1. What we collect
Account identifiers (email address), authentication metadata (device identifiers for OTP delivery), purchase history (orders you place through Loop), and on-chain activity tied to wallet addresses you explicitly link to your account.
2. How we use it
Fulfilling gift-card orders, paying out cashback to the wallet address you configure, sending transactional and security-related email, and meeting legal / regulatory obligations (KYC / AML where applicable to Stellar payouts).
3. Who we share it with
Our upstream gift-card supplier (CTX — required to procure the card you ordered), our email provider (transactional delivery only), and regulators / law enforcement where legally required. We do not sell your data.
4. How long we keep it
Order and credit-ledger data are retained for the duration required by accounting and regulatory rules in your home jurisdiction. Account identifiers are deleted within 30 days of account closure unless retention is mandated by law.
5. Your rights
Access, rectification, erasure, portability, and restriction of processing — subject to the applicable regime in your jurisdiction (UK GDPR / EU GDPR / CCPA / equivalent). Self-serve: GET /api/users/me/dsr/export returns a JSON envelope of every row Loop holds for your account; POST /api/users/me/dsr/delete anonymises your account (ledger rows are retained per accounting / regulatory rules and are no longer linked to a real person). Requests: privacy@loopfinance.io.
6. Where your data is hosted
Loop runs on Fly.io, a US-headquartered cloud platform. Application servers and the Postgres database operate from Fly's primary region (currently lhr — London) with hot replicas in adjacent regions for failover. On-chain settlement activity transits the public Stellar network. Email is delivered via our transactional-mail provider; that provider stores message bodies for the duration required to deliver and bounce-handle them. International data transfers (between Loop's UK-incorporated entity and Fly's US infrastructure) rely on the UK / EU Standard Contractual Clauses where applicable.
7. Cookies & tracking
Loop is bearer-token authenticated; the backend never sets cookies for our own session state. Authentication metadata is held in your browser's sessionStorage on the web and the OS keychain on native (iOS / Android), neither of which is a cookie. We don't set analytics or advertising cookies. The Google / Apple sign-in providers may set short-lived cookies during the OAuth flow on their own domains; those cookies are strictly necessary for the sign-in to complete and fall outside the consent-banner requirement under UK PECR / EU ePrivacy. If we add an analytics or advertising vendor in future, we will surface a consent banner before any non-essential cookie is set.
8. Contact
Data protection questions: privacy@loopfinance.io. General contact: hello@loopfinance.io.