A Product of Minion Solutions Private Limited

Privacy Policy

Effective Date: March 1, 2026 · Version 1.0

1. Introduction and Scope

Minion Solutions Private Limited ("Loomr," "we," "us," or "our"), a company incorporated under the Companies Act, 2013, is committed to protecting your privacy and the privacy of your End Customers. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you ("Merchant," "you") and your End Customers interact with the Loomr platform at https://loomr.ai and through all integrated marketplace applications ("Service").

This Privacy Policy applies to:

Merchants and their Authorized Users who register for and use the Service;
End Customers of Merchants who receive communications (video emails, WhatsApp messages) facilitated through the Service;
Visitors to our website at https://loomr.ai;
Individuals who interact with Loomr through third-party marketplace integrations, including Shopify, Zendesk, Intercom, Zapier, WooCommerce, BigCommerce, Wix, Patreon, and HubSpot.

This Policy is framed in compliance with: the Digital Personal Data Protection Act, 2023 (DPDPA) (India); the Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011 (India); the General Data Protection Regulation (GDPR) (EU/UK, where applicable); the California Consumer Privacy Act as amended by the CPRA (CCPA) (USA, where applicable); and other applicable data protection laws.

If you are a Merchant, you are responsible for providing your End Customers with appropriate notice of this Privacy Policy and obtaining any required consents before sharing their data with Loomr.

2. Identity of Data Controller and Contact Information

Minion Solutions Private Limited is the data controller (and data fiduciary under the DPDPA) for information collected directly from Merchants, Authorized Users, and website visitors. With respect to End Customer Personal Data provided by Merchants, Loomr acts as a data processor (and data fiduciary's processor under the DPDPA) on behalf of the Merchant, who is the data controller/data fiduciary.

Category	Details
Company	Minion Solutions Private Limited
Product Name	Loomr (loomr.ai)
Registered Address	No. 802, Block - 16A, Marathahalli Sarjapur Outer Ring Road, Iblur Village, Bengaluru - 560102, Karnataka, India
Website	https://loomr.ai
General / Privacy Contact	hello@loomr.ai
Data Protection Officer	hello@loomr.ai (Subject: Attn: DPO)
EU Representative	hello@loomr.ai (Subject: Attn: EU Representative)
CCPA / US Privacy Requests	hello@loomr.ai (Subject: CCPA Request)
DPDPA / India Privacy Requests	hello@loomr.ai (Subject: DPDPA Request)
Security Concerns	hello@loomr.ai (Subject: Security)

3. Information We Collect

3.1 Information You Provide Directly (Merchant Data)

When you create a Merchant Account or interact with the Service, we collect:

Account Information: name, business name, and email address provided during registration;
Authentication Data: information provided through Google OAuth (name, email address, and profile picture);
Billing Information: payment method details processed by DodoPayments (our payment processor). Loomr does not store full card numbers or sensitive payment credentials;
Order Emails: when you forward order confirmation emails to orders@inbound.loomr.ai, we process the contents of those emails, including Order Data and any End Customer information therein;
Support Communications: messages and inquiries you send to our team.

3.2 End Customer Data (Processed on Behalf of Merchants)

When Merchants use the Service, Loomr processes the following categories of End Customer Personal Data on the Merchant's behalf:

Contact Information: name, email address, and phone number (used for WhatsApp and email delivery);
Transaction Data: order ID, order amount, products purchased, shipping address, fulfillment status, and other order details extracted from forwarded emails;
Communication Engagement Data: email open and click events (via Resend); WhatsApp message delivery and read status (via Interakt);
Video Viewing Data: whether and when an End Customer viewed a video or GIF delivered through the Service.

Loomr does not knowingly collect or process sensitive categories of End Customer Personal Data such as health data, financial account numbers, Aadhaar numbers, PAN details, biometric data, caste or community data, or government-issued identification numbers. Merchants are strictly prohibited from forwarding emails or data containing such information.

3.3 Automatically Collected Technical Information

When you visit our website or use the Service, we automatically collect:

Log Data: IP address, browser type, operating system, referring URL, pages visited, and access timestamps;
Device Information: device type, browser version, and connection details;
Usage Data: feature interactions, session duration, error reports, and usage patterns within the merchant dashboard;
Cookies and Similar Technologies: as described in Section 11 below.

