Skip to main content
LpReply

Last updated: February 15, 2026

Privacy Policy

This Privacy Policy explains how LoopReply ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our platform, website, APIs, and embeddable chat widget (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Authentication credentials (securely managed)
  • Workspace and team membership information
  • Billing information (processed and stored by Stripe — we do not store full card numbers)

1.2 Usage Data

We automatically collect information about how you interact with the Service:

  • Pages visited, features used, and actions taken within the dashboard
  • Device type, browser, operating system, and IP address
  • Referral source and session duration
  • Session recordings, heatmaps, and click data (via PostHog, only with your consent)
  • Bot performance metrics (response times, conversation volumes, handoff rates)

1.3 Content You Provide

Through your use of the Service, you may upload or generate:

  • Knowledge base documents (PDFs, spreadsheets, URLs, etc.)
  • Bot configurations, workflow designs, and system instructions
  • Conversation data between your bots and end users
  • Custom fields and visitor metadata

1.4 End User Data

When visitors interact with your bots via the chat widget, we may collect on your behalf:

  • Messages sent during conversations
  • Name, email, phone number, or other fields you configure for collection
  • Browser type, device information, and IP address
  • Page URL where the widget is embedded

As a LoopReply customer, you act as the data controller for end user data collected through your bots. You are responsible for providing appropriate privacy notices to your end users and obtaining any required consent.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process transactions and manage your subscription
  • Send service-related communications (account updates, security alerts, billing notices)
  • Generate analytics and insights about bot performance
  • Detect and prevent fraud, abuse, and security incidents
  • Respond to support requests
  • Comply with legal obligations

We do not use your content or conversation data to train AI models. When conversations are processed by third-party AI providers to generate responses, the data is sent transiently and is not retained by those providers for training purposes.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1 Service Providers

We use trusted third-party services to operate the platform:

  • Stripe — Payment processing and subscription management
  • AI Providers (OpenAI, Anthropic, Google, Meta, Mistral) — Generating AI responses
  • Cloud infrastructure providers — Authentication, database hosting, and real-time messaging
  • PostHog — Product analytics, session recordings, and heatmaps (EU-hosted)

Each provider processes data solely on our behalf and is contractually obligated to protect your information.

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

If LoopReply is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Storage and Security

Your data is protected with industry-standard security measures:

  • Encryption at rest — All data stored in our database is encrypted using AES-256
  • Encryption in transit — All connections use TLS 1.3
  • Password hashing — User passwords are hashed with bcrypt with adaptive cost factors
  • Row-Level Security — Database policies ensure users can only access data belonging to their workspace
  • Automatic key rotation — Encryption keys are rotated on a regular schedule
  • Rate limiting — API rate limits (10/sec, 50/10sec, 200/min) protect against abuse
  • Role-based access control — Granular permissions for workspace members

Data is hosted on SOC 2 compliant cloud infrastructure. While we implement robust security measures, no system is completely secure. We encourage you to use strong passwords and enable additional security features when available.

5. Data Retention

  • Account data — Retained for the duration of your account. Deleted within 30 days of account closure.
  • Conversation data — Retained for the duration of your subscription. You can delete individual conversations at any time.
  • Knowledge base content — Retained until you delete the source or close your account.
  • Usage logs — Retained for up to 12 months for analytics and security purposes.
  • Billing records — Retained as required by applicable tax and accounting laws.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Correct inaccurate or incomplete personal data
  • Erasure — Request deletion of your personal data
  • Portability — Receive your data in a structured, machine-readable format
  • Restriction — Request that we limit the processing of your data
  • Objection — Object to certain types of data processing
  • Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at support@loopreply.com. We will respond within 30 days.

7. International Data Transfers

Your data may be processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent legal mechanisms, to protect your information in compliance with applicable data protection laws.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

10. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at support@loopreply.com.

AICPASOC 2

SOC-2 Type II

Excellence from design to operation: data privacy, processing integrity, and confidentiality stay top of mind.

ISO27001:2022

ISO/IEC 27001:2022

The highest organizational standards for information security management, ensuring your data stays private.

GDPR

GDPR Compliant

Personal data remains personal. Advanced user permissions let users define handling procedures.

HIPAA

HIPAA Compliant

Safeguarded systems designed to keep protected health information (PHI) secure.