Looma’s Trust Center
Overview
The Looma Trust Centre gives you a clear view of how we protect your data.
We believe privacy should be practical, transparent and rewarding. Looma is built to keep data on your device by default, using on device AI so that you stay in control.
We only share anonymised insights when you choose to do so. No hidden data collection. No raw cloud storage by default.
1. Our approach to trust
Everything we build starts with respect for your privacy. Looma’s model is simple, your data stays on your device and if you ever choose to share anonymised insights, you’ll know exactly what’s shared, with whom, and for how long.
Our aim is to make privacy visible and data control effortless.
2. Data Activity Statement
At Looma, we believe your trust starts with clarity. Here’s how we handle data activity on our website:
1. Analytics
- We use a privacy first analytics tool (Plausible).
- It tells us things like how many people visited, which pages are most useful and what countries visitors came from.
- It does this without using cookies, without storing personal information and without creating profiles of individual visitors.
2. Forms & Sign-Ups
- If you give us your email to join the waitlist or receive updates, we only use it to send you Looma news and information.
- We don’t add you to other lists and we don’t share your details with anyone else.
- You can remove your email at any time.
3. Server Logs
- Our hosting provider may collect basic security logs (for example, IP address, browser type) to protect against abuse.
- These logs are automatically deleted after a short time. We don’t use them for marketing or profiling.
4. How We Use Activity Data
- The limited data we do collect is used only to improve Looma’s services, things like fixing broken pages, understanding which features people care about most and planning future improvements.
- We never sell this data.
5. Your Control
- You don’t need to accept or decline any cookies to use Looma’s site.
- You can request to see or delete any information you’ve given us (like your email address).
3. Security at a glance
- On device encryption: All local data is encrypted using your device’s built in security features.
- Time limited encryption keys: Each shared dataset uses a unique key that expires under our Data Packet Expiry Policy (DPEP).
- Secure transport: Any data sent from your device uses modern encryption.
- No raw cloud storage: Only anonymised summaries leave the device.
- No third party tracking: We don’t use ads or analytics that profile you.
4. Data Packet Expiry (DPEP)
All anonymised data packets shared through Looma have a clear, finite lifecycle.
Each one is encrypted and assigned a time limited key that automatically expires, typically after five years.
Once expired, the packet becomes unreadable and permanently inaccessible.
This ensures your shared data never lives indefinitely.
5. Permissions we request (and why)
| Permission | Purpose | Required? |
|---|---|---|
| Usage access | To identify which apps collect data, so Looma can show you real activity. | Optional |
| Notifications | To remind you about app hygiene or unused apps. | Optional |
| Health & fitness data | For users who want wellness insights; used locally only. | Optional |
| Photos | To remove location or metadata before sharing. | Optional |
| Accessibility | For advanced tracking-blocker features on Android. | Optional |
You choose which permissions to allow. Features gracefully degrade if they’re switched off.
6. Data locations
Your data stays on your device by default.
When you share anonymised insights, they’re processed locally and transmitted securely to verified buyers through Looma’s marketplace.
Our web infrastructure is hosted in the UK, with EU servers used for analytics and redundancy, ensuring all data remains within GDPR-compliant regions.
7. Third party services
We use a very small number of third party services to run Looma’s public website and communication channels:
| Service | Purpose | Data handled |
|---|---|---|
| Formspree | Contact form submissions (name, email, message) sent securely to Looma’s inbox. | Limited form content |
| Gmail | Handles inbound support and press emails. | Sender’s message only |
| Plausible | Privacy first analytics (no cookies, no personal data). | Anonymous website statistics |
We do not embed social media trackers, pixels or targeted advertising scripts.
8. User controls
- Delete your data at any time within the Looma app.
- Revoke consent instantly for any campaign you’ve joined.
- Export and view your data sharing history (coming soon).
- Set expiry preferences for shared data packets.
You remain in full control at all times.
9. Privacy compliance
Looma aligns with data protection standards under GDPR, UK DPDI and the EU Data Act.
We follow these key principles:
- Data minimisation: We only collect what’s necessary.
- Purpose limitation: Data is used solely for the reason it was shared.
- Transparency: You always know what’s happening.
- Right to erasure: Delete data instantly.
- Portability: Your data is yours to take.
10. Incident response
If we ever identify a security incident affecting your information, we’ll act quickly and transparently.
We review and respond to reports within 24–72 hours and will notify affected users without undue delay.
For urgent issues, please visit our contact page.
11. Vulnerability disclosure
If you think you’ve found a security or privacy vulnerability, please tell us.
We support responsible disclosure and won’t take legal action for good faith research.
PGP key and public disclosure policy coming soon.
12. Transparency & audits
We’re building towards quarterly transparency updates that summarise:
- Permission usage trends
- Changes affecting privacy
- Marketplace activity (campaigns and anonymisation statistics)
- Any security incidents and how they were resolved
Independent privacy and security audits are planned ahead of Looma’s marketplace release.
13. Legal requests
We don’t hold raw personal data on central servers.
If a lawful request ever requires disclosure, we can only provide anonymised or aggregate information.
We’ll notify affected users unless legally prevented from doing so.
14. Children & sensitive data
Looma isn’t designed for children under 16.
We don’t knowingly collect or process children’s data.
Sensitive data such as health information is always opt in and protected by shorter expiry cycles under the DPEP framework.
15. Changelog
This Trust Centre is a living document. We’ll record any changes, new features, or added services here, with dates for transparency.
Change log:
- October 2025 — Initial release of Looma Trust Centre.
Last updated: October 2025