Loop – Privacy Policy

Effective Date: January 24, 2025

Last Updated: February 4, 2025

At Loop, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and share your personal data. This Privacy Policy explains our data practices for customers ("Customers," "you," or "your") who use the Loop platform, including our website (feedtheloop.com), mobile applications, and related services (collectively, the "Services"). The Services are provided by Loop Communications Inc. ("Loop," "we," "us," or "our"), a company registered in the State of Delaware, USA, with operations in the United States, Malaysia, Singapore, the United Kingdom, and the European Union (including Germany and Lithuania). This Privacy Policy also applies to potential operations in the United Arab Emirates (UAE) and all European Union (EU) countries. By using the Services, you agree to the practices described in this Privacy Policy.

1. Scope of This Privacy Policy

This Privacy Policy applies to all Customers using the Services in the regions where Loop operates or may operate, including the United States, Malaysia, Singapore, the United Kingdom, the European Union (all 27 EU countries, including Germany and Lithuania), and the United Arab Emirates (UAE). It covers the personal data we collect when you create an Account, participate in brand campaigns ("Campaigns"), earn rewards, and interact with the Services. This policy does not apply to data collected by third-party services (e.g., Tilia Payments) or brands ("Brands") you engage with through the Services, which are governed by their own privacy policies.

2. Data We Collect

We collect the following categories of personal data to provide and improve the Services:

2.1 Account Information:

When you create a Loop Account, we collect your name, email address, phone number, age, location, and other details you provide during registration or Account updates.

2.2 Engagement Data:

When you participate in Campaigns (e.g., by scanning QR codes or NFC tags on brand products), we collect survey responses, feedback, video interviews, user-generated content (UGC), participation history, and engagement metrics (e.g., time spent, completion rates).

2.3 Device Information:

We collect information about the device you use to access the Services, including your IP address, browser type, device type, operating system, and usage logs (e.g., pages visited, time spent).

2.4 Payment Data:

Loop does not store payment data directly. When you withdraw rewards, Tilia Payments, a third-party payment processor, collects and processes payment information (e.g., PayPal account, bank account details). We may receive limited payment-related data (e.g., transaction confirmation) to verify reward withdrawals.

2.5 Other Data:

We may collect additional data you provide when you contact us (e.g., support requests) or participate in optional features (e.g., marketing surveys).

3. How We Use Your Data

We use your personal data for the following purposes:

3.1 To Provide the Services:

To create and manage your Account.

To facilitate your participation in Campaigns and process rewards.

To enable Brands to engage with you through Campaigns and provide them with aggregated and anonymized insights (e.g., “70% of customers are female, 25-34, buy health bars weekly”), subject to your privacy sharing preferences.

To send you on-platform communications from Brands (e.g., messages, offers with rewards), which are always incentivized, if you have allowed such communications in your preferences for that Brand’s Loop.

3.2 To Improve the Services:

To analyze usage patterns and improve platform functionality, user experience, and Campaign effectiveness.

For Loop-operated Campaigns (as described in the Terms of Service), we may use your data for platform improvement, market research, and generating insights before offering it to the relevant Brand.

3.3 To Communicate with You:

To send Campaign updates, reward notifications, and Account security alerts.

To send marketing emails or notifications about new features, with your consent (you can opt-out at any time).

3.4 To Comply with Legal Obligations:

To comply with legal and regulatory requirements (e.g., tax reporting, anti-fraud measures).

To respond to legal requests (e.g., court orders, subpoenas).

4. How We Share Your Data

We share your personal data in the following circumstances, subject to your privacy sharing preferences for each Brand’s Loop:

4.1 With Brands:

Aggregated and Anonymized Insights: We share aggregated and anonymized insights from Campaigns with Brands (e.g., demographic trends, engagement metrics). This data does not identify you personally.

Personal Data (With Consent): Personal data (e.g., name, email) is shared with a Brand only if you explicitly consent through your privacy sharing preferences for that Brand’s Loop. You can control what data you share with each Brand (e.g., opting in or out of sharing personal data) and stop sharing data at any time by updating your preferences in your Account settings. If you opt out of sharing personal data, Brands will only receive anonymized data.

On-Platform Communications: Brands may send you incentivized communications (e.g., messages, offers with rewards) through the Loop platform, but only if you have allowed such communications in your preferences for that Brand’s Loop. You can disable these communications at any time by updating your preferences.

Loop-Operated Campaigns: For Loop-operated Campaigns, we may offer the data to the relevant Brand after using it for our own purposes (e.g., market research), in aggregated and anonymized form or adjusted according to your privacy settings.

