Howdy there! 🤠
At Loom, our users' privacy is at the core of our decision making. We provide a service that changes the way we work and allows us to be more expressive and informative in our daily work communication. Sensitive information is passed through our systems, and we don't take that lightly.
Your text-based data is comprised of your name, notifications, password, linked accounts like Google and Slack, video names and descriptions, and so on.The majority of this data is stored on an encrypted database at both rest and in-transit within AWS. This server is behind a VPC that only privileged servers have access to (such as our backend application servers).Some of this data is encrypted and sent to our caching layer where it is also encrypted at-rest. This caching layer is also behind a VPC and is additionally not accessible between data centers within AWS.
This is your avatars, videos and thumbnails. These files are stored on our encrypted S3 buckets, which can only be accessed by certain robots and engineers within our organization who have special access.
In order to speed up delivery of your videos to your computer, we utilize our CDN. Our CDN makes use of signed URLs. The CDN URL is not your video page URL. Your video page URL stays the same no matter what, but your CDN URL is the URL that actually delivers the video content.
When we sign these CDN URLs, we have complete control over deciding to not issue a URL to someone who requests it. Basically, even if you understand where a video is located on our CDN, you will not be able to access that URL unless you have the URL signed by us. This is how our password-protected videos work. In this case, we only give you a valid signed URL to view/download if you've provided the proper password. An additional benefit to signed URLs is that they expire, so old links will not be usable after some amount of time and you will then need to be issued a new one to access the same content.
Let's get one thing straight. Your video data never leaves Loom's systems to a third-party system. It always stays in our encrypted S3 buckets and CDN.
On the other hand, your textual data (name, email, Loom userId, persona, and so on) does leave to our trusted third-party systems. We think it's important you understand not only what these systems are but also why we send your data to these systems. If you don't agree with or understand our reasoning, please email us at firstname.lastname@example.org. If you do not agree with your data going to a specific system, and you have an individual Loom account, deleting your Loom account (found at the bottom of your account settings) will permanently delete all of your data from all our systems and third-party providers. If you participate in a Loom Business or Loom Enterprise account, only the Loom account administrator at your organization can delete your data.
For folks coming to figure out GDPR compliance, all of the following 3rd parties act as data processors for us.If any kind of personal information (email, name, persona) is sent to the following third parties, a ⭐ is left next to the provider name.
What: Clearbit is a business intelligence API. What Clearbit basically does is take your email and scrapes public web profiles (LinkedIn, Twitter, etc.) to figure out core demographic information about you. We believe this is our most obviously intrusive system, so we list it first to clear up what it does and why we use it.
Why: Loom is looking to revolutionize workplace communication. A big part of creating a tool that is has so many horizontal use cases, is being able to serve relevant content to our users and provide new product experiences and tweak current ones to fit your workflow. Useful videos for an engineer will not be useful for a marketer. Useful videos for a marketer will not be useful for a sales rep. How we practically use this information is as follows:
1. Pre-filling your welcome screen on-boarding to make signup easier. You can always change and update your persona or use case from this flow.
2. Pre-filling your videos dashboard with a "How to Use Loom" folder with relevant use cases.
3. Tying your persona to anonymous data points within our analytics dashboards so we can better understand which features of our platform are being used by different individuals and how we might build on top of these features to better serve you.
How to be forgotten: Clearbit has controls here for you to be forgotten from their systems. In order for the data Clearbit returns to us to be forgotten, you must delete your Loom account. Although we do our best to ensure your identity is kept anonymous in our analytics systems, we consider your persona especially necessary for us to continue to be able to deliver a better experience for you.
What: Segment is a data pipeline service that lets us send data to the other third-party services listed here in a standardized way and ensures this data does not get lost.
Why: Our core competency at Loom is ensuring workplace communication happens more effectively and humanely. With that being said, we're a small team, and data pipelines certainly are not our core competency, so we let our friends at Segment do the heavy lifting in ensuring our data gets to where it needs to go (analytics services, Intercom and the like). Since this data goes to other services where we need your information (such as analytics platforms), personal data invariably gets passed through Segment.
How to be forgotten: Since Segment is our main entry-point to sending data to all other 3rd-party providers, you must delete your Loom account to be forgotten here.
What: Intercom is a messaging and marketing platform that allows us to do customer success better. This is where you're able to chat with us from that little bubble in the bottom-right of our web pages.
Why: Intercom has drastically increased our ability to address bugs and handle requests from our users (that's you!) over when we used to primarily use email. As a part of being able to maintain your relationship with us on this platform, we have to know who you are. We only know this once you've signed up and given us consent, but we use this information for various debugging purposes and to send you product updates and announcements.
How to be forgotten: If you'd like to be permanently forgotten from Intercom, you will need to delete your Loom account. If you would like to unsubscribe from Intercom announcements, you can hit the unsubscribe link we provide at the bottom of all of these emails.
What: Amplitude is our main analytics platform. It allows us to track whether a feature or product is successful in delivering impact to our users, and it lets us discover new (anonymized) trends of usage via conversion funnels, event segmentation, data pathways, retention charts, and cohort analysis.
Why: If we are going to be a platform that delivers immense value to our users, we have to constantly be innovating. At over half a million users around the world, it's no longer feasible for us to do user interviews and conduct surveys with all of our users. We need a way to see trends in usage on our products to understand if they're loved or hated, and then we swiftly nix things that don't deliver value.
How to be forgotten: If you'd like to be forgotten from Amplitude, you must delete your Loom account. Analytics are at the core of how we get better as a company.
What: Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have "vanity" analytics and serves as a good place for understanding where on the web our users are coming from.