3.4 Data from Third-Party Marketplace Integrations

When you connect Loomr to third-party platforms, we may receive the following data, subject to the OAuth scopes you authorize during installation:

Shopify: store profile, order data, and customer information from your Shopify store;
Zendesk: ticket information, customer profiles, and account data from your Zendesk instance;
Intercom: contact and conversation data from your Intercom workspace;
Zapier: workflow trigger and action data as configured by you;
WooCommerce / BigCommerce / Wix: order data, product information, and customer details from your storefront;
Patreon: creator and patron information as authorized by you;
HubSpot: contact, deal, and company data from your HubSpot CRM;
Interakt (WhatsApp): message delivery receipts, response data, and messaging logs;
Postmark: inbound email metadata, parsing logs, and webhook event records;
Resend: email delivery status, open events, click events, and bounce/complaint notifications.

4. How We Use Your Information

4.1 Service Delivery

We use collected information to:

Create and manage your Merchant Account;
Parse inbound order emails and extract structured order data using AI;
Send WhatsApp prompts to Merchant representatives for video recording;
Process, host, and deliver personalized video communications to End Customers;
Generate GIF previews of videos for inclusion in customer emails;
Send transactional emails to End Customers on behalf of Merchants;
Synchronize data with connected third-party marketplace integrations;
Provide the merchant dashboard with order tracking and communication history.

4.2 Business Operations

We use information to:

Process payments and manage billing through DodoPayments;
Provide customer support and respond to inquiries;
Detect, investigate, and prevent fraudulent transactions and abuse;
Enforce our Terms and Conditions and comply with legal obligations;
Maintain the security and integrity of our systems.

4.3 Service Improvement

We use aggregated and de-identified data to:

Analyze Service usage and performance;
Develop new features and improve existing functionality;
Conduct research and analysis to improve AI parsing accuracy;
Generate aggregated benchmarks (never attributable to individual Merchants or End Customers).

4.4 Communications

We may use your contact information to send transactional notifications (account creation, subscription changes, billing receipts), product updates, and marketing communications where permitted by law. You may opt out of marketing emails at any time by clicking the unsubscribe link or contacting hello@loomr.ai.

4.5 AI Processing (Anthropic / Claude)

The Service uses Anthropic's Claude AI to parse inbound order emails and extract structured data (customer name, order number, product details, delivery address, etc.). This processing is performed solely to enable the Service's core functionality. Loomr does not use your data to train AI models without your explicit written consent. AI-processed data is retained only as long as necessary to fulfill the applicable order communication. For more information, see Anthropic's Privacy Policy at https://www.anthropic.com/privacy.

5. Legal Basis for Processing (GDPR / UK GDPR)

For Merchants, Authorized Users, and End Customers in the European Economic Area (EEA) or United Kingdom, we process Personal Data under the following legal bases:

Processing Purpose	Legal Basis (GDPR Art. 6)
Account creation and management	Performance of a contract (Art. 6(1)(b))
Order email parsing and video delivery	Performance of a contract (Art. 6(1)(b))
WhatsApp and email communications to End Customers	Merchant's legitimate interests / End Customer consent obtained by Merchant
Payment processing and fraud prevention	Performance of a contract / Legal obligation (Art. 6(1)(c))
Security and abuse prevention	Legitimate interests (Art. 6(1)(f))
Analytics and service improvement	Legitimate interests (Art. 6(1)(f))
Marketing communications	Consent (Art. 6(1)(a))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

6. Legal Basis for Processing (DPDPA 2023 — India)

For individuals in India, we process Personal Data ("Personal Data" as defined under the DPDPA 2023) on the following bases:

Consent: where we have obtained free, specific, informed, unconditional, and unambiguous consent from the Data Principal (e.g., for marketing communications);
Legitimate uses: where processing is necessary for performance of a contract, compliance with law, or other legitimate uses as specified under the DPDPA 2023 and rules thereunder;
Processing by Data Fiduciary's processor: where we process End Customer data on behalf of a Merchant (Data Fiduciary) pursuant to a valid Data Processing Agreement.

Data Principals (End Customers in India) have the rights described in Section 10 below, including the right to withdraw consent, access data, and raise grievances.

