve disputes, or to enforce our agreements.

• Uploaded videos, project files, and rendered outputs: retained for the duration of your subscription. Upon account deletion, permanently removed from our production systems within 30 days.
• Account and profile data: retained while your account is active and for up to 30 days after deletion, subject to legal holds.
• Billing and transaction records: retained for the period required by applicable tax, accounting, and financial laws (typically 7–8 years under Indian law).
• Security and access logs: retained for up to 12 months.
• Encrypted backups: may persist for up to 90 days after deletion from production before being permanently overwritten on their rotation cycle.
• Anonymized / aggregated data: retained indefinitely, as it cannot be used to identify you.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Regular security reviews and vulnerability assessments
• Access controls and role-based permissions for internal systems
• Secure cloud infrastructure with redundancy and backup systems
• Employee security training and confidentiality agreements

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected users and the relevant authorities (including the Data Protection Board of India, where applicable) in the event of a data breach.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information. You can exercise most rights by emailing privacy@loopdesk.ai. We will respond within the timeframe required by applicable law (typically 30 days, extendable where permitted).

Rights Under GDPR (European Economic Area & UK)

• Right of access — request a copy of your personal data
• Right to rectification — request correction of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or direct marketing
• Right to withdraw consent — at any time, where processing is based on consent
• Right to lodge a complaint with your local supervisory authority. You can find your authority at edpb.europa.eu.

We have not currently appointed an EU representative under Article 27 GDPR. If you are in the EEA and need to contact us about your data, please email dpo@loopdesk.ai.

Rights Under CCPA / CPRA (California)

• Right to know the categories and specific pieces of personal information we collect
• Right to delete your personal information
• Right to correct inaccurate personal information
• Right to opt out of the "sale" or "sharing" of personal information (we do not sell or share personal information as those terms are defined under CCPA/CPRA)
• Right to limit use and disclosure of sensitive personal information
• Right to non-discrimination for exercising your CCPA/CPRA rights

Global Privacy Control (GPC): Our Service honors the GPC browser signal as a valid opt-out request from California and other state privacy laws that recognize it.

India — Digital Personal Data Protection Act, 2023 (DPDPA)

If you are located in India, the DPDPA provides you with the following rights as a Data Principal:

• Right to access — obtain a summary of the personal data we process about you and the processing activities we undertake
• Right to correction, completion, and updating of your personal data
• Right to erasure of personal data that is no longer necessary for the purpose for which it was collected, subject to legal retention requirements
• Right to withdraw consent at any time (the lawfulness of prior processing will not be affected)
• Right of grievance redressal — raise concerns with our Grievance Officer (see below), and, if unresolved, escalate to the Data Protection Board of India
• Right to nominate another individual to exercise your rights on your behalf in the event of your death or incapacity

Grievance Officer (DPDPA §8(9)):
Anil Pai, Grievance Officer
Email: anil@loopdesk.ai
Phone: +91 99169 74724

We aim to acknowledge grievances within 72 hours and resolve them within 30 days. Cross-border transfers of personal data from India are subject to any restrictions the Central Government may notify under Section 16 of the DPDPA.

DPDPA Compliance Posture

• Significant Data Fiduciary (SDF). The Central Government has not designated Loopdesk Technologies LLP as a Significant Data Fiduciary under §10 of the DPDPA as of the effective date of this policy. We reassess our status periodically based on the volume and sensitivity of personal data we process, risk to sovereignty, and other factors identified by the Government. If designated, we will publish the additional disclosures required (independent DPO details, DPIA summaries, periodic audit attestations) on this page.
• Grievance resolution timeline. We acknowledge grievances within 72 hours of receipt and aim to resolve them within 30 calendar days, consistent with the DPDPA Rules. If your grievance is not resolved to your satisfaction, you may escalate to the Data Protection Board of India.
• Breach notification. In the event of a personal data breach that is likely to result in a risk to your rights, we will notify you and the Data Protection Board of India in the manner and timeline prescribed by the DPDPA Rules.
• Consent Manager. We do not currently integrate with a Consent Manager registered with the Data Protection Board of India. You can exercise all your rights directly with us using the contact details above; if and when we integrate with a registered Consent Manager, we will update this policy.

7. Children's Privacy

Loopdesk is not directed to, and we do not knowingly collect personal information from, children. The Service is intended for users 18 years of age or older globally (see our Terms of Service, Section 1).

