← Back to Home

Privacy Policy

Last Updated: May 2026

1. Introduction

Welcome to Loopd. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using Loopd, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account and use our services, we collect:

  • Account Information: Full name, email address, password, user role (clipper, brand, or admin), and a record of your acceptance of our Terms of Service, Privacy Policy, and Data Deletion Policy (version and timestamp). Passwords are managed by our authentication provider; we never see or store the raw password.
  • Discord Identity (when you sign up or link via Discord): Discord user ID, Discord username, and email address.
  • Clipper-Specific Information: Display name, Discord ID and username, a reference to your selected payout method, and a flag indicating whether tax information has been submitted.
  • Brand-Specific Information: Company name and billing email address.

2.2 Social Media Connection Data

When you connect your social media accounts (TikTok, YouTube, Instagram), we collect:

  • Account Identifiers: Platform name, your username on that platform, and your platform user ID.
  • Authentication Tokens: OAuth access tokens and refresh tokens, stored encrypted at rest, used to maintain the connection so we can read public metrics for your submitted clips.
  • Token Metadata: Token expiration timestamps and the OAuth scopes granted.

2.3 Content and Performance Data

We collect data about your video content and its performance:

  • Video Information: Clip titles, descriptions, post URLs, platform video IDs, thumbnail URLs, posted dates
  • Performance Metrics: View counts, likes, comments, shares, impressions, reach, engagement rates
  • Historical Data: Time-series performance snapshots (views at submission, views at assignment)
  • Campaign Associations: Which campaigns clips are submitted to and their status

2.4 Financial Information

  • Earnings Data: Calculated earnings per clip, total earnings, and payment status.
  • Payout Reference: A reference to your chosen payout method and a flag indicating whether tax information has been submitted. We do not store raw bank account numbers, card numbers, or government tax identifiers in our database.

2.5 Automatically Collected Information

Our application code itself does not collect IP addresses, device fingerprints, or User-Agent strings, and our internal application logs do not contain that information. However, the infrastructure providers we use to deliver the service do collect standard request-level metadata on our behalf:

  • Hosting (Vercel): Standard server access logs, including IP address and User-Agent, captured at the edge.
  • Authentication and Database (Supabase): Authentication event logs, including IP address and User-Agent at the auth layer.
  • Aggregate Product Analytics (Vercel Analytics): Anonymized, aggregate usage data such as page views, country, browser, operating system, and device type. Per Vercel's documentation, Vercel Analytics does not use cookies or persistent identifiers to track individual users.

We do not run third-party advertising trackers, session-replay tools, or behavioral analytics tools (no Google Analytics, Google Tag Manager, Meta Pixel, PostHog, Mixpanel, Segment, Hotjar, FullStory, or similar).

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Creating and managing your account
  • Connecting and maintaining your social media account integrations
  • Retrieving and displaying your content and performance analytics
  • Facilitating campaign submissions and approvals
  • Calculating and processing earnings and payments
  • Providing customer support

3.2 Platform Improvement

  • Analyzing usage patterns to improve features and user experience
  • Troubleshooting technical issues
  • Developing new features and services
  • Conducting research and analytics

3.3 Communication

  • Sending transactional emails (account notifications, payment confirmations)
  • Providing updates about campaigns, submissions, and earnings
  • Responding to your inquiries and support requests
  • Sending important platform announcements

3.4 Legal and Security

  • Preventing fraud and abuse
  • Enforcing our Terms of Service
  • Complying with legal obligations
  • Protecting our rights and the rights of other users

4. How We Share Your Information

4.1 With Other Users

  • Brands can view clipper profiles, submitted content, and performance metrics for their campaigns
  • Clippers can view brand campaign information and requirements
  • Your public social media content (as publicly available on connected platforms) is visible to relevant campaign participants

4.2 With Third-Party Service Providers

We share information with trusted service providers who assist in operating our platform:

  • Supabase: Managed PostgreSQL database, user authentication, file storage, and serverless functions. Stores user and platform data.
  • Vercel: Hosts the web dashboard, runs scheduled jobs, and provides aggregate, cookieless product analytics (Vercel Analytics).
  • Discord: Account login (via OAuth) and the bot interface clippers use to submit clips and receive notifications.
  • SMTP email provider: Transactional email delivery (account invitations, system notifications).

