Loom Terms & Policies
Effective: December 22, 2022
Information We Collect
We collect and receive the following types of information:
Information You Provide to Us:
- Account Information: To create an account for the Services or to enable certain features, we require that you provide us with information for your account such as name, email, password, and authentication credentials. If you sign up for a paid subscription, we (or our payment processors) may need your billing details such as credit card information, banking information, and billing address.
- Video and Other Customer Data: In using our Services, our customers submit or upload video recordings, seek user support, or provide other Customer Data (defined in our Terms of Service) to us. Our use of and processing of Customer Data is governed by our Terms of Service.
- Other Information You Provide: We receive other information from you when you choose to interact with us in other ways, such as if you sign up for one of our webinars or e-books, participate in a research study, contest, sweepstake, or event, apply for a job, or otherwise communicate with us.
Information We Collect Automatically:
- Usage Data: We automatically collect usage data about how you interact with our Services when you use them. For example, this could be actions you take on our platform, such as number of videos you’ve recorded or viewed, your sharing activity, or what third-party integrations you enabled.
- Log Data: Our servers automatically log certain types of data when you visit or use our Services, for example, when you navigate through our website. This data is stored in our log files and includes, Internet Protocol (IP) address, type of device, operating system or browser, unique device identifiers, browser settings, date and time you visited or used our Services, the referring website, URL parameters, and error and crash reporting data.
Information We Receive from Third Parties:
- Third-Party Integrations: Third parties may create integrations built on Loom technology so that their applications can interoperate with Loom. If you choose to enable an integration, the third-party may share some information about you with us to make your experience more seamless, such as your name, email, or other content or information needed to facilitate the integration. Additionally, if you sign up or login to our Services using one of our single-sign-on providers (e.g., Google, Apple, etc.), we collect authentication information provided to us by the provider to allow you to log in.
- Marketing Information: We may receive marketing or demographic information about you from third parties or partners, for example, data about your organization or industry or other public information from sources like social media or online professional profiles. We may combine this information with other data we already have to improve your experience with our Services or inform you of Services we think may be of interest to you.
How We Use Your Information
We use your information in the following ways:
- To provide and maintain our Services.
- To analyze and improve our Services.
- To keep our Services secure and protect against fraud, abuse, and intrusion.
- To provide user support, information, and services requested by you.
- To send important account or security notifications.
- To promote our Services in accordance with applicable laws and regulations. If you’d like to unsubscribe from our marketing emails, click the “unsubscribe” link at the bottom of the email. You can also update your notification preferences in your account settings.
- To comply with our legal obligations, including responding to a court order or other valid legal process.
- For other purposes with your consent.
Please keep in mind that customers control their accounts and associated Customer Data. We use Customer Data according to our customers’ instructions and our Terms of Service. Customers are able to: (1) restrict, remove, disclose, and access content and information associated with the accounts in their Workspaces; (2) grant, deny, or limit access to those accounts and Workspaces; and (3) configure the privacy settings for those accounts and Workspaces. If you create a Loom account with your work email and you aren’t already part of your company’s Workspace, your company may have the ability to add your account (including the content in it) to its Workspace. We’ll give you notice before that happens.
If information is aggregated or de-identified so that it can no longer be reasonably associated with an identifiable person, we may use it for any lawful purpose.
How We Share Your Information
We share information outside of Loom only as described below:
- Trusted Third Parties: We disclose information to our service providers or other third-parties so they can help us provide our Services and run our business. Examples include for storing Customer Data, payment processing, providing customer service, and helping us with our marketing activities. We’ll only disclose the information necessary for these parties to perform their services for us, and they’ll be bound by contractual obligations to protect your personal information.
- Third-party networks and websites: With third-party social media networks, advertising networks and websites, so that Loom can market and advertise on third-party platforms and websites.
- Other Users: When you collaborate with others, we display your basic account or profile information for context. For example, if you share a Loom recording with another user, we’ll let them know that it was you who shared it. Also, when users interact with a video or other content on our Services, we make certain usage information visible to the video owner and viewers, such as who viewed a video (if the viewer is logged in at the time of viewing) or how many times a video was viewed.
- Administrators: If you join a Workspace owned by another person or entity, the administrator of that Workspace has the right to access the content in it. Customers and their authorized users may choose to share and disclose information according to their own policies. Also, if you sign up for Loom with an email domain that is owned or managed by your employer or organization, we may share the fact that you have an account with us and some basic account information with your employer or organization.
- Change in Business Structure: If Loom is involved in a merger, acquisition, public offering, asset sale, insolvency, bankruptcy, or similar change in our business structure, we may need to disclose your information to those involved in the transaction, subject to confidentiality requirements.
- For Legal Reasons: We may release your information if we believe it is necessary to comply with the law, regulation, valid legal process, an enforceable government request, to prevent fraud or a security breach, enforce our policies or agreements, or protect our or others’ rights, property, or safety.
