Privacy Policy

Effective Date: March 25, 2026  ·  Loom AI Technology (Haikou Zhiji Technology Co., Ltd.)

1. Who We Are

Loom AI is operated by Haikou Zhiji Technology Co., Ltd., trading as Loom AI Technology, a company incorporated under the laws of the People's Republic of China (Hainan Free Trade Port). Our website is loom-us.com.

This Privacy Policy explains how we collect, use, disclose, and protect information about business customers and their callers who interact with the Loom AI voice assistant service.

2. Information We Collect

2.1 Business Customer Account Data

• Business name, contact name, email address, phone number
• Billing information (processed by our authorized third-party payment processor; we do not store card numbers)
• Service configuration preferences and account settings

2.2 Call Data (End-User / Caller Data)

• Caller phone numbers and names (when provided during a call)
• Call recordings and AI-generated transcripts
• Call metadata: timestamp, duration, disposition
• Booking or inquiry details captured during the call

2.3 Usage and Technical Data

• Minute consumption, API request logs, error reports
• Browser type, IP address, referring URL (website visitors)
• Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

• Service delivery: routing calls, processing bookings, generating AI responses
• Billing: calculating usage charges, Smart-Refuel triggers, and issuing invoices
• Support: diagnosing technical issues and responding to inquiries
• Compliance: maintaining records as required by applicable law
• Improvement: training and improving AI models using anonymized, aggregated data only

We do not sell personal information to third parties. We do not use caller personal information for targeted advertising.

4. Data Storage and Security

Call data is processed and stored on servers located in the United States (AWS us-east-1). Operational logs and anonymized analytics may be transmitted to our management systems in Hainan, China, solely for service optimization. No personally identifiable information (PII) of U.S.-based callers is transferred to China without prior anonymization, except as required by law.

We use TLS 1.2+ encryption for data in transit and AES-256 encryption for data at rest. Access is restricted to authorized personnel under least-privilege principles.

5. Data Retention

• Call recordings: retained for 90 days from the date of the call, then permanently deleted unless Customer requests earlier deletion
• Call transcripts and metadata: retained for the duration of the active subscription plus 12 months
• Account data: retained until account deletion, plus any period required by law

6. Your Rights (CCPA and Applicable Law)

If you are a California resident (or a caller whose data was processed by our service), you may have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete: request deletion of personal information we hold about you, subject to certain exceptions
• Right to Opt-Out: we do not sell personal information, so no opt-out is currently required
• Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at sales@loom-company.com. We will respond within 45 days as required by law.

7. Cookies

Our website uses strictly necessary cookies for session management and security. We use analytics cookies (e.g., aggregate page-view counts) to understand site usage. We do not use third-party advertising cookies. You may disable cookies in your browser settings; this may affect certain site functions.

8. Third-Party Services

We share data with the following categories of service providers:

• Authorized payment processor — payment processing and tax remittance
• Amazon Web Services (AWS) — cloud hosting and data storage (United States)
• AI model API providers — voice processing and speech-to-text (data processed under data processing agreements)

All third-party providers are bound by data processing agreements and may not use your data for their own purposes.

9. Children's Privacy

The Service is intended for use by businesses and is not directed at children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" above and, for material changes, notify business customers by email. Continued use of the Service after the updated policy takes effect constitutes acceptance.