7. How We Share Your Information

7.1 Sub-Processors and Service Providers

We share information with the following categories of service providers who process data on our behalf, under contractual obligations of confidentiality and security:

Service Provider	Purpose & Location
Anthropic PBC (USA)	AI-assisted email parsing (Claude AI model)
Postmark / Wildbit LLC (USA)	Inbound email processing and parsing
Resend (USA)	Outbound transactional email delivery to End Customers
Interakt / Social Commerce Pvt. Ltd. (India)	WhatsApp Business API messaging
Cloudinary (USA / CDN global)	Video hosting, GIF generation, and media delivery
Supabase (USA)	Database, authentication, and row-level security
Vercel Inc. (USA / edge global)	Cloud hosting and edge deployment
Google LLC (USA)	OAuth 2.0 authentication
DodoPayments	Subscription billing and payment processing
Svix (USA)	Webhook delivery and event tracking

7.2 Marketplace Platform Data Sharing

When you use Loomr through a third-party marketplace, data accessed through that platform is handled as follows:

Shopify: Order, merchant, and customer data is accessed only through authorized OAuth scopes and used solely to provide the Service. Not shared with any other party;
Zendesk: Ticket and customer data accessed only through authorized OAuth scopes and used solely to provide the Service;
Intercom: Contact and conversation data used solely to provide the Service;
Zapier: Workflow data processed only as configured by the Merchant;
WooCommerce / BigCommerce / Wix / Patreon / HubSpot: Data accessed through respective APIs used solely to provide the Service and handled per this Privacy Policy.

7.3 Business Transfers

If Loomr or Minion Solutions Private Limited is acquired, merged, or transferred to another entity, your information may be transferred as part of that transaction. We will notify you via email or prominent notice before your information becomes subject to a different privacy policy.

7.4 Legal Compliance and Safety

We may disclose information if required by: applicable law, regulation, or legal process; orders from courts or government authorities in India or other jurisdictions; or to protect the rights, property, or safety of Loomr, our Merchants, End Customers, or the public.

7.5 Aggregated and De-Identified Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify any individual with third parties for any lawful purpose, including research and analytics.

7.6 No Sale of Personal Data

Loomr does not sell Personal Data to third parties. We do not share Personal Data for cross-context behavioral advertising purposes.

8. International Data Transfers

Loomr is based in India. Your information may be transferred to and processed in countries where our service providers operate, including the United States and the European Union. These countries may have data protection laws that differ from those in India or your home jurisdiction.

For transfers of Personal Data from India to other countries, we comply with the cross-border transfer provisions of the DPDPA 2023 and any rules or notifications issued thereunder by the Government of India.

For transfers of Personal Data from the EEA or UK to third countries, we rely on:

Standard Contractual Clauses (SCCs) as approved by the European Commission;
UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom;
Adequacy decisions where applicable.

You may request a copy of the relevant transfer safeguards by contacting hello@loomr.ai.

9. Data Retention

We retain Personal Data for as long as necessary to fulfill the purposes described in this Privacy Policy, subject to the following specific retention periods:

Data Category	Retention Period
Merchant Account Data	Duration of Account + 90 days post-termination (for data export), then deleted or anonymized
Order and Transaction Data	3 years from order date (billing, tax, and legal compliance)
End Customer Personal Data	Duration of Merchant's use of the Service; deleted upon Merchant request or Account termination
Video Content (Cloudinary)	90 days after delivery to End Customer, then automatically deleted
Email Delivery Logs (Resend)	12 months from delivery date
WhatsApp Message Logs (Interakt)	12 months from message date
Financial and Payment Records	8 years (GST and tax obligations under Indian law)
Security and Audit Logs	24 months
AI Processing Logs (Anthropic API)	30 days
Website Analytics	26 months

Upon Account termination, Loomr will provide a 90-day data export window. After this period, data will be permanently deleted or anonymized except where longer retention is required by applicable law (e.g., the Companies Act, 2013 or the Income Tax Act, 1961 in India).

