← Back to Home

At Loomlink, we take your privacy seriously. This Privacy & Data Protection Policy explains how we collect, use, store, and protect your personal information when you use our platform — whether you're a retailer, wholesaler, affiliate, or end customer. By accessing or using the Loomlink platform, you agree to the practices described in this policy.

1. Who we are

Loomlink is a multi-tenant e-commerce platform that enables retailers to sell products, wholesalers to fulfill orders, affiliates to earn commissions, and customers to shop across multiple storefronts. We operate as the data controller for information we collect. For questions or concerns about this policy, please reach out to us at: support@loomlink.io.

2. Information we collect

a) Account information

• Name, email address, phone number
• Business details (business name, address, tax IDs, etc.) for retailers, wholesalers, and affiliates
• Authentication credentials (hashed passwords, session tokens)

b) Payment & payout information

• Payment card information (tokenized by Stripe; we do not store raw card numbers)
• Bank account details (for payouts to sellers and affiliates)
• Payout recipient verification data (via Stripe Identity)

c) Order & transaction data

• Order details (items, quantities, prices)
• Shipping addresses (stored securely; anonymized for wholesaler fulfillment)
• Transaction history and payment status

d) Marketing & attribution data

• Affiliate click IDs, campaign IDs, coupon codes
• Referral sources and conversion events

e) Technical & usage data

• IP addresses, browser type, device identifiers
• Log data (API calls, timestamps, errors)
• Usage analytics (page views, feature usage)

3. How we use your information

We use the information we collect to:

• Provide the platform: Process orders, manage inventory, facilitate payments and payouts
• Support communication: Send order confirmations, shipping updates, payout notifications, and customer support messages
• Marketing & attribution: Track affiliate conversions, attribute commissions, enforce coupon/promo rules
• Fraud prevention & security: Detect suspicious activity, prevent unauthorized access, validate identities
• Legal compliance: Meet tax reporting, KYC/AML requirements, and other legal obligations
• Product improvement: Analyze usage patterns to improve features and performance

4. How we share your information

a) With other platform users

• Retailers see order details and customer contact info (for their own orders)
• Wholesalers see anonymized shipping addresses and order fulfillment details (no direct customer PII)
• Affiliates see aggregated commission reports but not full customer PII

b) With service providers

• Stripe: Payment processing, payout distribution, identity verification
• AWS: Hosting, data storage, compute resources
• Shipping carriers: Address validation, label generation, delivery tracking
• Email & notification services: Transactional emails, alerts

c) For legal reasons

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Loomlink, our users, or others.

5. Data retention

We retain your information for as long as your account is active or as needed to provide services. Specific retention periods:

• Account data: Retained until account deletion (plus 30 days for backups)
• Order & transaction history: 7 years (for tax and legal compliance)
• Payment card tokens: Until replaced or account deletion
• Log data: 90 days (unless needed for security investigations)
• Marketing data: Until you opt out or request deletion

6. Your rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to certain uses of your data (e.g., marketing)
• Restriction: Request that we limit how we use your data

To exercise these rights, email us at support@loomlink.io with "Data Rights Request" in the subject line.

7. Data security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and role-based permissions
• Regular security audits and vulnerability scanning
• Multi-factor authentication for sensitive accounts
• PII scrubbing for non-essential use cases (e.g., wholesaler fulfillment)

However, no system is 100% secure. If you believe your account has been compromised, contact us immediately at support@loomlink.io.

8. Cookies and tracking technologies

We use cookies, pixels, and similar technologies to:

• Keep you signed in and remember your preferences (e.g., selected currency)
• Measure site performance and improve user experience
• Track affiliate and influencer campaigns for proper attribution
• Detect invalid traffic or suspicious activity

You can manage cookies through your browser settings. Some features may not work correctly if you disable certain cookies.

9. International data transfers

Loomlink operates globally. Your data may be transferred to and processed in countries other than your own, including the United States. We use standard contractual clauses and other safeguards to ensure your data is protected wherever it is processed.

10. Children's privacy

Loomlink is not intended for users under 18. We do not knowingly collect information from children. If we learn that we have collected data from a child without proper consent, we will delete it promptly.

11. Third-party links

Our platform may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the platform. Continued use of Loomlink after changes take effect constitutes acceptance of the revised policy.

13. Contact us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

---

Security Practices

At Loomlink, we prioritize the security of your data and our platform. Below is an overview of the security measures and best practices we implement to protect our users.

1. Encryption

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
• At Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption
• Payment Data: Credit card information is tokenized by Stripe and never stored in plain text on our servers

2. Access controls

• Role-Based Permissions: Users only have access to the data and features they need for their role (e.g., retailers, wholesalers, affiliates)
• Multi-Factor Authentication (MFA): Available for all user accounts and required for administrative access
• Session Management: Sessions expire after inactivity, and tokens are securely signed and validated

3. PII scrubbing & anonymization

• Email Hashing: Customer email addresses are SHA-256 hashed for order tracking
• Name & Phone Masking: Partial masking of names and phone numbers for non-essential views (e.g., "John D." instead of "John Doe")
• Anonymized Shipping: Wholesalers receive obfuscated addresses to fulfill orders without exposing full customer PII

4. Infrastructure security

• Cloud Hosting: Our platform is hosted on AWS, which provides industry-leading physical and network security
• Network Isolation: Services are isolated in private subnets with security groups restricting traffic
• DDoS Protection: AWS Shield and CloudFlare protect against distributed denial-of-service attacks
• Regular Backups: Automated daily backups with 30-day retention for disaster recovery

5. Monitoring & incident response

• Real-Time Alerts: CloudWatch monitors for suspicious activity, failed login attempts, and system errors
• Log Analysis: All API calls and database queries are logged for security audits
• Incident Response Plan: We have a documented process for responding to security incidents, including user notification within 72 hours of discovery

6. Third-party security

• Stripe Security: Payment processing is handled by Stripe (PCI-DSS Level 1 certified)
• Vendor Reviews: We vet all third-party service providers for security and compliance standards
• API Key Rotation: API keys and secrets are rotated regularly and stored in AWS Secrets Manager

7. Application security

• Input Validation: All user inputs are validated and sanitized to prevent SQL injection and XSS attacks
• CSRF Protection: Cross-Site Request Forgery tokens are used for all state-changing operations
• Secure Dependencies: We regularly update libraries and dependencies to patch known vulnerabilities

8. Compliance & certifications

• GDPR Compliance: We follow GDPR principles for data processing and user rights
• CCPA Compliance: California residents can exercise their privacy rights as outlined in this policy
• SOC 2 Type II: (In progress) We are working towards SOC 2 Type II certification

9. Reporting security issues

If you discover a security vulnerability or have concerns about the security of Loomlink, please report it responsibly: