Privacy Policy
Last updated: June 15, 2026
This policy explains how Loopd handles personal information through meetloopd.com. Loopd is an 18+ fitness-coaching platform. It is not medical care and is not intended for emergency or urgent health decisions.
Our Privacy Roles
For client records that a coach chooses to create and manage, such as client contact details, goals, check ins, notes, and photos, the coach generally determines why the data is processed. In that context, Loopd generally acts as the coach's processor or service provider by hosting and processing the data to provide the Service.
Loopd generally acts as a controller or business for information needed to run Loopd itself, including coach and client login accounts, policy acceptances, security and anti-abuse records, support communications, subscription records, and product administration. Exact legal roles can depend on the facts and applicable law.
Information We Process
- Account information: name, email address, authentication data, role, and account settings.
- Coach entered client information: name, email, goals, check in schedule, notes, and invitation status.
- Check in and fitness information: weight, sleep, stress, energy, nutrition adherence, training activity, goals, and free text responses.
- Photos: optional progress photos and client profile images.
- Billing information: plan, subscription status, and Stripe customer and subscription identifiers. Stripe receives card details directly; Loopd does not store full card numbers or security codes.
- Technical and security information: IP address, browser and device details, request data, authentication events, and rate-limit or abuse-prevention records.
- Communications: support, accessibility, refund, and privacy request messages.
- Consent records: user ID, policy type and version, acceptance time, source flow, and relevant consent scope.
Why We Use Information
- provide accounts, coach dashboards, client claims, check ins, photos, and progress tracking;
- generate draft AI assisted summaries for human coach review;
- process subscriptions, prevent fraud, secure the Service, and enforce usage limits;
- send authentication, invitation, check in, billing, trial, security, and other service messages;
- respond to support and privacy requests and comply with legal obligations; and
- diagnose failures and improve reliability and usability.
Depending on the context and law, our legal bases may include performing a contract, legitimate interests in operating and securing the Service, compliance with law, and consent. We request explicit client consent before processing health, fitness, check in, and progress-photo data through the authenticated client flow. Consent may be withdrawn prospectively, but that does not make earlier lawful processing unlawful.
Coach Authority and Client Consent
Coaches must have lawful authority and all required client consent before entering, uploading, or otherwise processing client information or photos in Loopd. Coaches must not use Loopd for a client under 18. When a coach controls the data, Loopd may refer a client request to that coach or assist the coach in responding.
AI Processing and Human Review
Loopd sends selected check in information, which may include a client's name, goals, responses, and coach notes, to Anthropic's commercial API to create a draft summary. AI summaries can be incomplete or inaccurate and require human coach review. They are not medical advice and must not be used for diagnosis, treatment, emergencies, or urgent health decisions.
Loopd currently uses Anthropic's standard commercial API configuration. Under Anthropic's published commercial terms, API inputs and outputs are not used to train its models unless the customer opts in, and standard API inputs and outputs are generally deleted from Anthropic's systems within 30 days, subject to stated legal, safety, and service exceptions. Loopd has not configured a separate zero-data-retention arrangement.
HIPAA
Loopd does not claim HIPAA compliance. The Service is not currently offered for protected health information handled for a HIPAA covered entity or business associate without a separate written agreement, any required business associate agreement, and confirmed controls. Users who require that arrangement must not place PHI in Loopd unless and until it is completed.
Service Providers and Subprocessors
Loopd currently uses the following providers:
- Supabase: database, authentication, and private photo storage.
- Vercel: application hosting, delivery, and operational request logs.
- Anthropic: AI assisted check in summaries.
- Stripe: checkout, subscriptions, billing, and payment fraud prevention. Stripe may act under its own legal obligations for some payment activities.
- Resend: transactional email delivery.
- Cloudflare: Turnstile bot protection and network services.
- Upstash: rate limiting and related security controls.
These providers process only the categories needed for their functions. Their own subprocessors may also support those services. We will keep this list current. If a material provider change significantly affects client-data processing, we will post the change here and provide additional notice where required by contract or law.
When We Disclose Information
We disclose information to the coach connected to a client profile, to the providers above, at a user's direction, to investigate abuse or protect rights and safety, when legally required, and as part of a merger, financing, acquisition, or sale subject to appropriate safeguards. We do not sell personal information or share it for cross-context behavioral advertising. See our Do Not Sell or Share page.
Cookies and Similar Technologies
Loopd uses necessary cookies and browser storage for authentication, security, checkout, billing management, and remembering the cookie notice preference. We do not currently use advertising cookies or third-party behavioral analytics. Details are in our Cookie Policy.
Retention and Deletion
Active account, client, check in, and photo data is kept while needed to provide the Service. When a coach deletes a client, Loopd deletes that client's active database record, check ins, progress photos, and profile image. When a coach deletes an account, Loopd cancels any active subscription and deletes the active account and associated client records and stored photos.
Deletion from active systems does not mean every record disappears instantly. Limited information may remain temporarily in provider backups, security logs, email delivery records, or transaction systems until normal retention cycles expire. Loopd may also retain records required for fraud prevention, dispute handling, tax, accounting, legal compliance, or establishment of legal claims. Policy-acceptance records are designed as historical, append-only evidence and may be retained as legally necessary. Where feasible, retained data is minimized or de-identified.
Security
Loopd uses access controls, private storage, time-limited photo links, authentication, rate limits, and service-provider security controls. No internet service can guarantee absolute security. Users should use secure devices and promptly report suspected misuse.
Security Incidents and Breach Notices
Loopd will investigate suspected incidents and notify regulators, coaches, clients, or other affected people when and as required by applicable law. Timing and content depend on the type of information, risk of harm, jurisdiction, law-enforcement needs, and whether another organization is responsible for notifying its clients.
For example, GDPR may require notice to a supervisory authority within 72 hours where feasible when a reportable personal-data breach occurs, while notice to individuals is generally required without undue delay only when the breach is likely to create a high risk. Other laws, including U.S. state laws and potentially the FTC Health Breach Notification Rule, have different triggers and deadlines.
International Transfers
Loopd and several providers process data in the United States. If personal data protected by EEA, UK, or Swiss transfer rules is sent to the United States or another country without an adequacy decision, the relevant parties may rely on approved contractual safeguards, such as the European Commission's Standard Contractual Clauses or the applicable UK addendum, together with supplementary measures where required.
Coaches using Loopd for EEA or UK client data are responsible for ensuring that required controller-to-processor terms and transfer safeguards are in place. Loopd does not currently publish a coach data processing addendum; contact us before using Loopd where such an agreement is required.
Your Privacy Rights
Depending on where you live and whether Loopd or your coach controls the information, you may have rights to access, correct, delete, restrict, object to, or obtain a portable copy of personal data, withdraw consent, and appeal or complain. California residents may also have rights to know, correct, delete, limit certain sensitive-information uses, and opt out of sale or sharing if the CCPA applies.
EEA and UK users may complain to the data-protection authority where they live or work or where an alleged infringement occurred. UK users may contact the Information Commissioner's Office. EEA authority details are available through the European Data Protection Board. Submit requests through our Data Request page.
People Under 18
Loopd is only for people 18 or older. We do not knowingly permit minors to create accounts, claim profiles, or submit check ins or photos. Loopd has no parental consent system. Contact us if you believe a minor's information has been submitted so we can investigate and delete it as appropriate.
Changes to This Policy
We may update this policy as the Service or law changes. We will post the revised date and provide reasonable additional notice for material changes. We may require users to accept a new policy version before continuing authenticated use.
Contact
Contact hello@meetloopd.com. Loopd's verified legal entity name and mailing address have not yet been confirmed and therefore are not stated here.