Loom Data Privacy Framework Notice

Last updated: September 13, 2023

Loom, Inc. (collectively, “Loom”, “we”, “our” or “us”) has created this Data Privacy Framework Notice (“Notice”) to describe our standards and procedures for handling personal information in accordance with the EU-U.S., UK Extension to the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (collectively, “DPF”).

Loom has certified to and will adhere to the DPF by adopting and implementing the DPF Principles (“Principles”). More information about the DPF can be found at Our DPF certification can be found at

This Notice supplements our Privacy Policy here. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Privacy Policy here. In case of conflict between the Privacy Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern.

How we obtain Personal Information

We obtain and process personal information from the European Economic Area (“EEA”), the United Kingdom or Switzerland in different capacities:

  • As a controller, we collect and process EEA, UK and Swiss personal information directly from individuals, either via our publicly available websites, including, or in connection with our customer, reseller, partner, and vendor relationships.
  • As a processor we obtain and process EEA, UK and Swiss personal information on behalf of and at the instructions of our customers in connection with our Services. In that context, customers are the controllers.

Loom commits to subject to the Principles all personal information received from the EEA, the UK or Switzerland in reliance on the DPF as a controller or as a processor, as applicable.

DPF Principles

1. Notice. Our Privacy Policy here in combination with this Notice describes our privacy practices, including the types of personal information collected and the purposes of the processing.  When providing our Services as a processor, our customers determine the types of personal information we process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals.

We will adhere to the Principles for as long as we retain the personal information collected under the DPF.

When providing our Services as a processor, we process and retain personal information as necessary to provide our Services as permitted in our agreements, or as required or permitted under applicable law.

2. Accountability for Onward Transfer of Personal Information. Loom may transfer personal information as described in the Privacy Policy here.  When providing our Services as a processor, we disclose personal information as provided in our agreement with customers.

We remain responsible for the processing of personal information received under the DPF and subsequently transferred to a third party acting as a processor if the processor processes such personal information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

3. Security. Loom takes reasonable and appropriate precautions, taking into account the risks involved in the processing and the nature of the personal information, to help protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

4. Data Integrity and Purpose Limitation. Any personal information we receive may be processed by Loom for the purposes indicated in our Privacy Policy here or as otherwise notified to you. We will not process personal information in a way that is incompatible with these purposes unless subsequently authorized by you.

We take reasonable steps to limit the collection and usage of personal information to that which is relevant for the purposes for which it was collected, and to ensure that such personal information is reliable, accurate, complete and current.  Individuals are encouraged to keep their personal information with Loom up to date and may contact Loom as indicated below or in the Privacy Policy here to request that their personal information be updated or corrected.

5. Access and Choice. If we intend to use your personal information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.

Where appropriate, you have the right to access to the personal information we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Us” below.  We will review your request in accordance with the Principles, and may limit or deny access to personal information as permitted by the Principles.

When providing our Services as a processor, we only process and disclose the personal information as specified in our agreements.  Our customers control how personal information is disclosed to us and processed, and how it can be modified.  Accordingly, if you want to request access, or to limit use or disclosure of your personal information, please contact the company to whom you submitted your personal information and that uses our Services.  If you provide us with the name of the company to whom you provided your personal information and who is our customer, we will refer your request to that customer and support them in responding to your request.

6. Recourse, Enforcement, and Liability. We conduct an annual self-assessment of our practices regarding personal information intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.

In compliance with the DPF, Loom commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

In compliance with the DPF, Loom commits to resolve DPF Principles-related complaints about our collection and use of your personal information. If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the Principles. We will respond to you within 45 days of receiving your complaint.

If an issue cannot be resolved through Loom’s internal dispute resolution mechanism, you may submit a complaint, at no cost, to JAMS, which serves as Loom’s alternative dispute resolution provider. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.

Loom is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Changes to this Notice

This Notice may be amended consistent with the requirements of the DPF. When we update this Notice, we will also revise the “Last Updated” date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.

Contact Us

If you have any questions, concerns or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:

  • via email at; or
  • by mailing to Loom, Inc., 5214F Diamond Heights Blvd #3391, San Francisco, California 94131.

Stay informed

Subscribe to receive notifications from us about updates to our legal terms (including our legal policies) and our list of sub-processors.