We may add a payment processor (such as Stripe) in the future to automate payouts. No payment processor is currently receiving data; payouts are administered out-of-band today, and this Privacy Policy will be updated before any new processor begins receiving data.

4.3 Social Media Platforms

When you connect your accounts, we interact with:

  • TikTok: To retrieve your public content and performance metrics
  • YouTube: To access your video data and analytics
  • Instagram: To retrieve your Reels content and insights

These platforms' own privacy policies govern their collection and use of your data.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Governmental or regulatory requests
  • Protection of our rights, property, or safety
  • Emergency situations involving danger to persons

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.

5. Data Storage and Security

5.1 Storage Location

Your data is stored on secure servers provided by Supabase (PostgreSQL database) and Vercel (application hosting), which are based in the United States.

5.2 Security Measures

We implement security measures including:

  • Row-Level Security (RLS): Database policies enforce, at the database layer, that users can only access data they are authorized to see (e.g., clippers can only read their own records; brands can only read data for campaigns they own).
  • Encryption in Transit: All client-server traffic uses HTTPS/TLS.
  • Encryption at Rest for OAuth Tokens: Social-platform OAuth access and refresh tokens are encrypted using AES-256-GCM with a per-token random initialization vector and authentication tag before being written to the database. The encryption key is stored as a server-side environment variable, separate from the database.
  • Password Protection: Passwords are managed by our authentication provider (Supabase), which uses industry-standard salted hashing. We never see or store plaintext passwords.
  • OAuth Hardening: OAuth flows use PKCE and CSRF state tokens to prevent interception and replay.
  • Bot Channel Authentication: Communication between our Discord bot and our dashboard API is signed using HMAC-SHA256 with a short replay-protection window.
  • Access Controls: Role-based access controls limit administrative access to user data.
  • Session Management: Authentication cookies are first-party, marked Secure and SameSite=Lax in production, and managed by our authentication provider.

5.3 Data Retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter to comply with legal, tax, accounting, and dispute-resolution obligations. We use a soft-deletion model: business-critical records are first marked as deleted and then removed in accordance with our internal retention schedule. You may request deletion of your account and associated personal data at any time through the means described in Section 6.3.

5.4 Important Security Note

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

6. Your Privacy Rights

6.1 Access and Correction

You can access and update your account information at any time through your account settings.

6.2 Data Portability

You may request a copy of your personal data in a structured, machine-readable format by contacting us.

6.3 Deletion

You may request deletion of your account and associated personal data by submitting a request through our Data Deletion Request page or by emailing privacy@loopd.live. Please note:

  • Some data may be retained as required by law or for legitimate business purposes (such as tax, accounting, fraud-prevention, or dispute-resolution obligations).
  • Deletion of your account will result in loss of access to all data and pending earnings below minimum payout thresholds.
  • Aggregated or de-identified information that cannot be used to identify you may be retained.

6.4 Social Media Disconnection

You can disconnect your social media accounts at any time through your connections settings. This will:

  • Revoke our access to your social media data
  • Delete stored access tokens
  • Stop future data collection from that platform
  • Retain historical performance data already collected

6.5 Marketing Communications

You can opt out of marketing communications by following the unsubscribe link in emails. You will still receive transactional emails necessary for the service.

6.6 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected, used, shared, or sold
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

6.7 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict processing of your personal data
  • Data portability
  • Object to processing
  • Lodge a complaint with a supervisory authority

7. Cookies and Similar Technologies

We use first-party cookies that are strictly necessary to keep you signed in and to remember basic interface preferences. These authentication cookies are set by our authentication provider, are marked Secure in production, and use SameSite=Lax.