10. Your Privacy Rights

10.1 Rights Under DPDPA 2023 (India)

If you are a Data Principal (End Customer) or Merchant in India, you have the following rights under the Digital Personal Data Protection Act, 2023:

Right to Access Information (Section 11): the right to obtain a summary of Personal Data being processed and the processing activities;
Right to Correction and Erasure (Section 12): the right to correct inaccurate or misleading Personal Data, and to erase Personal Data that is no longer necessary for the purpose it was collected;
Right to Grievance Redressal (Section 13): the right to have grievances addressed by our Data Protection Officer within reasonable timelines;
Right to Nominate (Section 14): the right to nominate another individual to exercise your rights in the event of your death or incapacity;
Right to Withdraw Consent (Section 6): where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing prior to withdrawal.

To exercise your DPDPA rights, contact us at hello@loomr.ai with the subject line "DPDPA Request." We will respond within the timelines prescribed by applicable law.

10.2 Rights Under GDPR / UK GDPR (EEA / UK)

If you are located in the EEA or UK, you have the following rights:

Right of Access (Art. 15): to obtain a copy of your Personal Data;
Right to Rectification (Art. 16): to correct inaccurate Personal Data;
Right to Erasure (Art. 17): to request deletion of your Personal Data;
Right to Restriction of Processing (Art. 18): to request that we limit how we process your data;
Right to Data Portability (Art. 20): to receive your data in a structured, machine-readable format;
Right to Object (Art. 21): to object to processing based on legitimate interests or for direct marketing;
Right to Withdraw Consent (Art. 7(3)): where processing is based on consent.

You also have the right to lodge a complaint with your local supervisory authority. In the EU, contact the supervisory authority in your member state. In the UK, contact the Information Commissioner's Office (ICO) at ico.org.uk. We will respond to GDPR requests within 30 days (extendable to 90 days for complex requests).

10.3 Rights Under CCPA / CPRA (California, USA)

If you are a California resident, you have the following rights:

Right to Know: the right to know what Personal Information we collect, use, disclose, and "sell" about you;
Right to Delete: the right to request deletion of your Personal Information;
Right to Correct: the right to correct inaccurate Personal Information;
Right to Opt-Out of Sale or Sharing: Loomr does not sell Personal Information and does not share it for cross-context behavioral advertising;
Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information for purposes beyond those permitted by the CPRA;
Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights.

To submit a California rights request, email hello@loomr.ai with the subject line "CCPA Request." We will respond within 45 days (extendable to 90 days where necessary).

10.4 General Rights (All Users)

Regardless of your location, you may at any time: opt out of marketing emails (via the unsubscribe link or by emailing hello@loomr.ai); request correction of inaccurate data about you; or request that we cease using your data for direct marketing.

10.5 End Customer Rights

If you are an End Customer (a customer of a Merchant who received a communication through Loomr), your primary privacy relationship is with the Merchant. To exercise your rights regarding data the Merchant shared with Loomr, please contact the Merchant directly. You may also contact Loomr at hello@loomr.ai and we will route your request appropriately.

10.6 Grievance Officer (India)

In accordance with the DPDPA 2023 and the IT (Intermediary Guidelines) Rules, 2021, we have designated a Grievance Officer. Contact details: Name: Grievance Officer, Minion Solutions Private Limited; Email: hello@loomr.ai (Subject: Attn: Grievance Officer); Address: No. 802, Block - 16A, Marathahalli Sarjapur Outer Ring Road, Iblur Village, Bengaluru - 560102, Karnataka, India. Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

Cookie Type	Purpose
Strictly Necessary	Required for the Service to function. Includes authentication session cookies and CSRF protection tokens. Cannot be disabled.
Functional	Remember your preferences and settings (e.g., language, dashboard layout). Can be disabled via browser settings.
Analytics	Help us understand how you interact with the Service (e.g., Vercel Analytics). Aggregated and non-identifying.
Marketing	Loomr does not currently serve targeted advertising. No marketing cookies are deployed.

11.2 Cookie Management

You can control or delete cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service. You may also manage preferences through our cookie consent banner displayed upon first visit.

11.3 Do Not Track

We honor browser Do Not Track (DNT) signals where technically feasible and do not engage in cross-site tracking for advertising purposes.

12. Artificial Intelligence and Automated Processing

12.1 Use of AI

The Service uses Anthropic's Claude AI model to automatically parse inbound order emails and extract structured data elements (customer names, order details, product information). This processing is necessary for the Service's core functionality and is disclosed to Merchants at onboarding.

