GetLoomic
GetLoomic
Sales Platform
Log inSign up

Privacy Policy

Last updated: 2026-05-26

1. Introduction

GetLoomic ("we," "our," or "the Platform") operates the website and service at getloomic.com. This Privacy Policy describes how we collect, use, and disclose information when you use our Platform. By using GetLoomic, you agree to this policy. We act as a technology platform only: you activate and can pause your campaigns; emails are sent from your connected account when you choose to send (from the app or via API). We do not control your mail accounts. You are the sender of record and are solely responsible for your use of the Platform, your campaigns, and compliance with all applicable laws (including CAN-SPAM, GDPR, CCPA/CPRA, and local data protection and marketing laws).

2. Platform Role and Disclaimers

Platform-only role. GetLoomic is an AI-powered outreach automation platform. After you configure and activate a campaign, the Platform autonomously searches for leads, generates personalized email drafts, and sends emails from your connected account based on the parameters you set. You can pause or stop any campaign at any time from the dashboard. We do not initiate sending independently — sending occurs only within the parameters of campaigns you have activated. We are not the sender of any email and we do not guarantee delivery or legal compliance of your communications.

You are the data controller. For personal data that you upload, process, or use in connection with your campaigns (e.g., lead lists, contact details), you are the data controller. We process such data only as your processor, in accordance with your instructions and our Terms of Service. You are responsible for having a lawful basis for processing, for providing required notices to data subjects, and for complying with all applicable data protection and marketing laws.

No legal advice. Nothing on the Platform constitutes legal advice. You must obtain your own advice regarding compliance, consent, and use of data.

3. Information We Collect

We collect the following categories of information:

  • Account and profile data: email address, name, sign-in identifiers (we use passwordless email magic-link authentication and do not store passwords), and OAuth tokens for connected services (e.g., Gmail).
  • Campaign and lead data: information you upload or generate through the Platform (e.g., company and business names, ICP keywords, recipient email addresses, draft content).
  • Billing data: billing name, physical address (for CAN-SPAM compliance), payment card details (processed and stored by Stripe, not by us), and transaction history.
  • Usage and log data: IP address, browser type, device identifiers, pages visited, actions taken, timestamps, and error logs.
  • Cookies and similar technologies: see Section 13 below for details.
  • Communications: messages you send to support and our responses.

4. How We Use Information

We use collected information to: (a) provide, secure, and improve the Platform; (b) authenticate accounts and prevent fraud; (c) send service communications (e.g., billing, security alerts); (d) comply with law and enforce our Terms; (e) respond to support inquiries; (f) generate aggregated, de-identified statistics about Platform usage. We do not sell your personal information. GetLoomic does not use Your Content or personal information processed on your behalf to train, fine-tune, or improve any AI or machine-learning model that GetLoomic operates. We use third-party AI providers (model APIs) to generate AI-assisted outputs you request; those providers operate under no-training-by-default API policies, and we do not authorise them to retain or train on your content beyond what is required to return the requested output.

GDPR / UK GDPR. Where the GDPR or UK GDPR applies to our processing of Platform account data, we rely on the following legal bases: performance of a contract (providing the service you requested); legitimate interests (network and account security, fraud prevention, product improvement using aggregated metrics, and compliance with law); and, where we send non-essential communications or use non-essential cookies, consent when required. You may object to processing based on legitimate interests as described in Section 10.

5. Data Retention and Security

We implement reasonable technical and organizational measures to protect your data, including encryption of OAuth tokens at rest, encrypted transport (TLS) for data in transit, access controls, and audit logging. We do not guarantee absolute security and are not liable for unauthorized access that occurs despite such measures.

Retention periods by category:

  • Account data: for the duration of the account plus thirty (30) days after deletion request, unless longer retention is required by law.
  • Payment and billing records: up to seven (7) years (tax and financial recordkeeping requirements).
  • Campaign logs and sending history: up to three (3) years from the date of the activity where retained to demonstrate compliance with anti-spam and marketing laws; after that period we may delete or aggregate such records except where longer retention is required for legal holds or active disputes.
  • Lead and recipient data (Your Content): retained while your account is active. Upon account deletion or a written request to service@getloomic.com, we will delete this data within thirty (30) days, except where (a) retention is required by law, (b) the data is needed for a legitimate dispute or fraud-prevention purpose, or (c) the data has been transformed into a suppression record (in which case opt-out status is preserved as required by anti-spam law). Backups containing this data are overwritten on our standard rotation cycle.
  • Unsubscribe and suppression lists: retained indefinitely as required for CAN-SPAM and anti-spam compliance.
  • OAuth tokens: retained until you disconnect the integration or delete your account, at which point tokens are revoked and deleted.
  • Support communications: up to two (2) years from last interaction.
  • Security and audit logs: up to twelve (12) months.

