Privacy Policy

Last updated: February 12, 2026

This Privacy Policy describes how Lootly collects, uses, discloses, and protects personal information for creators, customers, and visitors using Lootly Services.

1. Scope and Controller

This Privacy Policy applies to Lootly websites, creator storefronts, dashboard tools, checkout, and related services (collectively, the "Services").
Lootly acts as a data controller for account, platform, and operational data. Creators may separately act as independent controllers for their customer relationship data and marketing.

2. Personal Information We Collect

Identifiers and account data: name, email, username, password hash, profile details, and account settings.
Commercial and transaction data: product details, order records, payment status, refunds, payouts, and receipts.
Customer checkout data: customer name, email, custom checkout fields, consent selections, and order metadata.
Technical and usage data: IP address, device/browser information, app logs, and analytics events.
Support and communication data: content of support requests, feedback, and communications with us.
Content and files you upload: digital products, media, and course content submitted by creators.
Payment data: card and bank details are collected and processed by payment partners (such as Stripe), not stored in full by Lootly.

3. Sources of Personal Information

Directly from you when you create an account, use checkout, submit content, or contact support.
Automatically through cookies, log files, and similar technologies when you use the Services.
From service providers and integration partners involved in authentication, payments, storage, and analytics.
From creators and customers in connection with purchases and delivery of creator products.

4. How We Use Personal Information

To provide and operate the Services, including authentication, storefront hosting, checkout, and digital delivery.
To process transactions, payouts, chargebacks, and fraud/risk checks.
To maintain security, detect abuse, enforce platform policies, and prevent unauthorized access.
To communicate with you about account activity, service updates, legal notices, and support responses.
To improve product quality, reliability, and user experience.
To comply with legal obligations and resolve disputes.

5. Legal Bases (EEA/UK Users)

Performance of a contract: providing the Services, processing purchases, and delivering digital content.
Legitimate interests: improving service quality, preventing fraud, securing the platform, and supporting users.
Consent: where legally required, including optional marketing or non-essential cookies in certain jurisdictions.
Legal obligation: retaining and disclosing information where required by tax, accounting, consumer, or other applicable laws.

6. How We Share Personal Information

With processors and vendors that provide hosting, storage, authentication, analytics, communications, and operations support.
With payment and financial partners to process payments, payouts, disputes, and compliance checks.
Between creators and customers when necessary to complete purchases, receipts, and product access.
With legal authorities or other parties when required by law, legal process, or to protect rights, safety, and platform integrity.
In connection with a merger, financing, acquisition, reorganization, or sale of all or part of the business.

7. Sale, Sharing, and Targeted Advertising

Lootly does not sell personal information for money.
Lootly does not use sensitive personal information to infer characteristics about users.
If our practices change, we will update this policy and provide any required opt-out methods under applicable U.S. state privacy laws.

8. Cookies and Similar Technologies

We use essential cookies and local storage to keep you signed in, maintain security, and remember basic preferences.
We may use analytics technologies to understand traffic, product usage, and service performance.
Where required by law, you can accept or decline non-essential cookies through our consent interface.

9. Data Retention

We retain personal information for as long as reasonably necessary for service operation, account administration, dispute resolution, security, and legal compliance.
Retention periods vary based on data type, account status, legal obligations, and legitimate business needs.
When data is no longer required, we delete, aggregate, or de-identify it in accordance with our retention practices.

10. International Data Transfers

Your information may be processed in countries other than your own, including where our providers operate.
Where required, cross-border transfers are protected using legally recognized safeguards, such as contractual commitments and equivalent protections.

11. Security

We use administrative, technical, and organizational safeguards designed to protect personal information.
No system is fully secure, so you should maintain strong credentials and protect your account access.

12. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or receive a copy of personal information, and to limit or object to certain processing.
U.S. state privacy rights may include rights to know/access, delete, correct, portability, opt out of certain sharing/targeted advertising, non-discrimination, and appeal.
EEA/UK rights may include data portability, restriction, objection, and withdrawal of consent where processing is based on consent.
You may exercise applicable rights by contacting support through your account or website support channels. We may verify identity before processing requests.
If you are in the EEA/UK, you may also lodge a complaint with your local data protection authority.

13. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.
If we learn that a child under 13 provided personal information, we will take steps to delete it as required by applicable law.

14. Third-Party Services

The Services may link to third-party websites, tools, and processors. Their privacy practices are governed by their own policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last updated" date.
Where required by law, we will provide additional notice before material changes take effect.

16. Contact Us

For privacy questions or rights requests, contact Lootly support through the channels listed in the app or website.
If you are a creator, you can also submit requests through your dashboard support flow to speed verification.

