Privacy Policy
Loopback is a task app where each item is a living conversation. This policy explains what data we collect, how we use it, and who we share it with. The short version: your data is yours, we send it to third parties only to make the app work, and none of it is used to train AI models.
What we collect
Account information
When you sign in with Google or Apple, we receive your name and email address. We use this to create your account and identify your data. We do not access your Google or Apple password.
Content you create
Threads, notes, labels, reminders, and messages you create in Loopback are stored to provide the service. This includes text, images, and other media you attach to threads.
Voice recordings
If you use voice input, your audio is recorded temporarily on your device, sent to OpenAI’s Whisper API for transcription, and then deleted from our servers. We do not store your audio recordings. The resulting text is stored as a regular message. Per OpenAI’s API data usage policy, audio sent to the Whisper API is not used to train models and is retained for up to 30 days for abuse monitoring before deletion.
Connected accounts
If you connect Google Calendar or Gmail, we access those services using OAuth tokens stored encrypted on your device. We read and write calendar events and emails only when you or Prism (our AI assistant) explicitly perform an action. We do not continuously monitor or scrape your Google data.
Device permissions
Loopback may request the following device permissions, each of which requires your explicit consent:
- Microphone — used for voice input to Prism. Audio is transcribed and immediately discarded.
- Camera and photo library — used to attach images and media to threads. Media is stored with your thread data.
- Notifications — used to deliver reminders and alerts you configure.
We do not access location data. If a future update requires additional permissions, we will update this policy and request your consent.
Push notifications
If you enable push notifications, we store your device’s push token (provided by Apple Push Notification service via Expo). This token is a technical identifier used solely to deliver notifications to your device. It is not linked to your personal identity and cannot be used to identify you outside the notification delivery system.
Guest mode
If you use Loopback without signing in, your data stays on your device. Nothing is sent to our servers or any third party. AI features are not available in guest mode.
How we use your data
| Purpose | Data used | Third party |
|---|---|---|
| App functionality | All content you create | Supabase (database, auth, storage) |
| Sync across devices | Threads, messages, reminders, media metadata | PowerSync |
| AI assistant (Prism) | Thread titles, notes, labels, messages, reminders | Anthropic (Claude API) |
| Voice transcription | Audio recordings (temporary) | OpenAI (Whisper API) |
| Calendar & email actions | OAuth tokens, event/email content | Google APIs |
| Push notifications | Device push token | Expo, Apple Push Notification service |
Subprocessors
We use the following third-party services to operate Loopback. Each processes your data only as necessary to provide its specific function:
| Subprocessor | Purpose | Data processed |
|---|---|---|
| Supabase | Database, authentication, file storage | Account info, threads, messages, media |
| PowerSync | Real-time sync between devices | Thread and message data |
| Anthropic | AI assistant (Prism) via the Claude API | Thread context and conversation messages |
| OpenAI | Voice transcription via the Whisper API | Audio recordings (temporary, deleted within 30 days) |
| Calendar and email integration | OAuth tokens, event and email content | |
| Expo / Apple | Push notification delivery | Device push token |
AI and your data
Prism, the AI assistant in Loopback, is powered by Anthropic’s Claude API (not the Claude.ai consumer product). When you use Prism, the following data is sent to Anthropic’s API:
- Thread titles, notes, and labels
- Messages in the conversation
- Reminder details and media metadata (for thread-scoped chats)
Under Anthropic’s API terms, your data is not used to train AI models. API inputs and outputs are retained for up to 30 days for trust and safety purposes, then deleted. For full details, see Anthropic’s Privacy Policy and API Terms of Service.
You must grant consent before Prism is activated. You can revoke consent at any time in Settings, which immediately stops all data from being sent to Anthropic.
Data storage and security
Your data is stored with row-level security policies ensuring only you can access your data. Authentication tokens are stored in your device’s secure enclave via iOS Keychain. Data syncs between your device and our servers over encrypted connections (TLS).
Data retention
We retain your data for as long as your account is active. Upon account deletion, we permanently remove all your data from our servers within 30 days, except where retention is required by law or to resolve disputes. Voice recordings are deleted immediately after transcription and are never stored on our servers. AI conversation data sent to Anthropic is retained by them for up to 30 days per their API terms, then deleted.
Your choices
- Delete your account — in Settings, tap Delete Account. This permanently removes your account and all associated data from our servers within 30 days.
- Revoke AI consent — turn off Prism data sharing in Settings at any time. Core app functionality continues to work.
- Disconnect Google accounts — remove Calendar and Gmail access in Settings. OAuth tokens are deleted from your device.
- Use guest mode — use the app without an account. Your data stays on your device only.
California privacy rights (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know — you can request what personal information we collect, use, and disclose.
- Right to delete — you can request deletion of your personal information.
- Right to correct — you can request correction of inaccurate personal information.
- Right to opt out — we do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
To exercise these rights, contact us at admin@omniping.dev or use the in-app account deletion feature.
International users (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland:
- Legal basis — we process your data based on your consent (AI features, notifications) and contract performance (providing the service you signed up for).
- Data transfers — your data may be transferred to and processed in the United States, where our servers and subprocessors are located. We rely on standard contractual clauses where applicable.
- Your rights — you have the right to access, rectify, erase, port, and object to processing of your personal data. To exercise these rights, contact us at admin@omniping.dev.
Children’s privacy
Loopback is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. We will notify you of material changes through the app or by updating the effective date above. Continued use of Loopback after changes constitutes acceptance.
Contact
Questions about this policy? Reach us at admin@omniping.dev.