4.2 With Tilia Payments:

When you withdraw rewards, your payment information is shared with Tilia Payments for processing. Tilia handles all payment data, processing, and fraud prevention, in accordance with their Terms of Service (https://www.tilia.io/legal/terms) and Privacy Policy (https://www.tilia.io/legal/privacy).

4.3 With Service Providers:

We share data with third-party service providers (e.g., cloud hosting, analytics) to operate the Services, but only under strict confidentiality agreements. These providers are not permitted to use your data for their own purposes.

4.4 With Legal Authorities:

We may share data if required by law, to comply with legal processes (e.g., court orders, subpoenas), or to enforce our Terms (e.g., investigating fraud).

4.5 Business Transfers:

In the event of a merger, acquisition, or sale of Loop’s assets, your data may be transferred to the acquiring entity, with notice to you.

4.6 With Your Consent:

We may share your data for other purposes if you provide explicit consent (e.g., participating in a third-party marketing campaign).

5. Data Security

We take the security of your personal data seriously and implement the following measures:

We use industry-standard encryption (e.g., SSL/TLS) to protect your data during transmission and storage.

We store your data on secure servers with access controls to prevent unauthorized access.

Despite our efforts, no system is 100% secure. We are not liable for unauthorized access, data breaches, or other security incidents beyond our reasonable control. You share data at your own risk.

In the event of a data breach, we will notify affected Customers within 72 hours (or as required by law) and take reasonable steps to mitigate harm.

6. Your Data Protection Rights

Your rights regarding your personal data depend on the laws of the region where you reside. Loop provides tools to manage your data sharing and communication preferences for each Brand’s Loop, in addition to the legal rights outlined below.

6.1 General Rights (All Regions):

Access & Update: View and update your Account information through your Account settings.

Delete Account: Request Account deletion at any time by contacting support@feedtheloop.com. Upon deletion, your personal data will be removed, except as required by law (e.g., tax records).

Data Portability: Request a copy of your personal data in a machine-readable format by contacting support@feedtheloop.com.

Manage Data Sharing Preferences: For each Brand’s Loop, you can control what personal data you share with the Brand (e.g., opting in or out of sharing your name, email). You can stop sharing data with a Brand at any time by updating your preferences in your Account settings.

Manage On-Platform Communications: For each Brand’s Loop, you can allow or disallow incentivized communications (e.g., messages, offers with rewards) from the Brand through the Loop platform. You can update these preferences at any time in your Account settings.

Opt-Out of Marketing: Opt-out of non-essential marketing communications (e.g., emails about new features) through your Account settings or by unsubscribing.

6.2 Region-Specific Rights:

United States (CCPA, California Residents): If you reside in California, you have the right to:

Know what personal data we collect, disclose, or sell about you.

Request deletion of your personal data, subject to certain exceptions (e.g., legal requirements).

Opt-out of the sale of your personal data (Loop does not sell personal data).

Not be discriminated against for exercising your CCPA rights. Contact support@feedtheloop.com to exercise these rights. We will respond to verifiable requests within 45 days, as required by the CCPA.

United Kingdom (UK GDPR): If you reside in the United Kingdom, under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to:

Access your personal data held by Loop.

Rectify inaccurate personal data.

Erase your personal data (right to be forgotten), subject to certain exceptions (e.g., legal obligations).

Restrict the processing of your personal data.

Object to the processing of your personal data (e.g., for direct marketing, which you can also manage through your communication preferences for each Brand’s Loop).

Data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format. Contact support@feedtheloop.com to exercise these rights. We will respond to requests within one month, as required by the UK GDPR.

European Union (All EU Countries – EU GDPR): If you reside in any European Union country (including Germany, Lithuania, and all other EU member states such as France, Spain, Italy, etc.), under the EU General Data Protection Regulation (EU GDPR), you have the right to:

Access your personal data held by Loop.

Rectify inaccurate personal data.

Erase your personal data (right to be forgotten), subject to certain exceptions (e.g., legal obligations).

Restrict the processing of your personal data.

Object to the processing of your personal data (e.g., for direct marketing, which you can also manage through your communication preferences for each Brand’s Loop).

Data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format. Contact support@feedtheloop.com to exercise these rights. We will respond to requests within one month, as required by the EU GDPR.

Malaysia (PDPA): If you reside in Malaysia, under the Personal Data Protection Act 2010 (PDPA), you have the right to:

Access your personal data held by Loop.

Correct any inaccurate personal data.

Withdraw consent for the processing of your personal data (subject to legal or contractual restrictions), which you can also manage through your data sharing preferences for each Brand’s Loop.

Prevent processing of your personal data that is likely to cause distress or damage. Contact support@feedtheloop.com to exercise these rights. We will respond to requests within 21 days, as required by the PDPA.