Privacy Policy

Last updated: February 12, 2026

This Privacy Policy describes how Lootly collects, uses, discloses, and protects personal information for creators, customers, and visitors using Lootly Services.

1. Scope and Controller

This Privacy Policy applies to Lootly websites, creator storefronts, dashboard tools, checkout, and related services (collectively, the "Services").
Lootly acts as a data controller for account, platform, and operational data. Creators may separately act as independent controllers for their customer relationship data and marketing.

2. Personal Information We Collect

Identifiers and account data: name, email, username, password hash, profile details, and account settings.
Commercial and transaction data: product details, order records, payment status, refunds, payouts, and receipts.
Customer checkout data: customer name, email, custom checkout fields, consent selections, and order metadata.
Technical and usage data: IP address, device/browser information, app logs, and analytics events.
Support and communication data: content of support requests, feedback, and communications with us.
Content and files you upload: digital products, media, and course content submitted by creators.
Payment data: card and bank details are collected and processed by payment partners (such as Stripe), not stored in full by Lootly.

3. Sources of Personal Information

Directly from you when you create an account, use checkout, submit content, or contact support.
Automatically through cookies, log files, and similar technologies when you use the Services.
From service providers and integration partners involved in authentication, payments, storage, and analytics.
From creators and customers in connection with purchases and delivery of creator products.

4. How We Use Personal Information

To provide and operate the Services, including authentication, storefront hosting, checkout, and digital delivery.
To process transactions, payouts, chargebacks, and fraud/risk checks.
To maintain security, detect abuse, enforce platform policies, and prevent unauthorized access.
To communicate with you about account activity, service updates, legal notices, and support responses.
To improve product quality, reliability, and user experience.
To comply with legal obligations and resolve disputes.

5. Legal Bases (EEA/UK Users)

Performance of a contract: providing the Services, processing purchases, and delivering digital content.
Legitimate interests: improving service quality, preventing fraud, securing the platform, and supporting users.
Consent: where legally required, including optional marketing or non-essential cookies in certain jurisdictions.
Legal obligation: retaining and disclosing information where required by tax, accounting, consumer, or other applicable laws.

6. How We Share Personal Information

With processors and vendors that provide hosting, storage, authentication, analytics, communications, and operations support.
With payment and financial partners to process payments, payouts, disputes, and compliance checks.
Between creators and customers when necessary to complete purchases, receipts, and product access.
With legal authorities or other parties when required by law, legal process, or to protect rights, safety, and platform integrity.
In connection with a merger, financing, acquisition, reorganization, or sale of all or part of the business.

7. Sale, Sharing, and Targeted Advertising

Lootly does not sell personal information for money.
Lootly does not use sensitive personal information to infer characteristics about users.
If our practices change, we will update this policy and provide any required opt-out methods under applicable U.S. state privacy laws.

8. Cookies and Similar Technologies

We use essential cookies and local storage to keep you signed in, maintain security, and remember basic preferences.
We may use analytics technologies to understand traffic, product usage, and service performance.
Where required by law, you can accept or decline non-essential cookies through our consent interface.

9. Data Retention

We retain personal information for as long as reasonably necessary for service operation, account administration, dispute resolution, security, and legal compliance.
Retention periods vary based on data type, account status, legal obligations, and legitimate business needs.
When data is no longer required, we delete, aggregate, or de-identify it in accordance with our retention practices.

10. International Data Transfers

Your information may be processed in countries other than your own, including where our providers operate.
Where required, cross-border transfers are protected using legally recognized safeguards, such as contractual commitments and equivalent protections.

11. Security

We use administrative, technical, and organizational safeguards designed to protect personal information.
No system is fully secure, so you should maintain strong credentials and protect your account access.

12. Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or receive a copy of personal information, and to limit or object to certain processing.
U.S. state privacy rights may include rights to know/access, delete, correct, portability, opt out of certain sharing/targeted advertising, non-discrimination, and appeal.
EEA/UK rights may include data portability, restriction, objection, and withdrawal of consent where processing is based on consent.
You may exercise applicable rights by contacting support through your account or website support channels. We may verify identity before processing requests.
If you are in the EEA/UK, you may also lodge a complaint with your local data protection authority.

13. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.
If we learn that a child under 13 provided personal information, we will take steps to delete it as required by applicable law.

14. Third-Party Services

The Services may link to third-party websites, tools, and processors. Their privacy practices are governed by their own policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last updated" date.
Where required by law, we will provide additional notice before material changes take effect.

16. Contact Us

For privacy questions or rights requests, contact Lootly support through the channels listed in the app or website.
If you are a creator, you can also submit requests through your dashboard support flow to speed verification.