Data breach notification. In the event of a personal data breach that affects your data, we will notify you without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach. Notification will describe the nature of the breach, the categories and approximate number of records affected, likely consequences, and measures taken or proposed. Where legally required, we will also notify competent supervisory authorities.

6. Google User Data (OAuth / Gmail)

If you connect your Gmail account via Google OAuth, we request the minimum access needed to send email on your behalf from your connected mailbox. We do not request access to read your mailbox, to scan messages, or to use Gmail data for advertising.

The Google OAuth permissions we request correspond to: Gmail send (to send messages you initiate through the Platform) and your Google account email address (to confirm which mailbox you connected).

  • Data we collect from Google: Your Gmail address (to identify the connected account) and an OAuth refresh token (stored encrypted). We do not request broader Gmail permissions than described here.
  • How we use it: Solely to send messages you explicitly initiate through GetLoomic (e.g., from the Platform or our send-email API). Google user data is not used to improve our service, for analytics, for advertising, for selling data, for enforcing our terms, for training AI/ML models, or for any purpose unrelated to sending the email you requested. Use of data received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
  • Sharing: We do not sell, transfer, or disclose Google user data to third parties except as necessary to operate the service (e.g., calls to Google's APIs under your authorization, or subprocessors bound by contract). We do not use it for targeted or personalized advertising.
  • Protection: OAuth tokens are encrypted at rest; access is restricted to authorized systems and used only for the purposes above.
  • Retention and deletion: We retain the token until you disconnect Gmail in Account settings or delete your account. You can revoke access at any time in your Google Account permissions.

7. AI/ML and Google User Data

GetLoomic uses third-party AI services (Anthropic Claude) to generate personalized email drafts and enrich lead information based on campaign data provided by the user. Google user data — including your Gmail address and OAuth token — is never passed to any AI or machine learning service, and is never used to train, improve, or develop any AI/ML model. AI processing uses only lead and campaign data (such as company name, ICP, and business description) that you explicitly provide to the Platform. Data passed to AI services is processed transactionally to generate output and is not retained by us for model training. This applies to all AI features within GetLoomic.

8. Third-Party Services and Subprocessors

We use a limited set of vetted third-party providers ("subprocessors") to operate the Platform. Each subprocessor is bound by written agreements that require confidentiality and appropriate data protection. We review the list periodically and may add or replace subprocessors as the service evolves.

SubprocessorPurposeData CategoriesLocation
Vercel Inc.Application hosting and edge networkAll Platform data in transitUSA
Airtable Inc.Primary database for accounts and campaignsAccount data, campaign data, lead dataUSA
Stripe Inc.Payment processing and billingBilling identifiers, payment card tokens (held by Stripe)USA
Anthropic PBCAI drafting (Claude models)Campaign prompts, lead context for draftingUSA
Google LLC (Gmail API)Sending email from your connected GmailOAuth tokens, email content you sendUSA
Third-party SMTP (user-provided)Sending via your SMTP (e.g., Outlook, Zoho, custom)SMTP credentials, email content you sendVaries by provider
Apollo.io (user-linked)Lead enrichment and contact discoveryICP queries, business criteriaUSA

Third-party services linked to or integrated with the Platform have their own privacy policies governing their handling of your data. We are not responsible for their practices.

9. Apollo.io API Integration

If you connect your Apollo.io account by providing your Apollo API key, the following applies:

