Legal

Privacy Policy

Last updated: 5 April 2026

1. Who We Are

Loopion Ltd ("Loopion", "we", "us", "our") is a meeting accountability platform that captures actions from meetings, tracks their completion, and resurfaces outstanding items automatically. We are registered in England & Wales. Our contact email is privacy@loopion.ai.

2. Data We Collect

2.1 Account Data

When you sign up, we collect:

  • Name and email address (via Microsoft SSO or email sign-up)
  • Workspace and team membership information
  • Profile preferences and settings

2.2 Meeting Data

When Loopion joins your meetings, we process:

  • Audio recordings — temporarily captured during the meeting for transcription purposes only. Audio files are processed and deleted; we do not store raw recordings.
  • Transcripts — generated from audio using AI transcription services. Stored within your workspace.
  • Speaker identification — voice identity data used to attribute actions to the correct participants.
  • Meeting metadata — date, time, duration, participant names, calendar event details.

2.3 Action Data

  • Actions extracted from meeting transcripts
  • Action owners, due dates, and completion status
  • Carry-forward history and accountability metrics

2.4 Usage Data

  • Pages visited, features used, session duration
  • Device type, browser, IP address (anonymised)
  • Error and performance logs

3. How We Use Your Data

We use your data to:

  • Provide the Loopion service — joining meetings, transcribing, extracting actions, tracking accountability
  • Post recap messages to your Microsoft Teams channels
  • Send notifications about outstanding actions
  • Improve our AI models and service quality
  • Provide customer support
  • Comply with legal obligations

4. Legal Basis (GDPR)

We process your data under the following legal bases:

  • Contract performance — processing necessary to deliver the service you've signed up for
  • Legitimate interests — improving our service, preventing fraud, ensuring security
  • Consent — where we need your explicit consent (e.g., marketing communications)
  • Legal obligation — where we're required to process data by law

5. Third-Party Processors

We use carefully selected third-party services to process your data. Each processor is bound by data processing agreements. See our full subprocessors list.

Key processors include:

  • OpenAI — AI transcription and action extraction
  • Anthropic — AI processing (Claude models)
  • Supabase — database hosting (EU region)
  • Vercel — application hosting
  • Microsoft Azure — compute infrastructure and email delivery
  • Microsoft Graph API — calendar and Teams integration

6. Data Retention

  • Audio files — processed and deleted within 7 days
  • Transcripts & actions — retained for the lifetime of your workspace, or until you delete them
  • Account data — retained until account deletion, plus 30 days for backup recovery
  • Usage logs — retained for 90 days

7. Data Storage & Security

Your data is stored on servers in the European Union (EU). We implement comprehensive security measures including:

  • AES-256-GCM encryption for sensitive data at rest
  • TLS 1.3 for data in transit
  • HMAC SHA-256 request authentication
  • 8 layered security systems with 32 feature flags
  • Automated threat detection, fingerprinting, and circuit-breaker lockdown
  • Self-healing recovery systems

For full details, see our Security page.

8. Your Rights

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — restrict processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact privacy@loopion.ai. We will respond within 30 days.

9. International Transfers

Some of our processors (e.g., OpenAI, Anthropic) are based in the United States. Where data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Loopion is designed for business use and is not intended for individuals under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the Loopion platform. The "Last updated" date at the top of this page indicates when this policy was last revised.

12. Contact Us

For questions about this privacy policy or our data practices, contact:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.