Privacy Policy

1) Scope

This policy applies when you:

• Visit our website
• Join a waitlist or create an account
• Install and use the Outloop extension
• Connect an email account via Google OAuth
• Use drafting, reply workflows, and support

Third-party services you use alongside Outloop (for example Google, your browser, or other integrations) are governed by their own policies.

2) Information we collect

A) Information you provide

• Account and profile: name, email address, organization name, authentication identifiers
• Onboarding details: information you submit about your workflow or goals
• Support and feedback: messages, bug reports, screenshots, and files you send us

B) Email data (via Google OAuth, if you connect it)

Depending on the permissions you approve, the Service may access and process email data needed to provide the features you use.

Scope: Outloop accesses and processes email content and metadata only for conversations you launch from Outloop (for example threads you open, reply to, or manage through the Outloop extension), plus drafts you create and messages you send through Outloop. We do not scan your entire inbox.

• Email content (subject, body) for conversations you launch from Outloop
• Sender and recipient addresses
• Thread identifiers, message IDs, timestamps, headers, and related metadata
• Drafts you create and emails you send through Outloop

C) Lead capture data (from supported web pages)

If you use the extension’s lead capture features, the extension may read and extract limited information from supported pages when you take action (for example clicking “Capture lead”).

• Profile name or handle
• Profile URL
• Bio text and visible links
• Publicly visible contact information (if present on the page)
• Optional bio-link page data (for example Linktree-style pages) when you initiate scanning

We do not collect your general browsing history as a product feature. Lead capture occurs only on supported pages and in response to your actions in the extension.

D) Extension and device data

• Extension settings and state (for example preferences)
• Device and browser info (for example browser type, OS, language)
• Diagnostics (for example crash reports, error logs, performance metrics)

D) Usage data

• Actions you take in the Service (for example generate a draft, approve, send)
• Feature usage and interaction events
• Approximate timestamps and event metadata

E) Cookies and similar technologies

We may use cookies or similar technologies on our website to:

• Keep you signed in
• Remember preferences
• Help protect the Service (for example basic security and abuse prevention)

You can control cookies through your browser settings. Some cookies are necessary for core functionality.

F) Payment and billing (if you purchase a plan)

If we offer paid plans, payments will be handled by third-party processors. We typically receive billing contact details and payment status, but not full payment card details.

3) How we use information

We use information to:

• Provide the Service (connect email, show relevant conversations, generate drafts, send emails you approve)
• Maintain and improve the Service (debugging, performance, feature development)
• Security and abuse prevention (protect accounts, prevent fraud, investigate suspicious activity)
• Support (respond to requests, fix issues)
• Communications (service updates, onboarding, important notices)
• Compliance (meet legal obligations)

We do not sell your personal information.

4) Approval and sending

By default, Outloop requires your explicit approval before sending emails. Drafts are suggestions until you approve sending. If you enable optional scheduled sending or automation features (for example follow-ups), Outloop may send messages according to the settings you configure, and you can disable these features at any time.

5) AI and drafting features

If you use AI drafting or summarization:

• We send only the information needed to produce the output you requested (for example the relevant parts of a connected conversation plus the instructions you provide).
• AI outputs are generated by service providers (for example OpenAI) that process the data under our instructions to provide drafting and summarization features.
• We restrict access to that data to authorized systems and personnel.
• We do not use your connected email content to train our own generalized models.
• Outloop’s use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

If we ever introduce an optional data-sharing or training opt-in, it will be clearly presented and disabled by default.

6) How we share information

We share information only as necessary to operate the Service:

A) Service providers (subprocessors)

We use a small number of service providers to operate the Service. They may process data only under our instructions and to provide services to us.

Service providers include:

• Vercel: application hosting and infrastructure
• Supabase: database, authentication, and storage
• OpenAI: AI text generation for drafting and summarization
• Stripe (if you purchase a plan): payment processing and billing

B) Legal and safety

We may disclose information if we believe it is necessary to:

• Comply with law or valid legal process
• Protect the safety and security of the Service and users
• Prevent fraud or abuse

C) Business transfers

If Outloop is involved in a merger, acquisition, or asset sale, information may be transferred as part of the transaction. We will provide notice when required.

D) International data transfers

Outloop is operated from Canada. Your information may be processed in other countries where we or our service providers operate (for example where our infrastructure is hosted). Data protection laws in those countries may differ from the laws in your country.

7) Data retention

We retain personal information only as long as needed to provide the Service and meet legal, accounting, and security obligations.

• Account data: retained while your account is active.
• Lead and campaign data: retained while your account is active or until you delete it in the Service or request deletion.
• Connected email data: retained only as needed to provide the features you use. When you disconnect your email account or request deletion, we delete or de-identify connected email content within 30 days, unless we must keep it longer to comply with legal obligations.
• Logs and diagnostics: retained for up to 30 days for security, debugging, and reliability.
• Backups: backup copies may persist for up to 30 days before being overwritten.

You can request deletion (see Section 9). Disconnecting your email account stops further access.

8) Security

We use reasonable administrative, technical, and organizational safeguards designed to protect your information (for example encryption in transit, access controls, and least-privilege practices). No system is perfectly secure, but we work to reduce risk.

9) Your choices and rights

You can:

• Revoke access by disconnecting Outloop in your Google account settings (if you connected via Google OAuth)
• Request access, correction, or deletion of your personal information by contacting us at privacy@outloop.ai
• Control cookies via your browser settings

We may ask you to verify your identity before fulfilling certain requests.

Additional rights (depending on your location): If you are located in certain jurisdictions, you may have additional rights such as data portability, objection, or the right to lodge a complaint with a regulator. To exercise any applicable rights, contact us at privacy@outloop.ai.

10) Children

Outloop is not intended for children. If you believe a child has provided personal information, contact us and we will take appropriate steps.

11) Changes to this policy

We may update this policy from time to time. If changes are material, we will post an updated version and update the "Last updated" date. Where required, we will provide additional notice.

12) Contact

Questions or requests: privacy@outloop.ai