Privacy Policy

Effective Date: March 31, 2026

At Loops, protecting personal data is important to us. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you access or use Loops, including our website, application, and related services, in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable French data protection laws.

1. Who is the data controller?

The data controller is:

ELS CAPITAL
EURL (Entreprise Unipersonnelle à Responsabilité Limitée)
33 Rue Gilbert Cesbron, 75017 Paris, France
SIREN: 102 461 555
RCS Paris: 102 461 555
VAT number: FR19102461555
Email: adham@tryloops.ai

In this Privacy Policy, “Loops”, “we”, “us”, and “our” refer to ELS CAPITAL as the operator of the Loops platform.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal data processed when you:

• visit the Loops website;
• create or use a Loops account;
• use the Loops application and its features;
• connect third-party advertising platforms to Loops;
• contact us for support, onboarding, demos, or commercial discussions;
• receive communications from us;
• or otherwise interact with Loops in a business context.

3. What personal data we collect

Depending on how you use Loops, we may collect or receive the following categories of personal data.

a. Identification and account data

• first name and last name;
• email address;
• login credentials;
• account identifiers;
• organization or company name;
• billing contact details.

b. Professional and business-related data

• company name;
• role or position;
• website URL;
• brand information;
• brand assets, including logos and creative materials;
• product information and related business content submitted to the platform.

c. Inputs, outputs, and user content

• prompts;
• briefs;
• text inputs;
• generated text;
• generated visuals;
• uploaded files, images, and business materials;
• workspace configuration and usage preferences.

d. Advertising platform integration data

Where you connect or use third-party advertising platforms through Loops, we may collect, receive, access, or display certain data associated with those platforms, including from Google Ads, Meta Ads, TikTok Ads, and Snapchat Ads, such as:

• account identifiers;
• advertising account metadata;
• campaign, ad set, ad, and creative-related information;
• performance and analytics-related data made available through the relevant platform;
• connection, authorization, or token-related data needed to maintain the integration.

e. Payment and subscription data

Payments are processed through Stripe. We do not store full card numbers. We may receive limited subscription and billing data, such as:

• billing status;
• payment status;
• invoice-related information;
• subscription plan details;
• partial payment identifiers.

f. Technical and usage data

• IP address;
• browser type;
• device information;
• operating system;
• log data;
• timestamps of access;
• pages or features used;

g. Communications data

• messages sent to support;
• onboarding and account-related communications;
• commercial exchanges;
• any information you choose to send to us.

4. Source of personal data

We may collect personal data:

• directly from you, when you create an account, upload materials, connect services, communicate with us, or use the platform;
• indirectly from third-party services that you choose to connect to Loops, including Google Ads, Meta Ads, TikTok Ads, and Snapchat Ads;
• automatically through your use of the website or platform, including technical logs and usage data;
• from payment providers such as Stripe in connection with subscriptions and billing.

Where personal data is not obtained directly from you, it is collected only to the extent necessary to provide the requested functionality, maintain integrations, operate the service, or comply with legal obligations. Article 14 GDPR requires transparency about data sources when data is obtained indirectly.

5. Mandatory and optional data

Certain personal data is required in order to:

• create and manage your account;
• provide access to the platform;
• process payments;
• connect advertising platform integrations;
• or provide specific features or support.

If mandatory data is not provided, we may be unable to provide all or part of the service.

Other data may be optional and only collected where relevant to a feature, support request, or workflow.

6. Why we process your data

We process personal data for the following purposes.

a. To provide the Loops service

This includes:

• creating and managing user accounts;
• providing access to the platform and its features;
• storing and processing uploaded materials;
• generating outputs;
• operating integrations;
• and providing customer support.

Legal basis: performance of a contract or steps taken at your request prior to entering into a contract.

b. To manage subscriptions, invoicing, and payments

This includes:

• billing and subscription administration;
• payment verification;
• fraud prevention;
• accounting and invoice management.

Legal basis: performance of a contract, legal obligations, and our legitimate interests in securing payments and preventing fraud.

c. To provide advertising platform integrations

This includes:

• connecting advertising accounts;
• retrieving and displaying campaign, creative, or analytics-related data;
• supporting advertising workflows;
• facilitating the creation, adaptation, or use of outputs across connected platforms.

Legal basis: performance of a contract and, where applicable, our legitimate interests in operating and improving integrations requested by users.

d. To maintain, secure, and improve the platform

This includes:

• monitoring system performance;
• preventing unauthorized access and abuse;
• detecting bugs and incidents;
• improving workflows, features, quality, and reliability.

Legal basis: our legitimate interests in securing, maintaining, and improving the platform.

e. To communicate with you

This includes:

• account notifications;
• service-related messages;
• support responses;
• commercial and onboarding communications;
• and important updates about the service.

Legal basis: performance of a contract and our legitimate interests in managing our relationship with users and prospects.

f. To improve our products, systems, and internal processes

This includes:

• internal analytics;
• quality control;
• research and development;
• feature testing;
• service optimization;
• internal model, workflow, or system improvement.

