Privacy Policy for Loom21

Last Updated: May 30, 2025

Loom21 LTD ("we," "us," or "our") operates Loom21 (the "Service"), a web application that allows users to create accounts, manage products, clients, suppliers, and invoices. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are

We are Loom21 LTD, located at Tvarditsa, Aleko Konstantinov 11 str. For the purposes of GDPR, we are the "Data Controller" responsible for the personal data we collect and process through the Service.

Contact Information:
Submit an inquiry
Address: Tvarditsa, Aleko Konstantinov 11 str.

2. Information We Collect

We collect and process the following types of personal data when you use our Service:

a. Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, username, password, and any other information you provide (e.g., phone number, company details).
  • Business Data: Information about your products, clients, suppliers, and invoices, which may include personal data such as names, contact details, or financial information (e.g., billing addresses).
  • Communications: Any information you provide (e.g., name, email, message) when contacting us via our contact form, which we process to respond to your inquiries or requests.

b. Information Collected Automatically

  • Usage Data: Information about how you interact with the Service, such as IP address, browser type, device information, pages visited, and timestamps.

c. Information from Third Parties

  • If you integrate third-party services (e.g., payment processors like Stripe), we may receive limited data from these providers, subject to their privacy policies.

3. Legal Basis for Processing (GDPR)

Under GDPR, we process personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent (e.g., for marketing emails).
  • Contract: To fulfill our obligations under the Service agreement (e.g., providing access to your account and managing your inventory data).
  • Legitimate Interests: For purposes such as improving the Service, ensuring security, or preventing fraud, where our interests do not override your rights.
  • Legal Obligation: To comply with applicable laws, such as tax or reporting requirements.

4. How We Use Your Information

We use your personal data for the following purposes:

  • To Provide and Operate the Service:
    • Create and manage your account.
    • Process and store your inventory, client, supplier, and invoice data.
    • Facilitate invoicing and related functionalities.
  • To Improve and Personalize the Service:
    • Analyze usage patterns to enhance functionality and user experience.
    • Tailor content or features to your preferences (where permitted).
  • To Communicate:
    • Send you transactional emails (e.g., account confirmations, password resets).
    • Respond to your inquiries or support requests submitted via our contact form.
    • Send marketing communications (with your consent, where required).
  • To Ensure Security:
    • Detect and prevent fraud, unauthorized access, or other illegal activities.
    • Maintain the integrity of the Service.
  • To Comply with Legal Obligations:
    • Meet regulatory requirements, such as tax reporting or data protection laws.

5. How We Share Your Information

We do not sell your personal data. We may share your data in the following circumstances:

  • Service Providers: With trusted third-party providers who assist us in operating the Service, such as hosting providers and payment processors. For example, we use Stripe, Inc. to process payments, and Stripe may collect and process payment-related data (e.g., billing information) in accordance with its Privacy Policy. All service providers are contractually obligated to protect your data and comply with applicable data protection laws, including GDPR.Privacy Policy
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to applicable data protection laws.
  • Legal Requirements: If required by law, regulation, or legal process (e.g., court orders, subpoenas), we may disclose your data to authorities.
  • With Your Consent: Where you explicitly agree to the sharing of your data.

6. International Data Transfers

Our Service is accessible globally, and your data may be processed or stored in countries outside your region, including the United States (e.g., by Stripe for payment processing) and the European Union. We ensure that any international data transfers comply with GDPR and other applicable laws, using mechanisms such as:

  • Standard Contractual Clauses (SCCs): For transfers outside the European Economic Area (EEA).
  • Adequacy Decisions: Where the recipient country is deemed to have adequate data protection by the European Commission.
  • Other Safeguards: As required by local laws (e.g., Binding Corporate Rules for intra-group transfers).

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. For example:

  • Account data is retained while your account is active and for 7 years after account deletion to comply with legal obligations (e.g., tax laws).
  • Usage data may be retained for 2 years for analytics or security purposes.
  • You may request deletion of your data (see Section 8).

8. Your Data Protection Rights

Depending on your location, you may have the following rights under GDPR and other applicable laws:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data (subject to legal obligations).
  • Restriction: Restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests (e.g., marketing).
  • Withdraw Consent: Withdraw consent at any time, where processing is based on consent.
  • Lodge a Complaint: Contact a supervisory authority (e.g., in the EU, your local Data Protection Authority) if you believe we have violated your rights.

To exercise these rights, use our contact form. We will respond within 30 days for GDPR, or as required by local law. contact form.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit and at rest.
  • Secure authentication mechanisms.
  • Regular security assessments and updates.

However, no system is completely secure, and we cannot guarantee absolute security. Please notify us immediately via our contact form if you suspect unauthorized access to your account. contact form.

10. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., payment processors like Stripe). We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.

11. Children’s Privacy

Our Service is not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please use our contact form to request deletion. contact form.

12. Compliance with Other Laws

In addition to GDPR, we strive to comply with other applicable data protection laws, such as:

  • CCPA (California, USA): If you are a California resident, you may have rights to access, delete, or opt out of the sale of your data. We do not sell data, but you can exercise other rights by contacting us.
  • PIPEDA (Canada): We ensure fair information practices for Canadian users.
  • LGPD (Brazil): We comply with Brazil’s data protection requirements.

Contact us via our contact form for details on how we comply with your local laws. contact form.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or a notice on the Service. The updated policy will be effective as of the "Last Updated" date.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Contact Form:Submit an inquiry
Address: Tvarditsa, Aleko Konstantinov 11 str.

For GDPR complaints, you may also contact your local Data Protection Authority.

Loom 21

Loom21: Simplify inventory tracking and payment links for Bitcoin or fiat, plus manage sales and customers. Start now!

Get in touch
© 2025 Loom 21
FAQRoadmapPrivacy Policyarrow_drop_up