Privacy Policy
Last updated: July 7, 2026
Introduction
Welcome to Loopfly. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our platform — an AI-powered app builder available at loopfly.app (the “Service”).
This Policy covers Loopfly’s own users — the people who create accounts, build, and publish projects on Loopfly. It does not cover how an individual user’s published site collects or handles data from that site’s own visitors; that is addressed under “Published Site Data” below and in our Terms of Service.
We are committed to being transparent about our data practices. If you have questions, you can reach us at privacy@loopfly.app. By using Loopfly, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
Who We Are
Loopfly is operated by Loopfly LLC, a Georgia Limited Liability Company. For purposes of data protection laws, we are the “data controller” — meaning we determine how and why your personal data is processed. Contact us at privacy@loopfly.app.
Age Requirement
Loopfly is not intended for anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from someone under 18, we will delete it promptly. Contact us at privacy@loopfly.app if you believe a minor has provided us with personal data.
What Information We Collect
Information You Provide Directly
When you create an account, we collect your email address and password, along with your display name and any other details you choose to add to your profile. As you use the Service, we collect the prompts, messages, and instructions you send to the AI assistant, along with the code and files generated in your projects, and any workspace names, descriptions, and member configurations you set up. If you subscribe to a paid plan, our third-party payment processor collects your payment details; we retain only your subscription status, plan tier, and a customer identifier, not your full card number. If you submit bug reports, feature requests, feedback, or screenshots through the platform, we retain that information until it is resolved or no longer needed.
Information Collected Automatically
We automatically collect usage data (pages visited, features used, timestamps, and general interaction patterns), device and browser information (browser type, operating system, screen resolution, device type), and log data (IP address, access times, referring URLs, and server logs). We also collect technical metadata about live preview sessions, such as session status and activity timestamps, to operate the Service.
Published Site Data
When you publish a project, your site files are hosted on our content delivery network, and visitors to your published site generate standard web traffic logs (IP address, browser, request path) processed by our hosting provider. This category covers only infrastructure-level hosting logs. If a published site itself collects data from its visitors — for example, through a form, account system, or other feature built into the site — that collection is governed by the site owner’s own practices and privacy notice, not this Policy. See our Terms of Service for more detail.
Information Generated Through Your Use
We store the AI conversation history within each project — all messages exchanged between you and the AI assistant — to maintain context across your session; these messages are sent to our AI provider for processing. We store the code and files the AI creates on your behalf, and we track the number of AI credits consumed per interaction to manage your account balance. When technical errors occur during AI interactions, we may capture limited diagnostic information, such as the failed request type and timestamp, to debug and improve reliability; we exclude payment credentials and authentication secrets from this diagnostic data. If you joined our waitlist, we retain your email address to notify you of access and product updates, and you may request removal at any time by contacting privacy@loopfly.app.
How We Use Your Information
We use your information to provide the Service — creating and managing your account, workspaces, and projects; processing your prompts through AI to generate code; rendering live previews; and storing your project files. We also use it to process payments and manage billing through our payment processor; to send transactional emails such as account verification, password resets, and billing receipts; to monitor performance, fix bugs, analyze usage patterns, and maintain security and stability; to enforce our Terms of Service and prevent abuse or fraud; and to comply with legal obligations. We do not use your personal information for advertising, and we do not sell it to third parties.
Legal Basis for Processing (EEA/UK Users)
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data based on contract performance (to provide the Service you signed up for), legitimate interests (security, fraud prevention, and service improvement, where not overridden by your rights), consent (where you have given it explicitly, such as opting into marketing), and legal obligation (to comply with applicable law). While Loopfly does not currently target or market to users in the EEA or UK, we recognize we may have users who access the Service from those regions, and this section and the EEA/UK rights described below apply to them.
How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only with trusted third-party service providers, and only to the extent necessary to operate the Service: a third-party AI service that receives your prompts and conversation context to generate code, under a commercial agreement that prohibits that provider from using your data to train its models; cloud infrastructure and hosting providers that store your data, run project previews, and deliver your published sites; an authentication provider that manages account creation, login, and session management; a payment processor that handles your payment information (we do not store your full credit card number); and an email service provider that sends transactional messages. All providers are primarily located in the United States, with the exception of our CDN provider, which operates a global edge network. You may request a list of current service providers by contacting privacy@loopfly.app.