  • What we collect: Your Apollo API key (stored encrypted at rest) and the ICP parameters you configure (keywords, company size, location, etc.).
  • How we use it: Solely to execute automated lead searches on your behalf based on your campaign configuration. We query Apollo's API using your credentials and your ICP parameters to retrieve contact records matching your criteria.
  • Data we retrieve: Contact information returned by Apollo (name, email, company, title, etc.). We do not store this data beyond what is necessary to execute your active campaigns. Lead records used in sent campaigns are retained per the retention schedule in Section 5.
  • No sale or sharing: We do not sell, share, or use Apollo-sourced lead data for any purpose other than executing your campaigns. We do not use it for analytics, advertising, or model training.
  • Your responsibility: You are solely responsible for complying with Apollo's Terms of Service and Data Use Policy, for having a lawful basis to process and contact the individuals returned, and for ensuring your use of Apollo data complies with applicable law (including CAN-SPAM and data protection regulations).
  • Credentials security: Your Apollo API key is encrypted at rest and transmitted only over encrypted connections. Access is restricted to the Platform systems that execute your lead searches.
  • Revocation: You may disconnect your Apollo integration at any time in Account Settings. Upon disconnection, we delete your stored API key within 30 days.

GetLoomic is not affiliated with, endorsed by, or a partner of Apollo.io. Apollo.io is governed by its own Privacy Policy and Terms of Service.

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your data, or to object to or restrict processing. To exercise these rights, contact us at service@getloomic.com. We will verify your identity and respond within the timeframes required by applicable law (generally within 30 to 45 days). You are responsible for responding to requests from your own contacts and data subjects regarding data you control.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), grants you the following rights:

  • Right to know. You have the right to request disclosure of the categories and specific pieces of personal information we collect, the sources of collection, the purposes of collection, and the categories of third parties with whom we share personal information.
  • Right to delete. You have the right to request deletion of your personal information, subject to exceptions (e.g., records required for legal, security, or compliance purposes).
  • Right to correct. You have the right to request correction of inaccurate personal information.
  • Right to opt out of sale or sharing. You have the right to opt out of the sale or sharing (for cross-context behavioral advertising) of your personal information.
  • Right to limit use of sensitive personal information. You have the right to limit the use and disclosure of sensitive personal information to specific purposes.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

Do Not Sell or Share My Personal Information. We do not sell your personal information for monetary consideration, and we do not share your personal information for cross-context behavioral advertising, as those terms are defined by the CCPA/CPRA. We have not done so in the preceding twelve (12) months. If this changes, we will update this notice and provide a "Do Not Sell or Share My Personal Information" link in a conspicuous location.

Categories of personal information collected in the preceding 12 months:

  • Identifiers: name, email address, IP address, account identifiers.
  • Commercial information: subscription plan, billing history, transaction records.
  • Internet or other electronic network activity: pages visited, actions on the Platform, device/browser data, session logs.
  • Geolocation data: approximate location derived from IP address.
  • Professional or employment-related information: company name, role (if provided).
  • Inferences: product preferences and usage patterns derived from the above.

Sources of collection: directly from you; automatically from your device and usage of the Platform; from connected services you authorize (e.g., Google OAuth, Stripe); from lead data providers you link (e.g., Apollo) under your instructions.

Business purposes for collection: providing and securing the Platform; billing and payment; customer support; fraud prevention; legal compliance; product improvement (using aggregated, non-identifying data only).

Categories of recipients: subprocessors listed in Section 8; legal or regulatory authorities when required by law; professional advisors bound by confidentiality; parties to a business transfer (e.g., merger, acquisition).

Sensitive personal information. We do not use or disclose sensitive personal information for purposes other than those permitted without the right to limit under CCPA/CPRA § 7027.

How to exercise your rights. Submit a verifiable consumer request by emailing service@getloomic.com. We will verify your identity through account authentication or matching identifiers and respond within 45 days (extendable by 45 days with notice). You may designate an authorized agent to make a request on your behalf, subject to verification. We do not charge for responding unless requests are manifestly unfounded or excessive.

Financial incentives. We do not offer financial incentives in exchange for the collection, sale, or retention of personal information.

12. Canadian Privacy Rights (PIPEDA)

GetLoomic is operated under the laws of the Province of British Columbia, Canada. Accordingly, the collection, use, and disclosure of personal information is governed by Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"), S.C. 2000, c. 5, as amended, and, where applicable, the British Columbia Personal Information Protection Act ("PIPA"), S.B.C. 2003, c. 63.

Under PIPEDA, you have the following rights with respect to your personal information:

  • Right to access. You may request access to the personal information we hold about you, the purposes for which it is used, and the categories of third parties to whom it has been disclosed.
  • Right to correction. You may request that we correct inaccurate or incomplete personal information.
  • Right to withdraw consent. Where processing is based on your consent, you may withdraw it at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal may affect your ability to use the Platform.
  • Right to complain. If you believe we have not complied with PIPEDA, you may file a complaint with the Office of the Privacy Commissioner of Canada ("OPC") at www.priv.gc.ca.