- With Your Consent: We’ll otherwise share your information only with your consent. For example, if you choose to enable a third-party integration, we may share account information and/or content from your account, but only as authorized by you when you enable or use the integration.
How We Protect Your Information
We are committed to protecting your information from unauthorized access, use, disclosure, and loss. We use industry-standard security practices to keep your information secure, such as encryption, access controls, physical security measures, and internal reviews of data collection, use, and storage. We’ve also obtained various compliance certifications and undergo ongoing audits to ensure continued security and compliance best practices.
However, data transmissions over the internet cannot be guaranteed to be 100% secure or safe from intrusion by others. Be sure to use secure internet connections, protect your login credentials, and create strong passwords for your account.
Learn more about our security and compliance efforts on our Security page.
To provide our Services, we transmit, process, and store data in the United States and other locations around the world. For example, if you access our Services from a foreign country, data may be stored locally on the device you use to access the Services.
We perform data transfers in accordance with applicable data protection law, using the following safeguards:
- Standard Contractual Clauses: Where required, we use standard contractual clauses to meet the data transfer requirements for processing personal data that is subject to the data protection laws of the European Economic Area (EEA), Switzerland, and UK and for other international transfers of Customer Data to the extent required by applicable law. Our Data Processing Addendum incorporates the standard contractual clauses.
- Other Valid Transfers: We will otherwise only transfer personal data pursuant to a legally valid personal data transfer mechanism, including to a country that the European Commission or UK authorities have determined provides an adequate level of protection for personal data.
- Privacy Shield: While Loom remains self-certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and is committed to applying the Privacy Shield Principles to personal data received from the EU or Switzerland, we do not rely on those frameworks as a legal basis for personal data transfers. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Loom is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We are responsible for personal data we receive under the Privacy Shield, including onward transfers to third party agents acting on our behalf. Loom commits to cooperate with EU data protection authorities and comply with the advice given by those authorities with regard to human resources data transferred from the EU in the context of the employment relationship. Please send any questions or complaints regarding our Privacy Shield compliance to firstname.lastname@example.org or for unresolved complaints you may invoke binding arbitration, at no cost to you, from JAMS, which is an independent dispute resolution body in the United States. Competent EU and Swiss data protection authorities (or a panel established by those authorities) may also address complaints and provide appropriate recourse free of charge with respect to our Privacy Shield compliance, or you can otherwise resolve a complaint by invoking binding arbitration. You can view Loom’s Privacy Shield certification on the Privacy Shield website.
Individuals in the European Economic Area, the United Kingdom, and across the globe have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to your personal information, as well as to seek to update, delete, or correct this information. You can exercise most of these rights through your Loom account. For example, if you wish to delete your personal information from Loom, you may permanently delete your account. You can also access and update your account information via your account settings page. If you are unable to exercise your rights through your Loom account, please contact the administrator of your Workspace, or otherwise you can send us your request.
For EEA, Switzerland, and UK Data Subjects
In general, Loom is a processor of Customer Data. This means that we process Customer Data only according to our customers’ instructions in accordance with our Terms of Service. For a list of our subprocessors, please visit our Privacy for Humans page. Loom acts as a controller for other types of personal data where Loom determines the purposes and means of processing of that data, such as personal data used for marketing or research purposes.
Where Loom acts as a controller of personal data, our lawful bases for processing include:
- Our legitimate interests (for example, to send you information about new features or upcoming product launches). You have the right to object to our use of your personal data for direct marketing at any time.
- As needed to comply with our contractual obligations (for example, if you sign up for a contest or promotion, we’ll process your personal data as needed for us to perform our obligations under the contest or promotion terms).
- To comply with legal obligations (for example, to respond to a law enforcement request or enforce or defend our legal rights).
- With your consent (for example, if you opt into receiving email marketing from us). You have the right to withdraw your consent at any time.
You may email us or contact one of our appointed representatives in the EU and UK below if you have questions or issues relating to your personal data:
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
Phone: +44 (20) 4532 2003
Verasafe Contact Form (UK)
If you feel we have not adequately addressed an issue, you have the right to lodge a complaint with your local data protection authority or the Irish Data Protection Commission, which is Loom’s lead supervisory authority in the European Union.
For California Residents
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under California law.
Categories of Personal Information We Collect
The California Consumer Privacy Act (CCPA) grants additional privacy rights to California consumers, such as the right to:
In addition to the information provided above in the “Information We Collect” section, we collect the following categories of personal information from you, your employer, data analytics providers, data brokers, and third-party services:
- Identifiers (such as name, email address, and profile data);
- Commercial information (such as transaction data for a paid account);
- Financial data (such as payment method or financial account information);
- Internet or other network or device activity (such as IP address and usage information);
- Location information (e.g., the general location where you use your device when interacting with the Site, Software, and/or Services);
- Sensory information (such as video recordings if you record a video with our service);
- Inferences drawn from any of the above information categories; and
- Other information that identifies or can be reasonably associated with you.
