Privacy Policy
Last updated: June 30, 2026
This Privacy Policy describes how The Lux Agency, LLC ("Loop," "we," "us") collects, uses, and shares information when you use the Loop referral rewards platform at my-loops.com and related services (collectively, the "Service"). This page is maintained by Loop and is not an independent certification.
1. Who is the data controller
Loop acts as the controller for information about Business Account holders (owners and staff) and as a processor / service provider for end-customer data that a Business uploads or that end-customers submit through a Business's referral program. The Business is the controller of its own customer list. Each Business is responsible for its own privacy disclosures to its customers regarding the rewards program it operates through Loop.
2. Information we collect
- Account information: name, email, password hash, business name, logo, and billing email.
- Customer information (entered by a Business or its customers): first name, email address, optional phone number, referral history, visit history, in-store cash balance, and redemption history.
- Payment information: processed directly by Stripe; we do not store full card numbers. We retain Stripe customer and subscription identifiers.
- Usage data: device, browser, IP address, pages viewed, and login attempt records (used for brute-force protection).
- Communications: emails and, where enabled, SMS messages sent through the Service, plus opt-in / opt-out status.
3. How we use information
- To operate the referral program: issuing referral codes, tracking visits, calculating in-store cash balances, and confirming redemptions.
- To send transactional messages: account, security, billing, and referral-program notifications.
- To prevent fraud, abuse, and unauthorized access (including rate-limiting and account-lockout).
- To comply with legal obligations and enforce our Terms.
4. SMS / text messaging
When SMS is enabled for a Business, Loop sends text messages on the Business's behalf to recipients who have provided prior express written consent as required by the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, FCC rules at 47 C.F.R. § 64.1200, and CTIA Messaging Principles and Best Practices. By providing a mobile number and opting in, the recipient agrees to receive recurring program messages (e.g., referral invites, balance updates, redemption confirmations). Message and data rates may apply. Message frequency varies.
Opt-out: Reply STOP to any message to unsubscribe. Reply HELP for help, or contact us at hello@my-loops.com or 866-531-5667. Carriers are not liable for delayed or undelivered messages. Consent to receive SMS is not a condition of any purchase. Mobile information and consent records are not shared, sold, rented, or transferred to third parties or affiliates for marketing or promotional purposes. Loop uses A2P 10DLC registered campaigns for all SMS traffic to U.S. numbers.
5. Artificial intelligence
Loop does not currently use end-customer personal information to train third-party large language models, and end-customer data is not sent to any third-party AI provider as part of normal Service operation. We reserve the right to introduce AI-assisted features in the future. Any such feature will be disclosed before launch and, where it processes identifiable customer data, will be opt-in at the Business-account level.
6. How we share information
- Service providers / subprocessors: hosting and database (Supabase / Lovable Cloud), payments (Stripe), email delivery, and, when enabled, SMS aggregators. These providers are bound by confidentiality and security obligations and may only use data to provide the Service.
- Between Businesses: Customer accounts are scoped per Business. We do not share one Business's customer list with another Business.
- Legal: when required by law, subpoena, or to protect rights, safety, and security.
- We do not sell personal information and do not share it for cross-context behavioral advertising.
7. Retention
Account and program data are retained for the life of the Business's subscription plus a reasonable archival period for legal, tax, audit, and dispute-resolution purposes. Customers may request deletion of their personal data; see Section 9.
8. Security
We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for the production database, row-level security to isolate each Business's tenant data, hashed passwords, brute-force protection on authentication, and an append-only audit log of sensitive Business actions. No method of transmission or storage is 100% secure.
9. Your rights
Depending on your jurisdiction (including California under the CCPA/CPRA), you may have the right to access, correct, delete, port, or limit the use of your personal information, and to opt out of "sales" or "sharing" (we do neither). To exercise a right, email hello@my-loops.com from the address on file. We will respond within the time required by applicable law. We do not discriminate against users for exercising their privacy rights.
10. Children
The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
11. International users
The Service is operated from the United States. If you access it from outside the U.S., you understand that your information will be processed in the U.S.
12. Changes
We may update this Policy. Material changes will be communicated via email or in-app notice. Continued use after the effective date constitutes acceptance.
13. Contact
The Lux Agency, LLC
Email: hello@my-loops.com
Phone: 866-531-5667