12.2 No AI Training on Your Data

Loomr does not use Merchant data, End Customer data, or User Content to train any AI or machine learning models without explicit written consent. Data passed to Anthropic's API is processed per Anthropic's Privacy Policy and API usage policies, and is not used to train Anthropic's models under the standard API terms.

12.3 No Legally Significant Automated Decisions

Loomr does not use automated processing to make decisions that produce legal or similarly significant effects about individuals. AI is used solely for data extraction and structuring, with all communications reviewed and initiated by Merchant representatives.

12.4 Right to Human Review

If you believe any automated processing has produced an error in data about you, you may request human review by contacting hello@loomr.ai.

13. Data Security

Loomr implements a multi-layered security framework in compliance with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and international standards, including:

Encryption in Transit: all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS);
Encryption at Rest: data stored in our Supabase database is encrypted at rest;
Row-Level Security (RLS): Supabase RLS policies ensure Merchants can only access their own data;
Access Controls: access to production systems is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication (MFA) required;
API Key Management: all third-party API credentials are stored as server-side environment variables and are never exposed to the client;
Webhook Verification: all incoming webhooks (from Postmark, Interakt, Resend, Svix) are verified using HMAC signatures;
Monitoring and Alerting: we maintain security monitoring for anomalous access patterns;
Vendor Security: all sub-processors are contractually required to implement appropriate technical and organizational security measures.

Despite these measures, no electronic system is completely secure. You transmit information to us at your own risk. To report a security vulnerability, contact hello@loomr.ai with the subject line "Security."

14. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the applicable age of majority in their jurisdiction, including persons under 18 in India as defined under the DPDPA 2023). Loomr does not knowingly collect Personal Data from minors. If we become aware that we have collected Personal Data from a child without verifiable parental or guardian consent, we will take steps to delete such information promptly.

Merchants are responsible for ensuring that their End Customer communications comply with applicable laws concerning minors, including the DPDPA 2023's provisions on processing of personal data of children.

15. Merchant Customer Data and Data Processing Agreement

15.1 Loomr as Data Processor

When Merchants provide Loomr with End Customer Personal Data for processing through the Service, Loomr acts as a data processor (and data fiduciary's processor under the DPDPA 2023) under the direction of the Merchant (data controller / data fiduciary). Our Data Processing Agreement (DPA) is incorporated into our Terms and Conditions and governs this relationship.

15.2 Merchant Responsibilities

Merchants are solely responsible for:

Ensuring a valid legal basis (including consent where required) for sharing End Customer Personal Data with Loomr;
Providing End Customers with a clear and conspicuous privacy notice including disclosure of data sharing with Loomr;
Obtaining explicit, informed consent from End Customers for WhatsApp communications where required by applicable law (including the Telecom Commercial Communications Customer Preference Regulations, 2018 in India);
Responding to End Customer rights requests under the DPDPA, GDPR, CCPA, or other applicable laws;
Ensuring that data shared with Loomr does not include prohibited categories (health data, PAN, Aadhaar, payment card data, biometrics, etc.).

15.3 Sub-Processing

Loomr uses the sub-processors listed in Section 7.1 to process End Customer data. By accepting our Terms, Merchants provide general authorization for these sub-processors. Loomr will notify Merchants of material changes to its sub-processor list at least 30 days in advance.

16. WhatsApp Data Processing

The Service facilitates WhatsApp Business communications between Merchants and End Customers through the Interakt Business API (a Meta-authorized Business Solution Provider). The following provisions apply:

WhatsApp messages are transmitted through Meta's infrastructure. Meta's Privacy Policy governs data processed within WhatsApp's platform;
Loomr processes WhatsApp message delivery data (delivery status, read receipts where enabled by the platform) for dashboard display and analytics;
Merchants are solely responsible for obtaining End Customer consent to receive WhatsApp messages, in compliance with WhatsApp Business Policy, the Telecom Commercial Communications Customer Preference Regulations (TCCCP), 2018 (India), and applicable telecommunications laws in other jurisdictions;
Phone numbers used for WhatsApp communications are sourced exclusively from Merchant-provided Order Data and are not used for any purpose other than the specific order communication;
Loomr does not store the content of WhatsApp messages beyond the period necessary to confirm delivery.

