This Privacy Policy describes how Loopyback (“Loopyback”, “we”, “our”, “us”) collects, uses, and shares information about you when you use our dashboard at loopyback.com, our SDKs, or any related services (together, the “Service”).
We aim to collect as little personal data as possible. The end-users of apps that ship our SDK stay anonymous by default. If you have any question, email us at hello@loopyback.com.
1. Who we are
Loopyback is operated by the team behind loopyback.com. We are the data controller for the personal information described in this policy.
2. Information we collect
From you (the developer using our dashboard)
- Account info: your email, name, and avatar via Google or email sign-in.
- Project info: app name, store URL, branding, questionnaire content.
- Billing info: handled entirely by Stripe. We store only your Stripe customer ID and plan tier, never card numbers.
- Usage telemetry: basic logs (page views, API call counts) for service reliability.
From your end users (via our SDK)
- Responses: the answers they give to your questionnaire.
- Device info: a random anonymous device ID, platform string (e.g. “iOS 18.0”), and your app version.
- Optional contact: their email only if they explicitly opt in at the end of the questionnaire.
We do not collect: IP addresses (the SDK sends none), device identifiers used for advertising (IDFA, AAID), location, name, or any data tied to a real identity unless the user voluntarily provides it via the opt-in step.
3. How we use information
- To provide the Service: storing your projects, showing responses, generating AI personas and ad copy.
- To bill you for your subscription via Stripe.
- To improve the Service: aggregate, non-identifying metrics about feature usage.
- To communicate with you about your account, security, or product updates you opted in to.
4. AI processing
When you click Generate personas or Generate ad copyin the dashboard, your project's questionnaire data and responses are sent to OpenRouter (and through them, the AI model you selected) for the duration of that request. OpenRouter does not retain prompt data for training by default. You can review their privacy terms on their site.
5. Third-party services
- Supabase hosts our database and authentication.
- Stripe processes payments and stores billing details.
- Vercel hosts our web infrastructure.
- OpenRouter routes our AI requests (see section 4).
- Google if you sign in with Google.
Each of these providers has its own privacy policy. We choose vendors with strong privacy practices and EU-region data hosting where available.
6. Data retention
We keep your account data for as long as your account is active. Response data persists until you delete the project or your account. Sandbox responses can be deleted at any time from the dashboard. When you delete a project, all its responses, personas, and ad copy are permanently removed within 30 days.
7. Your rights (GDPR / CCPA)
If you are in the EU, UK, or California, you have the right to:
- Access the personal data we hold about you.
- Correct or update it.
- Delete it (right to be forgotten).
- Receive a copy in a machine-readable format.
- Object to processing.
Most of these you can do yourself from the dashboard. For anything else, email hello@loopyback.com and we will respond within 30 days.
8. Security
All traffic is TLS-encrypted. API keys are stored as SHA-256 hashes; the plaintext is shown only once on creation. Row-level security ensures projects are only accessible to their owner.
9. Children
Loopyback is not directed at children under 16. We do not knowingly collect their data. If the end users of your app are under 16, you are responsible for handling their consent under applicable laws (e.g. COPPA, GDPR-K).
10. Changes
We may update this policy. Material changes will be announced via email or a dashboard notice. The “Last updated” date at the top reflects the most recent revision.
11. Contact
Questions or requests: hello@loopyback.com.