LoomStack
LEGAL

Privacy Policy

How LoomStack collects, uses, and protects your information.

Last updated: May 25, 2026

This Privacy Policy describes how LoomStack ("we," "us," or "our") collects, uses, and shares information when you use our AI-native SDLC orchestration platform, website, and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and role. If you sign up through a third-party authentication provider (e.g., Google, GitHub), we receive basic profile information from that provider.

Organizational Context Data

To provide the Service, we process organizational context you choose to provide, including architecture documentation, ownership data, past engineering decisions, workflow configurations, and team structure information. This data is used solely to power your orchestration workflows and is never shared with other customers.

Workflow and Execution Data

We collect metadata about workflow executions, including agent execution logs, task completion data, timing information, and source code metadata (such as repository names, branch names, and commit references). We do not store your source code itself unless explicitly configured by you.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, actions taken, timestamps, browser type, operating system, device information, and IP address.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and understand how you use the Service. See our Cookie Policy for details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including orchestrating AI agents and workflows
  • Authenticate your identity and manage your account
  • Process and deliver workflow executions based on your configurations
  • Send you technical notices, security alerts, and support messages
  • Analyze usage patterns to improve product quality and reliability
  • Detect, investigate, and prevent security incidents and fraudulent or illegal activity
  • Comply with legal obligations

We do not use your organizational context data or workflow data to train machine learning models or for purposes unrelated to providing the Service to you.

3. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. Workflow execution data and agent logs are retained for 90 days by default, after which they are automatically deleted unless you configure a different retention period. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service providers: We use third-party providers for hosting (cloud infrastructure), analytics, payment processing, and email delivery. These providers only access your data as necessary to perform services on our behalf and are contractually obligated to protect it.
  • Legal requirements: We may disclose information if required by law, regulation, legal process, or government request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
  • With your consent: We may share information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption at rest (AES-256) and in transit (TLS 1.3), regular security assessments, access controls based on the principle of least privilege, and audit logging of all data access. While no method of transmission or storage is 100% secure, we continuously work to improve our security posture and promptly address any vulnerabilities.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information, subject to certain legal exceptions.
  • Portability: Request a machine-readable copy of your data to transfer to another service.
  • Restriction: Request that we limit how we use your data in certain circumstances.
  • Objection: Object to our processing of your data for certain purposes.

To exercise any of these rights, contact us at team@loomstack.co. We will respond to your request within 30 days.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws. When we transfer data internationally, we use appropriate safeguards such as standard contractual clauses to ensure your information receives adequate protection.

8. Children's Privacy

The Service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at team@loomstack.co.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email or displaying a prominent notice within the Service. We encourage you to review this policy periodically to stay informed about how we protect your data.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

LoomStack
Email: team@loomstack.co
Website: https://loomstack.co