17. Marketplace-Specific Privacy Provisions

17.1 Shopify

Data accessed from Shopify is limited to the OAuth scopes explicitly granted by you during installation;
Shopify merchant and customer data is used solely to provide the Service;
Upon uninstallation of Loomr from Shopify, all Shopify-sourced data will be deleted within 48 hours, except where retention is required by applicable law;
Loomr complies with all Shopify Partner Program data protection requirements.

17.2 Zendesk

Data accessed from Zendesk is limited to the OAuth scopes explicitly granted by you;
Zendesk ticket and customer data is used solely to provide the Service and is not retained beyond the period necessary to fulfill the relevant communication;
Upon revocation of OAuth access, Loomr will delete all Zendesk-sourced data within 48 hours;
Loomr complies with Zendesk's privacy and security requirements for Marketplace apps.

17.3 Intercom

Contact and conversation data from Intercom is accessed only through authorized API scopes;
Data is used solely to deliver personalized communications through the Service;
Loomr complies with Intercom's Developer Terms regarding data use and retention.

17.4 Zapier

Workflow data processed through Zapier integrations is handled per this Privacy Policy;
Loomr processes only the data fields configured by the Merchant in their Zapier workflows;
Third-party app data processed through Zapier is subject to those apps' own privacy policies.

17.5 WooCommerce, BigCommerce, and Wix

Order, product, and customer data accessed through these integrations is used solely to provide the Service;
Data is handled per this Privacy Policy and the applicable platform developer requirements;
Data is deleted promptly upon disconnection of the integration.

17.6 Patreon

Creator and patron data accessed through the Patreon API is used solely to enable personalized communications;
Loomr complies with Patreon's Platform Use Agreement and privacy requirements.

17.7 HubSpot

Contact, deal, and company data from HubSpot is accessed only through authorized OAuth scopes;
Data is used solely to provide the Service and is handled per this Privacy Policy;
Loomr complies with HubSpot's App Partner Program data requirements.

17.8 Other Marketplaces

For any marketplace integration not listed above, Loomr applies the same standards of data minimization, purpose limitation, and security described throughout this Privacy Policy. Contact hello@loomr.ai for marketplace-specific details.

18. Additional Regional Privacy Disclosures

18.1 California Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about Personal Information disclosed to third parties for their direct marketing purposes. Loomr does not share your Personal Information with third parties for their own direct marketing purposes.

18.2 Other US State Privacy Laws

Residents of states with comprehensive privacy laws (including Colorado, Connecticut, Virginia, Montana, Texas, and others) have certain rights with respect to their Personal Data. Contact hello@loomr.ai to exercise these rights. We will respond within the timeframes required by applicable state law.

18.3 Australia

For users in Australia, Loomr's practices are designed to be consistent with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC).

18.4 Canada

For users in Canada, our collection, use, and disclosure of Personal Information is subject to PIPEDA and applicable provincial privacy legislation. Complaints may be directed to the Office of the Privacy Commissioner of Canada.

19. Changes to This Privacy Policy

Loomr may update this Privacy Policy from time to time. When we make material changes, we will:

Notify you by email to the address associated with your Account at least 30 days before changes take effect;
Post the updated Privacy Policy on our website with a prominent "Updated" notice;
Where required by law (e.g., under the DPDPA 2023 or GDPR), obtain your renewed consent.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Purpose	Contact
General Privacy Inquiries	hello@loomr.ai
DPDPA Requests (India)	hello@loomr.ai (Subject: DPDPA Request)
GDPR Requests (EU/UK)	hello@loomr.ai (Subject: GDPR Request)
CCPA Requests (California)	hello@loomr.ai (Subject: CCPA Request)
Grievance Officer (India)	hello@loomr.ai (Subject: Attn: Grievance Officer)
Data Protection Officer	hello@loomr.ai (Subject: Attn: DPO)
Security Vulnerabilities	hello@loomr.ai (Subject: Security)
Postal Address	No. 802, Block - 16A, Marathahalli Sarjapur Outer Ring Road, Iblur Village, Bengaluru - 560102, Karnataka, India

We are committed to resolving all privacy concerns promptly and fairly. EU/UK users who are not satisfied with our response have the right to lodge a complaint with their local supervisory authority. Indian users may also approach the Data Protection Board of India, once constituted under the DPDPA 2023.

This Privacy Policy was last updated on March 1, 2026 and is effective as of that date. For questions, contact us at hello@loomr.ai.