We may also disclose your information where required by law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Loopfly, our users, or the public; or in connection with a merger, acquisition, or sale of assets, in which case we will notify you of the change.
AI-Specific Data Practices
Loopfly uses a third-party AI service as a core part of the Service to generate code from your prompts. We send that provider your prompts, conversation history for the current project, and relevant project file information needed to generate or modify code. The AI operates within the boundaries of your project only and cannot access other users’ projects or data outside your project. Loopfly does not use your prompts, project content, or conversation history to train any AI models, and we access our AI provider under its commercial terms, which contractually prohibit the provider from using our API traffic to train its models. We recommend reviewing our AI provider’s privacy policy, available upon request, for the most current information on their own data practices. Each conversation starts fresh with only the context of the current project — the AI does not learn from or retain information between separate projects or users.
Data Retention
We retain personal data for as long as your account is active or as needed to provide the Service, on the following schedule:
- Account and profile data: retained until you delete your account.
- Project files and code: retained until you delete the project or your account.
- Conversation history: retained for the lifetime of the project to maintain AI context.
- Credit transaction logs: retained for up to 24 months after the transaction, or longer if required by law.
- Preview session data: retained for up to 90 days for operational and security purposes.
- Published site files: retained until you unpublish the project or delete your account; unpublishing removes all hosted files.
- Server logs: retained for up to 90 days for security and debugging purposes.
- Feedback submissions and associated screenshots: retained until resolved or no longer needed.
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it (for example, billing records for tax purposes).
Data Security
We implement technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS) between your browser and our servers, strict database isolation so your data cannot be accessed by other users, isolated execution environments for your project code, industry-standard authentication and session management, role-based access controls for workspace resources, and secure management of API keys and credentials. While we implement industry-standard protections, no system is 100% secure, and we cannot guarantee the absolute security of your data.
Data Breach Notification
If we become aware of a breach affecting your personal data, we will notify you without unreasonable delay and in accordance with applicable law, including the Georgia Personal Identity Protection Act and any other breach notification law that applies to you based on your location.
International Data Transfers
Loopfly is based in the United States, and our service providers are also primarily located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. For users in the EEA or UK, we rely on appropriate safeguards for international data transfers, which may include Standard Contractual Clauses (SCCs) or adequacy decisions recognized by the European Commission.
Your Rights
For All Users
- Access: request a copy of the personal data we hold about you.
- Correction: request that we correct inaccurate or incomplete data.
- Deletion: request that we delete your personal data, subject to legal retention requirements.
- Data portability: request your data in a structured, commonly used format.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time.
Additional Rights for EEA/UK Users
- Restriction: request that we restrict processing of your data in certain circumstances.
- Objection: object to processing based on our legitimate interests.
- Automated decision-making: you have the right not to be subject to decisions based solely on automated processing. Loopfly does not currently make automated decisions that produce legal effects concerning you.
- Complaint: you have the right to lodge a complaint with your local data protection authority.
Additional Rights for California Residents (CCPA/CPRA)
We do not sell or share your personal information as those terms are defined under the CCPA. You may request the categories and specific pieces of personal information we have collected about you (right to know), request deletion of your personal information (right to delete), and you will not be discriminated against for exercising your privacy rights. Because we do not sell or share personal information for cross-context behavioral advertising, there is no need to opt out of data sales.
To exercise any of these rights, contact us at privacy@loopfly.app. We will respond to verified requests within 30 days, or within the timeframe required by applicable law, which may be up to 45 days for certain requests under the CCPA.
Cookies and Tracking
Loopfly uses cookies in a limited capacity: essential cookies required for authentication, session management, and security (disabling them will prevent you from logging in or using the Service), and functional cookies used to remember preferences such as theme settings and editor configuration. We do not currently use third-party advertising cookies, tracking pixels, or analytics cookies. If we introduce analytics tools in the future, we will update this policy and, where required, obtain your consent before deploying them.
Third-Party Links
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with any personal data.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this policy. For significant changes, we will notify you via email or through a prominent notice within the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at privacy@loopfly.app. If you are an EEA/UK user and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.