Privacy Policy

Last updated:

Email:

hello@cypher.com

Phone Number:

(415) 555-8247

Privacy Policy

Loopbase Pte. Ltd. | Effective Date: 14 May 2026

This Privacy Policy explains how Loopbase Pte. Ltd. ("Loopbase", "we", "us", or "our") collects, uses, discloses, and protects personal data when you access or use the Loopbase platform (the "Platform"). This policy applies to business users of the Platform and is intended to comply with the Singapore Personal Data Protection Act 2012 ("PDPA") and other applicable data protection laws.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

Loopbase Pte. Ltd. is the data controller of personal data collected from users of the Platform. You, as a business user, are the data controller of Customer Data (your end-customers' personal data) processed through the Platform. Loopbase acts as a data processor in respect of Customer Data.

2. What Personal Data We Collect
2.1 Data You Provide Directly

  • Account registration data: name, email address, business name, contact number

  • Billing information: processed and stored securely by Stripe; Loopbase does not store full payment card details

  • Communications: messages, support requests, and enquiries you send us

  • Onboarding information: business type, location, number of outlets

2.2 Data Collected Automatically

  • Platform usage data: features accessed, campaigns created, loyalty program activity

  • Device and technical data: IP address, browser type and version, operating system, device identifiers

  • Log data: access times, pages viewed, errors encountered

  • Cookies and similar tracking technologies: as described in our Cookies Policy

2.3 Customer Data (End-Customer Data)

When you use the Platform, you may upload or generate data about your end-customers, including their names, contact numbers, email addresses, transaction history, and loyalty activity. You are the data controller of this data. Loopbase processes this data solely on your instructions to deliver the Platform's services.

2.4 Integration Data

If you connect third-party services such as WhatsApp or Stripe to the Platform, we may receive data from those services to the extent necessary to provide the integration functionality. The scope of data received is governed by your settings and the third-party services' own terms.

3. How We Use Personal Data

We use personal data collected from Platform users to:

  • Create and manage your Account

  • Provide, operate, maintain, and improve the Platform

  • Process payments and manage billing

  • Send transactional communications such as account confirmations, invoices, and service notices

  • Provide customer support

  • Send product updates, feature announcements, and marketing communications (you may opt out at any time)

  • Monitor and analyse Platform usage to improve performance and user experience

  • Detect, prevent, and investigate fraud, abuse, or security incidents

  • Comply with legal obligations

We process Customer Data solely to:

  • Deliver the automation, loyalty, outreach, and intelligence features you configure through the Platform

  • Generate analytics and insights within your Account dashboard

  • Improve the Platform's AI and automation performance (using anonymised or aggregated data only)

4. Legal Basis for Processing

Under the PDPA and applicable law, we process personal data on the following bases:

  • Contract: processing is necessary to provide the Platform services under our Terms of Service

  • Consent: where you or your end-customers have given consent to specific processing activities

  • Legitimate interests: where processing is necessary for our legitimate business interests, such as improving the Platform and preventing fraud, and these interests are not overridden by your rights

  • Legal obligation: where we are required to process data to comply with applicable law

5. AI Processing and Automation

The Platform uses AI systems to analyse customer behaviour patterns, generate campaign recommendations, automate outreach messages, and execute loyalty program actions. All AI processing is performed solely to deliver Platform functionality.

Loopbase does not use Customer Data to train general AI models that benefit third parties. Aggregated and anonymised usage data may be used to improve the Platform's AI performance.

Automated decisions made by the Platform (such as triggering a re-engagement message) are based on configurations you set. You remain in control of and responsible for all automated actions executed through your Account.

6. Data Sharing and Disclosure

We do not sell your personal data or your end-customers' personal data.

We may share personal data with:

  • Service providers: trusted third-party vendors who assist in operating the Platform, including cloud infrastructure providers, analytics providers, and customer support tools. All service providers are bound by data processing agreements and may only process data on our instructions

  • Payment processor: Stripe, for the purpose of processing subscription payments. Stripe's privacy policy governs their handling of payment data

  • Messaging platform: Meta (WhatsApp), for the purpose of delivering automated messages to your end-customers where you have configured this integration

  • Legal authorities: where required by applicable law, court order, or government authority

  • Business transfers: in connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality protections

In all cases, we share only the minimum data necessary for the specific purpose.

7. Cross-Border Data Transfers

Loopbase operates primarily from Singapore. Your data may be processed by our service providers in other countries, including the United States and the European Economic Area, where data protection laws may differ from those in Singapore.

Where we transfer personal data outside Singapore, we ensure appropriate safeguards are in place in accordance with the PDPA's data transfer requirements, including contractual protections with receiving parties.

8. Data Retention

We retain personal data for as long as necessary to provide the Platform services and fulfil the purposes described in this Privacy Policy, or as required by applicable law.

Specifically:

  • Account data: retained for the duration of your active subscription and for 30 days following account termination, after which it is deleted or anonymised

  • Customer Data: retained in accordance with your account settings; you may delete Customer Data at any time through the Platform

  • Billing records: retained for 7 years as required by Singapore accounting and tax law

  • Log and security data: retained for up to 12 months

You may request deletion of your account and associated personal data by contacting support@loopbaseapp.com, subject to any legal retention obligations.

9. Data Security

Loopbase implements industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

  • Encryption of data in transit using TLS

  • Access controls and authentication requirements

  • Regular security monitoring and vulnerability assessments

  • Staff training on data protection obligations

In the event of a personal data breach that is likely to result in significant harm, Loopbase will notify affected users and, where required, the Personal Data Protection Commission (PDPC) of Singapore in accordance with the PDPA mandatory breach notification requirements.

10. Your Rights

Under the PDPA and applicable law, you have the right to:

  • Access: request a copy of the personal data we hold about you

  • Correction: request that we correct inaccurate or incomplete personal data

  • Withdrawal of consent: withdraw consent to processing where consent is the legal basis, without affecting the lawfulness of prior processing

  • Data portability: request transfer of your data in a structured, commonly used format where technically feasible

  • Erasure: request deletion of your personal data, subject to our legal retention obligations

  • Restriction: request that we restrict processing of your personal data in certain circumstances

To exercise any of these rights, please contact us at support@loopbaseapp.com. We will respond to requests within 30 days. We may require you to verify your identity before processing your request.

11. Children's Data

The Platform is intended for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal data from individuals under 18. If you believe that we have inadvertently collected data from a minor, please contact us at support@loopbaseapp.com and we will take steps to delete such data.

12. Third-Party Links and Services

The Platform may contain links to or integrations with third-party websites and services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you connect to or access through the Platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify you by email or through the Platform at least 14 days before the changes take effect. The updated policy will be posted on our website with a revised effective date.

Your continued use of the Platform after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please contact us at:

Loopbase Pte. Ltd.

Email: support@loopbaseapp.com

For unresolved complaints relating to data protection, you may also contact the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.