Under India’s DPDPA, “child” means any individual under 18. Consistent with §9 of the DPDPA, we do not:

• process personal data of children without verifiable parental or lawful-guardian consent
• undertake tracking, behavioral monitoring, or targeted advertising directed at children
• process personal data that is likely to cause any detrimental effect on the well-being of a child

Our age-gate asks each registrant to confirm they are at least 18. We rely on this declaration together with signals such as payment-method verification and email domain checks. Where we have reason to believe a user may be under 18, we suspend the account and request documentary verification of age (such as a government-issued identity document or DigiLocker-verified credential), or verifiable parental consent, before further processing.

In the United States, we comply with the Children’s Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 and will promptly delete any such information that comes to our attention.

If you are a parent or guardian and believe a child has provided us with personal information, please contact us at privacy@loopdesk.ai. We will verify your request and delete the information promptly.

8. Third-Party Services & Cookies

Our platform integrates with certain third-party services. These services have their own privacy policies, which we encourage you to review.

Google OAuth

We offer Google OAuth as a sign-in option. When you authenticate via Google, we receive your name, email address, and profile picture from your Google account. We do not gain access to your Google password or other Google services unless explicitly authorized by you.

Analytics Services

We use privacy-respecting analytics tools to understand how users interact with our platform. These services may collect information such as your IP address, browser type, pages visited, and interaction patterns. This data is used in aggregate to improve our services. We do not run cross-context behavioral advertising.

Cloud Storage & AI Inference

Your uploaded videos, project files, and rendered outputs are stored on secure third-party cloud infrastructure. AI inference may be performed on our own infrastructure or by vetted third-party model providers under appropriate data processing agreements. These providers adhere to industry-standard security certifications and are contractually bound to protect your data.

Cookies

For details about how we use cookies and similar technologies, and how you can manage your preferences, please see our Cookie Policy.

9. International Data Transfers

Loopdesk Technologies LLP is based in India, and your personal data is primarily processed and stored in India. Your information may also be transferred to, stored, and processed in other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data outside of the European Economic Area or the UK, we rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, adequacy decisions, or other legally recognized mechanisms. Cross-border transfers from India are subject to any restrictions the Central Government may notify under Section 16 of the DPDPA. By using our services, you acknowledge that your data may be processed in India and other countries where our service providers operate, subject to these safeguards.

10. AI Processing & Generated Content

Our AI agent Aura processes your User Content to perform the edits you request. Outputs from Aura may include embedded content-provenance metadata (such as C2PA signals, where available) to help recipients verify that content was produced or modified by AI. Under the EU AI Act, synthetic or materially altered audiovisual content may need to be disclosed when shared with the public; you are responsible for providing such disclosures where required.

We do not use your identifiable User Content to train general AI models. We may use anonymized and aggregated signals (which cannot be reasonably linked to you) to evaluate and improve our models.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Effective date" at the top of this page and notify registered users by email or in-app notification before the change takes effect.

Your continued use of Loopdesk after the effective date of any update constitutes acceptance of the updated policy. A history of material changes is available at the bottom of this page.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Loopdesk Technologies LLP
A Limited Liability Partnership registered in India (LLPIN: ACM-1205)
Registered office: No. 203, Dev Plaza, Kadri Temple Road, Kadri, Kankanady, Mangalore, Dakshina Kannada, Karnataka 575002, India
General privacy queries: privacy@loopdesk.ai
Data Protection Officer (Soumya S Pai): soumya@loopdesk.ai
Grievance Officer (Anil Pai): anil@loopdesk.ai, +91 99169 74724
Website: https://www.loopdesk.ai

13. Change Log

• April 16, 2026 — Replaced prior Delaware-based policy. Updated legal entity to Loopdesk Technologies LLP (LLPIN ACM-1205). Added registered address, Grievance Officer (DPDPA §8(9)), and Data Protection Officer. Added a per-purpose lawful-basis mapping covering both GDPR Art. 6 and DPDPA §6/§7. Added DPDPA rights including consent withdrawal and nomination; added a DPDPA compliance-posture section (SDF status, grievance timelines, breach notification, Consent Manager). Added CCPA/CPRA correction right, sensitive-information limits, and honored the Global Privacy Control signal. Added supervisory-authority complaint right for EEA/UK users. Expanded the retention schedule. Strengthened children’s-privacy section with DPDPA §9 references and COPPA alignment. Clarified that identifiable User Content is not used to train AI models.