Privacy Officer. We have designated a Privacy Officer responsible for our compliance with PIPEDA. To exercise any of the rights above, or to direct privacy-related inquiries to our Privacy Officer, contact us at service@getloomic.com with the subject line "PIPEDA Privacy Request". We will acknowledge your request within 5 business days and respond within 30 days (extendable by up to 30 additional days with written notice).

Accountability. GetLoomic is accountable for personal information under its control. We implement policies and procedures to fulfill our obligations under PIPEDA and train relevant personnel accordingly.

13. Cookies and Tracking Technologies

We use a limited set of cookies and similar technologies to operate the Platform and keep you signed in. We aim to keep tracking minimal and avoid third-party advertising or cross-site profiling.

  • Strictly necessary cookies (authentication, session management, security, load balancing): these cannot be disabled without breaking core functionality. Examples include NextAuth session cookies and CSRF tokens.
  • Functional cookies: remember preferences such as UI state or recently selected options.
  • Service provider cookies: Stripe sets cookies as part of checkout for fraud prevention; Vercel may set cookies as part of hosting and performance monitoring. These are governed by the providers' own privacy policies.

We do not use advertising cookies, third-party analytics that build cross-site advertising profiles, or social media retargeting pixels. If we add any such technology in the future, we will update this section and implement appropriate notice and consent mechanisms where required (including an EU cookie banner for EU visitors, if applicable).

Your choices. You can control cookies through your browser settings. Blocking strictly necessary cookies may prevent you from signing in or using parts of the Platform.

Do Not Track. Our Platform does not currently respond to browser Do Not Track signals because there is no consistent industry standard. We maintain the minimization practices described above regardless.

14. Children's Privacy

The Platform is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us at service@getloomic.com and we will take reasonable steps to delete it.

15. International Users

The Platform is operated by a company incorporated under the laws of the Province of British Columbia, Canada, and is hosted on infrastructure located in the United States (Vercel). Users and customers may be located anywhere in the world. You choose the recipients you contact and the jurisdictions you target in your campaign settings and automation workflows.

The Platform is primarily designed for outreach to recipients in the United States, with optional Canada (CASL) support when you record the appropriate consent on your account. We do not provide automated jurisdictional blocking for other regions, including the European Economic Area or the United Kingdom. You are solely responsible for determining whether you have a lawful basis under applicable local law (including GDPR, UK GDPR, CASL, PIPEDA, and other marketing or data-protection laws) before contacting recipients in any jurisdiction. By configuring and activating a campaign, you confirm that you have such basis for every recipient you target.

If you access the Platform from outside Canada or the United States, you acknowledge that your personal information will be transferred to, stored, and processed in the United States in accordance with this Privacy Policy and applicable Canadian law. By using the Platform, you consent to such transfer and processing.

16. Limitation of Liability and Indemnification

To the maximum extent permitted by law, GetLoomic and its affiliates, officers, and employees shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or for any loss of data, revenue, or profits, arising from your use of the Platform or your campaigns. Our total liability shall not exceed the amount you paid us in the twelve (12) months preceding the claim, or one hundred U.S. dollars (whichever is greater). You agree to indemnify, defend, and hold harmless GetLoomic from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from your use of the Platform, your content, your campaigns, your violation of law or third-party rights, or any breach of your obligations under our terms or this policy.

17. Third-Party Claims and User Responsibility

You are solely responsible for any claims, complaints, or legal actions brought by recipients of your emails, leads, or any third parties in connection with your campaigns or your use of the Platform. GetLoomic is not a party to your communications and bears no responsibility for the content, targeting, frequency, or legality of messages sent through the Platform. If any third party brings a claim against GetLoomic arising from your use, you agree to fully indemnify and defend GetLoomic as described above.

18. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will be revised. Continued use of the Platform after changes constitutes acceptance of the updated policy. Material changes (including new categories of data collected, new subprocessors handling sensitive data, or changes to retention periods) will be communicated via email or a prominent notice on the Platform.

19. Contact

For all inquiries — including privacy questions, rights requests, complaints, and general support — contact service@getloomic.com. Please indicate "Privacy Request" or "Rights Request" in the subject line where applicable so we can prioritize your request.

Back to GetLoomic