Singapore (PDPA): If you reside in Singapore, under the Personal Data Protection Act 2012 (PDPA), you have the right to:

Access your personal data held by Loop.

Correct any inaccurate personal data.

Withdraw consent for the processing of your personal data (subject to legal or contractual restrictions), which you can also manage through your data sharing preferences for each Brand’s Loop. Contact support@feedtheloop.com to exercise these rights. We will respond to requests within 30 days, as required by the PDPA.

United Arab Emirates (UAE Data Protection Law): If you reside in the UAE, under the Federal Decree-Law No. 45/2021 on the Protection of Personal Data (UAE Data Protection Law), you have the right to:

Access your personal data held by Loop.

Correct any inaccurate personal data.

Request deletion of your personal data, subject to certain exceptions (e.g., legal obligations).

Object to the processing of your personal data (e.g., for direct marketing, which you can also manage through your communication preferences for each Brand’s Loop).

Data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format.

Withdraw consent for the processing of your personal data (subject to legal or contractual restrictions), which you can also manage through your data sharing preferences for each Brand’s Loop. Contact support@feedtheloop.com to exercise these rights. We will respond to requests within 30 days, as required by the UAE Data Protection Law

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, or resolve disputes. For example:

Account Information: Retained for as long as your Account is active, and for a period of 1 year after Account deletion to comply with tax and legal requirements.

Engagement Data: Retained for 2 years after a Campaign ends to provide insights to Brands and improve the Services, unless you request deletion sooner or withdraw consent for sharing with a Brand.

Device Information: Retained for 1 year to analyze usage patterns and improve the Services, unless you request deletion sooner.

Payment Data: Limited payment-related data (e.g., transaction confirmation) is retained for 7 years to comply with tax and anti-fraud regulations.

If you request Account deletion or withdraw consent for data sharing with a Brand, we will delete the relevant personal data within 30 days, except where retention is required by law (e.g., tax records).

8. International Data Transfers

Loop is based in the United States, and your personal data may be transferred to, stored, and processed in the United States or other countries where our service providers operate (e.g., cloud hosting providers). We ensure that such transfers comply with applicable data protection laws:

For Customers in the UK and all EU countries (including Germany and Lithuania), we use Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner’s Office (ICO) to ensure adequate protection for data transfers outside the EEA/UK.

For Customers in Malaysia and Singapore, we ensure compliance with PDPA requirements for cross-border data transfers.

For Customers in the UAE, we use contractual safeguards to ensure adequate protection for data transfers, as required by the UAE Data Protection Law.

For Customers in the US, we comply with applicable state laws (e.g., CCPA) regarding data transfers.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixels) to enhance your experience on the Services:

Essential Cookies: Necessary for the operation of the Services (e.g., maintaining your login session).

Analytics Cookies: Help us understand how you use the Services (e.g., pages visited, time spent) to improve functionality.

Marketing Cookies: Used to deliver personalized marketing content, with your consent.

You can manage your cookie preferences through your browser settings or our cookie consent tool (if applicable). However, disabling essential cookies may affect the functionality of the Services.

10. Third-Party Services

The Services may include links to third-party websites or services (e.g., Tilia Payments for reward withdrawals, Brand websites). These third parties have their own privacy policies, and we are not responsible for their practices. We encourage you to review their policies before interacting with them. For example:

When you withdraw rewards, Tilia Payments processes your payment data. See Tilia’s Terms of Service (https://www.tilia.io/legal/terms) and Privacy Policy (https://www.tilia.io/legal/privacy) for details.

11. Children’s Privacy

Loop does not knowingly collect personal data from children under 13 years of age (or under 16 in the EU/UK for certain purposes, or as determined by individual EU member states, which may lower the age to 13). If you are under 18, you must have the consent of a parent or legal guardian to use the Services. If we discover that a child under 13 (or 16 in the EU/UK, or as applicable in the relevant EU member state) has created an Account without verifiable parental consent, we will terminate the Account and delete all associated data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. We will notify you of significant changes via email or a prominent notice on the Loop platform at least 30 days before the changes take effect (unless immediate changes are required by law). Your continued use of the Services after the updated Privacy Policy takes effect constitutes your acceptance of the changes. If you do not agree to the updated policy, you must discontinue use of the Services and terminate your Account.

13. Contact Information

For questions about this Privacy Policy, to exercise your data protection rights, or to contact our Data Protection Officer (if applicable), please reach out to:

Loop Communications Inc.

Email: support@feedtheloop.com

Mailing Address: 8 THE GREEN STE A, Dover, Delaware 19901 US

Registered in: State of Delaware