Why: It's good to know where our users are finding us so we can promote our product more with those partners and channels or figure out whether there are tangential products that should be introduced to our platform.
How to be forgotten: Because of how we use Google Analytics, all data sent to it is anonymous. We send no emails, no names, and we even anonymize IP addresses. Your identity is completely safe here.
What: Mailchimp is used for our transactional email service. These are notification email updates and service-level emails such as email verification, password reset links, and the like. We do not use Mailchimp for marketing purposes.
Why: We need a distinct way to send emails for core authentication flows and platform notifications.
How to be forgotten: All data sent to Mailchimp is not anonymous by nature since it is a transactional email service (we send them your email so they can send you an email). For notifications, you can turn off your email notifications in your account settings. For authentication emails (such as email verification), we rely on Mailchimp. Since we cannot guarantee you won't get these emails, the only way to get forgotten is to delete your Loom account.
What: Sentry is used as our error logging platform. When you get an error, we get it too so we can better fix these bugs as soon as possible.
Why: No one likes bugs! All data sent to Sentry includes IP and your Loom ID and nothing else. We grab your IP to get a general location the error is happening in and potentially pin-down bugs that have to do with timezones. We send your user ID so we can more quickly search and diagnose issues surfaced by our users in our customer support panel (Intercom). Your user ID does not reveal any of your personal information to the engineer investigating the issue.
How to be forgotten: All data sent to Sentry only includes IP (so we can pin down bugs that have to do with timezones and location) and your Loom user ID. This data is not used to identify a user by any means unless our investigation begins with the user reporting the bug to us. Your identity is completely safe here.
What: Stripe is used as our payment processor. Stripe allows us to charge your credit card for paid Loom services without having to store your credit card on our end or handle PCI compliance.
Why: In order for Loom to be able to continue to exist, we think it's important we provide a service users find enough value in they feel comfortable paying us. Handling online payments is complicated and the privacy and security risk is high. Although using Stripe (the industry leader in online payments processing) means they take a cut of our revenue, we think this is ultimately better for user privacy, safety, and our ability to focus on what we do best, which is not handling/owning the legal intricacies of payments processing.
How to be forgotten: We send your email to Stripe, and they collect your billing information directly. No billing/PCI information is handled/stored in our systems. When you remove your credit card entry, your credit card and other sensitive billing information is removed from Stripe. When you delete your account, all historical information (including past invoices) is removed from Stripe.
What: FullStory is used to enable us to look at session replays. A session replay is a recreation of your session interactions on our site. We take measures to utilize the FullStory controls to exclude and block all input field values and any property on our site where we think sensitive user information can be entered. We only run FullStory for a limited period of time in order to collect a statistically significant number of sessions for us to learn and be able to improve our product. Usually this happens when we've just released a new product or are considering improving an existing product.
Why: When we decided that Loom was a horizontal use case product (a product with many use cases, not just one), we implicitly became an on-boarding company. Our on-boarding has fluctuated between being "too light" to "overbearing" (direct words from our users and customers), and our company's ability to survive largely depends on our ability to get our users to sign up and quickly understand how they can use Loom to best help them with their job. Unfortunately, we can't efficiently and continually run user interviews with our hundreds of thousands of users. FullStory allows us to understand user behavior for users who drop off or become upset so we can continue to make sure the Loom experience is delightful and useful for as many people as possible.
How to be forgotten: We understand that session replays can feel intrusive, and FullStory does as well. Usually, when someone wants to opt-out of FullStory, it is not for just one session replay provider but for all session replay providers on the web. You may opt-out of being tracked by FullStory by visiting this link, but please keep in mind that there are many other alternatives to FullStory. If you are opting out of FullStory, please consider opting out of hotjar and inspectlet as well. If you find more alternatives, please contact us at email@example.com so we can add them to this list.
Our non-technical team members have access to Intercom, which allows every person at Loom to be able to do customer support. Over time, this will become more restricted as we scale up the team to only be customer support individuals.
Our technical team can be granted temporary access to our servers, video and thumbnail storage layers. This is always for debugging and development purposes. Each engineer has a unique key that identifies them within our systems. All actions are logged for 6 years. If their key is compromised, we have an instantaneous way of expiring that key, checking if their key was used by an outsider, and processes to remedy such situations and alert the affected user base. So far, this has never happened in Loom's history, and we're very proud of that.
Videos: You can export all of your video data by downloading each individual video.
Text-based Data: Your user information, folders and video metadata, comments, comment replies, and emoji reactions can be exported using the "Get my Data" button in your account settings.
If you ever want to delete your data, deleting your account (at the bottom of you account settings) will permanently delete all of your data off our systems.
🔒 Encrypted: encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images and text) are encrypted at-rest and in-transit across all systems.
🏃🏾♂️ In-transit: your data is being sent from one location to another (usually one server/computer to another)
🛌🏾 At-rest: your data is physically being stored on a device (usually a server)
🕳️ S3 Bucket: this is where we store larger (usually media) files such as images and videos
⚡ Cache Layer: a group of servers that uses faster storage for the purpose of being able to retrieve it faster
🤝 Database: this is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: "what is a user?", "does a user own one or many videos?", "could you get me a list of all of this user's comments?"
🔥 VPC: a firewall that blocks access to a server or group of servers only to users/robots that have the proper permissions
🌐 CDN: a CDN (Content Delivery Network) is a network of computers around the world whose purpose is to store data as close as possible to the downloader to speed up delivery of media.
🤖 AWS: short for Amazon Web Services. This is the cloud provider we use at Loom that allows us to rent storage and compute capacity from their data centers.
If you have any questions on this terminology, we are here to help. Email us at firstname.lastname@example.org