We do not set advertising cookies, tracking pixels, or third-party tracking cookies, and we do not participate in cross-site advertising networks. Our product analytics provider (Vercel Analytics) is, per its documentation, anonymized and does not use cookies or persistent identifiers.

You can control cookies through your browser settings, but disabling strictly necessary cookies will prevent you from staying signed in.

8. Children's Privacy

Our platform is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

9. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your country of residence. By using our platform, you consent to such transfers.

10. Third-Party Links

Our platform may contain links to third-party websites and services (including social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of discovering the breach.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the platform

Your continued use of the platform after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@loopd.live
Support: support@loopd.live

For data subject access requests or privacy rights inquiries, please include "Privacy Request" in your email subject line and provide sufficient information for us to verify your identity.

14. Connected Social Platforms

Loopd integrates with third-party social platforms so that clippers can submit clips and Loopd can read public performance metrics for those clips. When you connect a platform, you authorize Loopd to call that platform's API directly using the OAuth scopes you grant. The scopes Loopd requests are read-only — we do not post content, send messages, modify your account, follow or unfollow accounts, or access private content. You can disconnect any connected platform at any time from your Loopd account settings, and you can additionally revoke Loopd's access from each platform's own security or app-permissions settings.

By connecting a third-party platform to Loopd, you also agree to that platform's terms of service and privacy policy, which govern that platform's own collection and use of your data.

14.1 How we use data received from connected platforms

Information Loopd receives from any connected platform's APIs is used solely to provide and improve the user-facing features of the Loopd Clipping Platform. Specifically, we use it to:

  • verify that clips you submit to a campaign were posted by you,
  • display public performance metrics (such as views, likes, comments, shares, and analytics counters) for your submitted clips in your Loopd dashboard, and
  • calculate earnings for clips submitted to brand campaigns.

We do not use data received from connected platforms to serve advertising, and we do not sell or transfer it to data brokers, information resellers, or any third party for advertising purposes. We do not use it to determine creditworthiness or for any lending purpose. We do not allow humans to read data received from connected platforms except (a) where you have given us explicit consent, (b) where it is necessary for security purposes (for example, to investigate abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized so it cannot be used to identify any individual. We do not use data received from connected platforms to develop, improve, or train generalized or non-personalized artificial intelligence or machine-learning models.

Where a platform's terms impose additional limited-use or developer-policy requirements (for example, the Google API Services User Data Policy and its Limited Use requirements), Loopd's use of information received from that platform's APIs adheres to those requirements.

14.2 Connected platforms and OAuth scopes

The platforms Loopd currently supports, the read-only OAuth scopes Loopd requests, and the categories of data Loopd accesses are summarized below. Tokens received from each platform are stored encrypted at rest using AES-256-GCM, as described in Section 5.2.

  • TikTok (governed by the TikTok Terms of Service and TikTok Privacy Policy): basic profile information (display name, username, platform user ID), the list of your public videos, and standard performance metrics for those videos.
  • YouTube (Google) (governed by the YouTube Terms of Service and the Google Privacy Policy): channel and video metadata via the youtube.readonly scope, and aggregate analytics counters via the yt-analytics.readonly scope.
  • Instagram (Meta) (governed by Meta's Terms of Service and Privacy Policy): basic Instagram Business profile information and Insights for content you choose to submit to Loopd.

14.3 Revoking access and deleting platform data

You can disconnect any connected platform at any time from your Loopd account settings. Disconnecting revokes the OAuth tokens Loopd holds and stops further data collection from that platform. You can additionally revoke Loopd's access from each platform's own settings — for example, in your Google Account permissions, in TikTok's connected-apps settings, or in Meta Business Settings.

To request deletion of data Loopd has stored from a connected platform, please use our Data Deletion Request page or email privacy@loopd.live.