Privacy Policy

Data Controller

LoomLabs acts as a data controller for account, billing, and product operations data processed for service management. When AuditLoom processes compliance data submitted by the customer on behalf of a customer organization, LoomLabs acts as a data processor under the applicable agreements.

Data We Collect

We collect data necessary to provide and protect the service, manage subscriptions, and support product operations.

Purposes & Legal Bases

We process personal data based on one or more legal bases under GDPR and related European regulations:

• Performance of a contract: to provide access, execute workflows, generate reports, manage subscriptions.
• Legitimate interests: to secure the service, prevent abuse, ensure reliability, and improve the product.
• Legal obligations: tax/accounting duties, compliance with lawful requests, regulatory requirements.
• Consent: optional cookies and similar technologies where required.

Sharing & Recipients

We only share data with recipients necessary to operate the service and comply with legal obligations:

• Cloud infrastructure and hosting providers within the EU
• Secure authentication, email, and billing service providers
• Integrations authorized by the customer
• Professional advisors (legal, audit, accounting) where necessary
• Public authorities or regulators where required by law

International Transfers

When data is transferred outside the EEA/UK, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures where applicable. Transfer mechanisms depend on the provider's location and applicable law.

Data Retention

We retain data for as long as necessary to provide the service, fulfill contractual obligations, support auditability, and comply with legal requirements. Retention periods vary by data type:

• Account and workspace data: retained while the account or organization workspace is active.
• Billing records: retained in accordance with strict EU accounting and tax retention periods.
• Operational and security logs: retained temporarily for troubleshooting and security auditing.

Security

We implement advanced technical and organizational security measures designed to protect data from unauthorized access, alteration, disclosure, and accidental loss. We encrypt all data both in transit and at rest.

Your Rights

Under GDPR and applicable laws, you can exercise your rights in relation to your personal data:

• Access to your data and data portability
• Rectification of incorrect or incomplete data
• Erasure of data (right to be forgotten)
• Restriction of processing
• Objection to processing based on legitimate interests
• Withdrawal of previously provided consent

Cookies & Similar Technologies

AuditLoom uses strictly necessary cookies for session management and security. Optional statistical cookie categories are only enabled with your explicit consent.

Children's Data

AuditLoom is strictly intended for B2B and business use and is not directed at minors. We do not knowingly collect personal data of children in relation to the service.

Updates to This Policy

We may update this policy to reflect legal, technical, or business changes. Substantial updates will be communicated through our platform or other appropriate channels.