Privacy

Customer data means non-public data provided by a customer to Loopfour so Loopfour can provide the services. This may include finance workflow data, contracts, invoices, integration configurations, operational metrics, monitoring data, and other workspace information connected by the customer.

Customer data remains owned by the customer. Loopfour treats customer data and customer-specific monitoring data as confidential information under the applicable agreement.

Loopfour uses customer data to provide, support, secure, monitor, maintain, troubleshoot, and improve the services and related systems.

Loopfour may analyze service usage, performance, diagnostic, and operational information for development, diagnostic, corrective, security, reliability, and service improvement purposes.

Where permitted by the applicable agreement, Loopfour may disclose usage or performance information only in aggregate or de-identified form in connection with its business.

Each party is responsible for complying with applicable privacy and data protection laws for its activities under the applicable agreement.

To the extent Loopfour processes personal data on behalf of a customer, including personal data regulated by CCPA, GDPR, or similar laws, the parties may enter into a mutually agreed data processing addendum before that processing begins.

Loopfour does not make a blanket GDPR compliance claim on this site. Regional privacy obligations are handled through customer-specific agreements, addenda, and configurations where applicable.

Loopfour maintains commercially reasonable administrative, physical, and technical safeguards designed to protect the security, confidentiality, and integrity of customer data against unauthorized access, use, disclosure, or destruction.

Customer administrators control which users, integrations, documents, workflows, and destination systems are connected to their workspace.

For a confirmed security breach affecting customer data, Loopfour provides written notice without undue delay and, where required by the applicable agreement, within seventy-two (72) hours after becoming aware of the breach.

Security notices may include the nature of the breach, categories and approximate number of affected data subjects where known, likely consequences, and measures taken or proposed to address the breach.

Customers are responsible for protecting credentials, API keys, and access tokens; enabling MFA for administrator accounts where available; keeping endpoint devices patched and protected; and training personnel on their applicable information security policies before access.

Customers should promptly notify Loopfour through the applicable agreement notice process, support process, or security contact if they confirm or reasonably suspect unauthorized access, credential compromise, or a security incident related to the services.

Loopfour workflows may connect to customer-selected third-party systems, including CRM, ERP, accounting, payment, communication, document, and data platforms.

Third-party services and APIs are not operated by Loopfour. Customers are responsible for their own third-party accounts, credentials, permissions, connector health, network settings, and customer-side pipelines.

Upon expiration or termination of an applicable agreement, customers may request an export of customer data in a commonly used, machine-readable format, such as CSV or JSON, within the request period stated in the applicable agreement.

After that request period, Loopfour may delete customer data according to its standard retention and deletion policies, subject to applicable legal retention obligations. Where the agreement requires it, Loopfour can provide written certification of deletion upon customer request.

For privacy, security, or data processing questions, contact [email protected]. Customers with signed agreements should use their agreement notice process where one applies.