Legal basis: our legitimate interests in improving the service and maintaining product quality.

g. To use uploaded materials, prompts, and outputs for internal improvement

As stated in our Terms of Service, we may use inputs, uploaded materials, and generated outputs for:

• service improvement;
• internal development;
• internal testing;
• quality assurance;
• and internal training processes.

Legal basis: our legitimate interests in improving and developing the service, where permitted by applicable law.

h. To comply with legal obligations and defend our rights

This includes:

• tax and accounting obligations;
• responding to lawful requests from authorities;
• establishing, exercising, or defending legal claims;
• recordkeeping required by law.

Legal basis: legal obligation and our legitimate interests in protecting our legal rights.

7. Data retention

We retain personal data only for as long as necessary for the relevant purpose, or as required by law.

As a general rule:

• account data: retained for the duration of the account and business relationship;
• inactive accounts: may be deleted or anonymized after a reasonable period of inactivity;
• technical logs and security data: retained for a limited period appropriate for security, troubleshooting, and system integrity;
• support communications: retained for as long as necessary to process the request and any related follow-up;
• subscription, contract, and transaction data: retained for the duration of the contractual relationship and then archived where necessary for evidentiary or legal purposes;
• invoices and accounting records: retained for the period required by applicable law, including up to 10 years where required under French law;
• prospect and marketing data: retained for up to 3 years from the last meaningful contact, unless a longer lawful basis applies;

Where exact retention periods cannot be fixed in advance, we determine retention based on:

• the nature of the data;
• the purpose of the processing;
• legal and regulatory obligations;
• operational necessity;
• and the need to establish, exercise, or defend legal claims.

The GDPR requires controllers to disclose retention periods or the criteria used to determine them.

8. Who receives your personal data

Your personal data may be accessed by or disclosed to:

• authorized personnel of Loops;
• hosting, infrastructure, and cloud service providers;
• payment processors such as Stripe;
• customer support, communications, analytics, monitoring, and security providers;
• professional advisers such as lawyers, accountants, and auditors;
• public authorities, courts, regulators, or enforcement bodies where required by law;
• third-party advertising and social media platforms connected through the service, including Google Ads, Meta Ads, TikTok Ads, and Snapchat Ads, where relevant to the functionality requested by the user.

We do not sell your personal data.

9. International data transfers

Loops aims to host data within the European Union.

However, certain service providers and integrated third-party platforms may process personal data outside the European Economic Area, including in connection with Google Ads, Meta Ads, TikTok Ads, Snapchat Ads, or related infrastructure and service providers.

Where personal data is transferred outside the European Economic Area, we implement appropriate safeguards where required by applicable law, such as:

• an adequacy decision by the European Commission;
• standard contractual clauses adopted by the European Commission;
• or another lawful transfer mechanism under Chapter V of the GDPR.

You may request more information about the safeguards used by contacting us at adham@tryloops.ai. The GDPR requires disclosure of international transfers and the safeguards relied upon.

10. Advertising platform integrations

If you choose to connect or use integrations involving Google Ads, Meta Ads, TikTok Ads, or Snapchat Ads, Loops may transmit, receive, host, display, or otherwise process certain personal data and business data strictly as necessary to provide the requested functionality.

These third-party platforms may also process data under their own terms and privacy policies for their own purposes. When data is processed within their environments, those platforms may act as independent data controllers for their own processing activities.

Users are responsible for ensuring they are authorized to connect the relevant accounts and to allow the related data processing.

11. Automated decision-making

Loops does not make decisions based solely on automated processing that produce legal effects concerning individuals or similarly significantly affect them within the meaning of applicable data protection law.

If this changes for a specific feature, we will provide the information required by applicable law.

12. Your rights

Subject to applicable law, you may have the following rights regarding your personal data:

• right to be informed;
• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to object;
• right to withdraw consent at any time where processing is based on consent;

You may exercise your rights by contacting us at adham@tryloops.ai.

Where necessary, we may request additional information to verify your identity before processing your request. The GDPR gives data subjects these rights and requires controllers to facilitate their exercise.

13. Security

We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, destruction, or accidental loss.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

14. Cookies and similar technologies

Loops may use cookies and similar technologies for purposes such as:

• authentication;
• session management;
• security;
• audience measurement;
• performance monitoring;
• and, where applicable, analytics or marketing-related purposes.

Where required by law, cookies and similar technologies that are not strictly necessary will only be used after obtaining the appropriate consent.

For more information, please refer to our Cookie Policy, if applicable. Under CNIL guidance, some cookies are exempt while others require prior consent.

15. Third-party websites and services

The service may contain links to or rely on third-party services, platforms, or websites. This Privacy Policy does not govern the privacy practices of third parties acting independently.

We encourage you to review the privacy policies of relevant third-party services, including the advertising platforms you choose to connect.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time in order to reflect legal, technical, operational, or business changes.

The updated version will be posted with a revised effective date. Where required, we will provide additional notice.

17. Contact

If you have questions or requests regarding this Privacy Policy or the processing of personal data, you can contact:

ELS CAPITAL
33 Rue Gilbert Cesbron, 75017 Paris, France
Email: adham@tryloops.ai