Loops

Privacy Policy

Last updated: May 1, 2026

Who we are

Loops, Inc. ("Loops," "we") provides wallet-pass infrastructure for boutique fitness studios. This policy covers our marketing site (loops.fitness), the Loops dashboard, and the Loops scanner app.

What we collect

Studios: account info (name, email, password hash), billing info (processed by our payment processor — we don't store full card numbers), studio brand details, and integration credentials (e.g. Mariana Tek OAuth tokens).

Members of your studio: name, email, phone, check-in history, pass install state, and referral activity. We only receive what your studio shares with us via your CRM, an install link, or a check-in scan.

Visitors to loops.fitness: if you accept analytics, we use PostHog to record anonymous pageviews and CTA clicks. We do not use third-party advertising trackers and we do not sell visitor data.

How we use it

  • Deliver the Service: keep wallet passes up to date, send pass-relevant push notifications, run check-ins, attribute referrals.
  • Bill studios and prevent fraud.
  • Provide product analytics back to your studio.
  • Respond to support requests.
  • Improve the Service in aggregate.

We do not sell member data, and we do not use member data to train AI models.

Apple Wallet & Google Wallet

Push notifications are delivered through Apple Wallet (APNs) and Google Wallet — not by Loops directly. Per Apple and Google guidelines, push content must be relevant to the pass (e.g. class reminders, milestone unlocks, expiration warnings). We do not use wallet push for unrelated marketing.

Sharing & subprocessors

We share data only with subprocessors that help us run the Service:

  • Cloud hosting & database (Supabase, Cloudflare).
  • Pass infrastructure (PassKit, Apple, Google).
  • Payment processing (Stripe).
  • Email delivery (Resend).
  • Product analytics (PostHog) — only when you accept the cookie banner.
  • Studio's own integrations (CRMs, messaging tools) — these run under your studio's account, not ours.

Data retention

We keep studio account data for as long as the account is active, plus 90 days after closure for backup integrity. Member data is retained as long as your studio's account is active or until your studio deletes it.

Your rights

Depending on where you live (e.g. EU/UK under GDPR, California under CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. To exercise these rights, email privacy@loops.fitness. For studio members: please contact your studio first; we'll route requests to them as the data controller.

Security

We use TLS in transit, encryption at rest, scoped access controls, and regular dependency scanning. Report suspected vulnerabilities to security@loops.fitness.

Children

The Service isn't directed to children under 13, and we don't knowingly collect data from them. If a studio adds a member under 13 by mistake, contact us and we'll remove the record.

Changes

Material changes to this policy will be announced by email or in-product notice at least 30 days before they take effect.

Contact

Privacy questions: privacy@loops.fitness. General: hello@loops.fitness.