Privacy Policy

Last updated: December 17, 2025

At Loopclub Ltd (“Company,” “we,” “us,” or “our”), we are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information. This Privacy Policy explains our practices regarding the personal information we collect when you use InitStack and related services (collectively, the “Services”).

This Privacy Policy is designed to comply with applicable privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the General Data Protection Regulation (GDPR), and other applicable privacy regulations. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, password, and profile information when you create an account
  • Payment Information: Billing address, payment card details, and transaction history (payment processing is handled securely through Stripe)
  • Business Information: Company name, job title, and organization details (optional)
  • Communications: Information you provide when contacting our support team, responding to surveys, or participating in promotions
  • User Content: Applications, code, databases, files, and other content you create or upload using our Services
  • AI Interactions: Prompts, queries, and conversations you have with our AI-powered features

1.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

  • Log Data: IP address, browser type and version, operating system, referring URLs, pages visited, time and date of visits, and time spent on pages
  • Device Information: Device type, unique device identifiers, operating system version, and mobile network information
  • Usage Information: Features used, actions taken, frequency and duration of activities, and interaction patterns
  • Performance Data: Error reports, crash data, and diagnostic information
  • Location Information: General geographic location based on IP address

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Authentication Providers: If you sign in using Google or other OAuth providers, we receive your basic profile information
  • Payment Processors: Transaction status and fraud prevention information from Stripe
  • Analytics Providers: Aggregated usage data and insights
  • Marketing Partners: Information about how you interacted with our marketing campaigns

1.4 Cookies and Similar Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Improving Our Services

  • Create and manage your account
  • Process transactions and send related information
  • Provide customer support and respond to inquiries
  • Operate, maintain, and improve our Services
  • Develop new features and functionality
  • Personalize your experience based on your preferences

2.2 AI Processing

  • Process your prompts and generate code and content using AI technologies
  • Improve AI model performance and accuracy (using aggregated, anonymized data)
  • Detect and prevent misuse of AI features

For more information about how we use AI, please see our AI Use Policy.

2.3 Communications

  • Send technical notices, updates, security alerts, and administrative messages
  • Respond to your comments, questions, and support requests
  • Send promotional communications (with your consent, where required)
  • Provide information about products, services, and events

2.4 Analytics and Research

  • Monitor and analyze trends, usage, and activities
  • Measure the effectiveness of our marketing campaigns
  • Conduct research and analysis to improve our Services
  • Generate aggregated, anonymized insights

2.5 Security and Legal Compliance

  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Protect the rights, property, and safety of our users and the public
  • Comply with legal obligations and enforce our terms and policies
  • Respond to legal requests and prevent harm

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with our Services and fulfill our contractual obligations
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Services, preventing fraud, and marketing (where not overridden by your rights)
  • Consent: Processing based on your explicit consent, which you may withdraw at any time
  • Legal Obligation: Processing necessary to comply with our legal obligations

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud Hosting and Infrastructure: Cloudflare, Fly.io, DigitalOcean, Amazon Web Services (AWS)
  • Payment Processing: Stripe
  • AI Service Providers: Anthropic, Google, OpenAI
  • Transactional Email: For account notifications, password resets, and service communications
  • Analytics and Monitoring: For service performance and usage analysis

These providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

  • Subpoenas, court orders, or legal process
  • Requests from law enforcement or government agencies
  • To protect our rights, privacy, safety, or property
  • To protect the safety of our users or the public
  • To detect, prevent, or address fraud, security, or technical issues

4.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

4.4 With Your Consent

We may share your information with third parties when you direct us to do so or provide your consent.

4.5 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit using TLS 1.3
  • Encryption of data at rest using AES-256
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery planning

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary based on:

  • Account Data: Retained while your account is active and for a reasonable period after deletion
  • Transaction Data: Retained for at least 7 years for tax and accounting purposes
  • Usage Data: Typically retained for 2 years for analytics purposes
  • Communication Records: Retained for 3 years for customer support purposes
  • Legal Hold: Data may be retained longer if required for legal proceedings

When personal information is no longer needed, we will securely delete or anonymize it.

7. Your Privacy Rights

7.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Restriction: Request restriction of processing of your information
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

7.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the “sale” or “sharing” of your personal information. We do not sell your personal information.
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of sensitive personal information to purposes necessary to provide the Services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email address, IP address, account name)
  • Commercial information (transaction history, products/services purchased)
  • Internet or network activity (browsing history, interactions with our Services)
  • Geolocation data (general location based on IP address)
  • Professional or employment-related information (job title, company)
  • Inferences drawn from the above (preferences, characteristics)

California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Sensitive Personal Information

Under the CPRA, “sensitive personal information” includes data such as Social Security numbers, financial account information, precise geolocation, and certain other categories. We collect limited sensitive personal information as necessary to provide our Services:

  • Account Login Credentials: Used solely for authentication purposes
  • Payment Information: Processed by Stripe; we do not store full payment card numbers

We use sensitive personal information only for purposes permitted under the CPRA. You have the right to limit the use of sensitive personal information to what is necessary to provide our Services.

Authorized Agents

California residents may designate an authorized agent to make privacy requests on their behalf. To do so, you must provide the agent with written permission and verify your identity with us. We may deny requests from agents who do not submit proof of authorization.

7.3 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You have the right to obtain confirmation of whether we process your personal data and to access that data.
  • Right to Rectification: You have the right to have inaccurate personal data corrected.
  • Right to Erasure: You have the right to have your personal data deleted in certain circumstances.
  • Right to Restriction: You have the right to request restriction of processing in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

International Data Transfers

Your personal data may be transferred to and processed in the United States and other countries outside of your country of residence. When we transfer data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other lawful transfer mechanisms

7.4 Exercising Your Rights

To exercise any of your privacy rights, you may:

  • Email us at privacy@gantry.dev
  • Use the privacy controls in your account settings
  • Submit a request through our website

We will respond to your request within the timeframe required by applicable law (generally 30-45 days). We may need to verify your identity before processing your request.

8. Children's Privacy

Our Services are not intended for children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@gantry.dev. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

9. Do Not Track Signals

Some web browsers transmit “Do Not Track” (DNT) signals to websites. Because there is no common understanding of how to interpret DNT signals, our Services do not currently respond to DNT signals. You can use the range of other tools we provide to control data collection and use.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the “Last updated” date at the top of this policy
  • Sending you an email notification for significant changes

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

  • Email: privacy@gantry.dev
  • Address:
    Loopclub Ltd
    Attn: Privacy Team
    4023 Kennett Pike #50389
    Wilmington, DE 19807
    United States

Data Protection Officer

For privacy inquiries related to GDPR compliance, you may contact our Data Protection Officer at dpo@gantry.dev.

EU Representative

If you are located in the European Union and have questions about our data practices, you may also contact our EU representative by emailing eu-privacy@gantry.dev.

Related Policies: