Get started

Privacy Policy

Effective Date: April 3, 2026  ·  Loom Technology (Haikou Zhiji Technology Co., Ltd.)

1. Who We Are

Loom AI Voice is operated by Haikou Zhiji Technology Co., Ltd., trading as Loom Technology, a company incorporated under the laws of the People's Republic of China (Hainan Free Trade Port). Our website is loom-us.com.

This Privacy Policy explains how we collect, use, disclose, and protect information about business customers ("Merchants") and their callers who interact with the Loom AI Voice assistant service.

2. Information We Collect

2.1 Business Customer Account Data

  • Business name, contact name, email address, phone number
  • Billing information (processed by our authorized third-party payment processor Creem; we do not store card numbers)
  • Service configuration preferences and account settings

2.2 Call Data (End-User / Caller Data)

  • Caller phone numbers and names (when provided during a call)
  • Call recordings and AI-generated transcripts
  • Call metadata: timestamp, duration, disposition
  • Booking or inquiry details captured during the call

2.4 Information Collected During AI Calls

During AI-powered calls, the following information may be automatically collected:

  • Voice data and audio recordings of the conversation
  • Real-time speech-to-text transcriptions generated by AI
  • Caller-provided personal details (name, phone number, appointment preferences)
  • AI interaction metadata (response latency, intent classification, sentiment indicators)
  • Call quality metrics (audio clarity, connection stability)

This data is processed solely for the purpose of delivering the AI voice receptionist service to the subscribing Merchant. Voice data is not used to train third-party AI models.

2.5 Usage and Technical Data

  • Minute consumption, API request logs, error reports
  • Browser type, IP address, referring URL (website visitors)
  • Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

  • Service delivery: routing calls, processing bookings, generating AI responses
  • Billing: calculating usage charges, overage fees, and issuing invoices
  • Support: diagnosing technical issues and responding to inquiries
  • Compliance: maintaining records as required by applicable law
  • Improvement: training and improving AI models using anonymized, aggregated data only

We do not sell personal information to third parties. We do not use caller personal information for targeted advertising.

4. Data Storage and Security

Call data is processed and stored on servers located in the United States (Alibaba Cloud Elastic Compute Service, us-east-1). Operational logs and anonymized analytics may be transmitted to our management systems in Hainan, China, solely for service optimization and internal reporting. No personally identifiable information (PII) of U.S.-based callers is transferred to China without prior anonymization, except as required by law.

We use TLS 1.2+ encryption for data in transit and AES-256 encryption for data at rest. Access is restricted to authorized personnel under least-privilege principles.

5. Data Retention

  • Call recordings: retained for 90 days from the date of the call, then permanently deleted unless Merchant requests earlier deletion
  • Call transcripts and metadata: retained for the duration of the active subscription plus 12 months
  • Account data: retained until account deletion, plus any period required by law
  • Post-termination: all Merchant data is deleted within 30 days of contract termination upon written request

6. Your Rights (CCPA and Applicable Law)

If you are a California resident (or a caller whose data was processed by our service), you may have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: request deletion of personal information we hold about you, subject to certain exceptions
  • Right to Opt-Out: we do not sell personal information, so no opt-out is currently required
  • Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at support@loom-us.com. We will respond within 45 days as required by law.

7. Cookies

Our website uses strictly necessary cookies for session management and security. We use analytics cookies (e.g., aggregate page-view counts) to understand site usage. We do not use third-party advertising cookies. You may disable cookies in your browser settings; this may affect certain site functions.

8. SMS and Email Communications

We may send transactional messages (billing alerts, usage notifications, service updates, and account confirmations) to your registered phone number and email address as part of normal service operation.

We will only send promotional or marketing messages with your prior express written consent. You may opt out of marketing communications at any time by:

  • Replying STOP to any SMS marketing message
  • Clicking the "Unsubscribe" link in any marketing email
  • Contacting support@loom-us.com

Opting out of marketing communications will not affect transactional messages necessary for service delivery and billing.

9. Sub-Processors and Third-Party Services

We share data with the following authorized sub-processors. All sub-processors are bound by data processing agreements and are prohibited from using your data for their own commercial purposes.

Sub-Processor Purpose Location
Alibaba Cloud Cloud hosting, data storage, and infrastructure United States (us-east-1)
Nanjing Xingfu Technology Co., Ltd. AI inference, voice processing, speech-to-text United States
ARBC technologies holdings limited Telephony infrastructure, call routing, phone number management United States
Creem Payment processing and subscription billing United States

We will notify Merchants of material changes to our sub-processor list at least 14 days in advance via email.

10. Data Processing Agreement (DPA)

This section constitutes the Data Processing Agreement between Loom Technology ("Processor") and the subscribing Merchant ("Controller"). Where the GDPR, CCPA, or China's Personal Information Protection Law (PIPL) applies, this DPA governs the processing of personal data on behalf of the Merchant.

10.1 Roles and Responsibilities

The Merchant acts as the data controller — determining the purposes and means of processing caller data collected through the Loom AI Voice service. Loom Technology acts as the data processor — processing personal data solely on the Merchant's instructions and for the purpose of providing the AI voice receptionist service.

10.2 Processing Purposes

Loom AI Voice processes personal data exclusively to:

  • Answer and route inbound phone calls on behalf of the Merchant
  • Record calls and generate transcripts where permitted by applicable law
  • Capture booking or appointment information for the Merchant
  • Generate usage analytics and billing records for the Merchant account

Loom AI Voice will not process personal data for any purpose other than the above without the Merchant's explicit written instruction.

10.3 Data Security Obligations

As data processor, Loom Technology shall:

  • Implement and maintain appropriate technical and organizational security measures (TLS 1.2+, AES-256 encryption, access controls)
  • Ensure that personnel with access to personal data are subject to confidentiality obligations
  • Assist the Merchant in complying with data subject access requests within 30 days of receipt
  • Not engage additional sub-processors without prior written notice to the Merchant

10.4 Data Breach Notification

In the event of a confirmed personal data breach, Loom Technology will notify the affected Merchant within 72 hours of becoming aware of the breach, providing:

  • A description of the nature of the breach
  • The categories and approximate number of individuals and data records affected
  • Likely consequences and measures taken to address the breach

10.5 Audit Rights

Merchants may request documentation of Loom Technology's compliance with this DPA once per calendar year by submitting a written request to support@loom-us.com. Loom Technology will respond within 30 days with relevant compliance documentation or audit reports.

10.6 Data Deletion upon Termination

Upon termination of the service agreement, Loom Technology will delete all personal data processed on the Merchant's behalf within 30 days of the termination date, unless applicable law requires longer retention. Merchants may request a data export prior to deletion by contacting support@loom-us.com.

11. International Data Transfers

11.1 Transfers to the United States

All primary call data processing takes place on Alibaba Cloud ECS infrastructure in the United States (us-east-1). If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, this constitutes an international data transfer. Such transfers are conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

11.2 China Personal Information Protection Law (PIPL)

As Loom Technology is a Chinese-registered entity, cross-border data transfers involving Chinese-resident individuals are subject to China's PIPL. We rely on individual consent as the legal basis for such transfers and implement data minimization principles — only the minimum data necessary to provide the service is transferred outside of China.

11.3 Data Minimization and Purpose Limitation

We apply data minimization principles to all cross-border transfers: only data strictly necessary for service delivery is transmitted internationally. We do not transfer call recordings internationally outside of the United States (us-east-1) hosting region.

12. Children's Privacy

The Service is intended for use by businesses and is not directed at children under 13 years of age. We do not knowingly collect, use, or disclose personal information from children under 13.

If we become aware that we have inadvertently collected personal information from a child under 13, we will take immediate steps to delete such information from our systems. Parents or legal guardians who believe their child's information may have been collected by the Service may contact us at support@loom-us.com to request review and deletion.

Because callers interact with an AI system operated on behalf of business Merchants, Merchants are responsible for ensuring that their use of the Service does not result in the collection of children's personal information in violation of the Children's Online Privacy Protection Act (COPPA) or equivalent state laws.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" above and, for material changes, notify business customers by email at least 14 days before the change takes effect. Continued use of the Service after the updated policy takes effect constitutes acceptance.

Contact Us

For privacy inquiries, DPA requests, data deletion, or CCPA rights:

Support: support@loom-us.com

Sales: sales@loom-us.com

Company: Haikou Zhiji Technology Co., Ltd., trading as Loom Technology

Address: Hainan Free Trade Port, People's Republic of China