We may also use the categories of personal information for compliance with applicable laws and regulations, and we may aggregate the information we collect or de-identify the information to limit or prevent identification of any particular user or device.
Categories of Personal Information Disclosed
In the last 12 months, we have disclosed the following categories of personal information for the purposes described in “How We Use Your Information” to our service providers that support our services: Identifiers/contact information (such as name, email address, and profile data), financial data (such as payment information for a paid account), internet or other network or device activity (such as IP address and usage information), location information (e.g., the general location where you use your device when interacting with the Site, Software, and/or Services), sensory information (such as video recordings if you record a video with our service), and inferences based on these categories.
Categories of Personal Information Sold or Shared
In the last 12 months, we sold or shared the following categories of personal information to vendors of services related to advertising (such as ad platforms or networks), marketing, analytics, and measurement for commercial purposes such as the marketing and advertising of our Services:
- Characteristics of protected classifications under California or federal law
- Commercial information
- Internet or other electronic network activity information
- Geolocation data
Use and Disclosure of Sensitive Personal Information:
To the extent that we collect, use, or share “sensitive personal information” as that term is defined under California law, we limit our use or disclosure of the sensitive personal information to permitted business purposes.
We do not sell or share the personal information of known consumers under 16 years of age.
Your California Privacy Rights
- Right to Access. You have the right to request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, sell, and share, such information to be provided to you in a readily useable format.
- Right to Delete. You have the right to request that we delete personal information that we collect from you, subject to applicable legal exceptions.
- Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you, subject to applicable legal exceptions.
- Right to Opt-Out of Sale or Sharing of Personal Information. You have the right to opt-out of the “sale” or “sharing” of your personal information as such terms are defined under California law.
- Right to Non-Discrimination. You have the right not to be treated in a discriminatory manner for exercising your privacy rights. We do not use the fact that you have exercised or requested to exercise any rights for any purpose other than facilitating a response to your request.
Exercising your California Privacy Rights
To take advantage of your right to access, delete, or correct under California law please contact us by email at email@example.com. We may request certain information to verify your identity before we can respond to your access and deletion requests. We will confirm receipt of your request within 10 business days and will respond to your request within 45 calendar days, after proper verification, unless we need additional time, in which case we will let you know.
Making Requests to Opt-Out of the “Sale” or “Sharing” of Personal Information
To submit a request to opt-out of the sale or sharing of your personal information, you may click on the link “Do Not Sell or Share My Personal Information” on the footer of our websites.
You may authorize someone to make a privacy rights request on your behalf (an authorized agent). Authorized agents will need to demonstrate that you’ve authorized them to act on your behalf or must demonstrate they have power of attorney pursuant to applicable probate law. Loom retains the right to request confirmation directly from you confirming that the agent is authorized to make such a request, or to request additional information to confirm the agent’s identity. An authorized agent is prohibited from using a consumer’s personal information, or any information collected from or about the consumer, for any purpose other than to fulfill the consumer’s requests, for verification, or for fraud prevention.
Please see the Privacy Notice for a description of the personal data we collect, the purposes for which we use it, and how and with whom we share it.
For Virginia Residents
This section provides supplemental information to residents of the State of Virginia, whose personal data we process in connection with the Services.
For information on the categories of personal data we process, please see “Information We Collect” above. The purposes for which we process personal data are described in “How We Use Your Information.” For information on how we share the categories of personal data we collect, please see “How We Share Your Information.”
Your Virginia Privacy Rights
- Right to Access. You have the right to confirm whether we are processing your personal data and to access such personal data.
- Right to Delete. You have the right to delete personal data provided by or obtained by you.
- Right to Opt-Out. You have the right to opt-out of “targeted advertising” as defined under Virginia law. We do not sell personal data as “sale” is defined under Virginia law.
- Right to Correct. You have the right to correct inaccuracies in the personal data, taking into account the nature of the personal data and the purposes of the processing.
- Right to Portability. You have the right to obtain a portable copy of the personal data that you provided to us.
Exercising your Virginia Privacy Rights
Making Access, Deletion, and Correction Requests
To make an access, deletion, or correction request, please email firstname.lastname@example.org. Before completing your request, we may need to verify your identity. We may request additional documentation or information solely for the purpose of verifying your identity.
Making Requests to Opt-Out of “Targeted Advertising”
To submit a request to opt out of targeted advertising, you may click on the link “Do Not Sell or Share My Personal Information” on the footer of our websites.
To appeal our decision regarding a request related to these rights, you may email us at email@example.com.
Email us questions at firstname.lastname@example.org.