Privacy Policy

Last updated: May 31, 2026

1. Data Controller

Looming is operated by Fashion Node Studio. We are the data controller responsible for your personal data. For privacy-related inquiries, contact us at [email protected].

2. Data We Collect

• Account Information: Email address, display name, and authentication credentials.
• Payment Information: Processed and stored exclusively by Paddle (our Merchant of Record). We do not store credit card numbers or bank details.
• Usage Data: Feature usage patterns, session duration, and interaction data to improve the platform.
• Uploaded Content: Design images, sketches, and reference materials you upload for AI processing.
• Technical Data: Browser type, device information, IP address, and access timestamps.

3. How We Use Your Data

• To provide and maintain the Looming platform and its features.
• To process your subscription and manage your account.
• To improve our AI models and platform performance (aggregated, anonymized data only).
• To communicate service updates, security alerts, and support responses.
• To comply with legal obligations.

4. Data Storage and Processing

• Cloudflare: CDN delivery, Workers for serverless compute, and edge caching.
• Paddle: Payment processing, invoicing, and tax compliance.
• fal.ai: AI image generation processing. Uploaded images are processed transiently and not retained after generation.
• SiliconFlow: AI language model inference for design assistance features.

5. Third-Party Services

We share data with the following third parties only as necessary to provide our service:

• Paddle — Payment processing and Merchant of Record services.
• Cloudflare — Content delivery, security, and serverless infrastructure.
• fal.ai — AI image generation and processing.
• SiliconFlow — AI language model services.

6. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

• Access — Request a copy of all personal data we hold about you.
• Rectification — Correct any inaccurate personal data.
• Erasure — Request deletion of your personal data ("right to be forgotten").
• Data Portability — Export your data in a machine-readable format.
• Restriction — Restrict processing of your personal data in certain circumstances.
• Objection — Object to processing based on legitimate interests.

To exercise any of these rights, contact [email protected]. We will respond within 30 days.

7. Cookies and Local Storage

Looming uses only essential cookies and localStorage for:

• Authentication session management.
• Saving your workspace preferences and settings.
• Maintaining application state between sessions.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Data Retention

• Account data is retained for the duration your account remains active.
• Upon account deletion, all personal data is permanently erased within 30 days.
• Anonymized, aggregated usage statistics may be retained indefinitely for service improvement.
• Payment records are retained by Paddle in accordance with their legal obligations.

9. GDPR Compliance

We are committed to compliance with the General Data Protection Regulation (GDPR). Our lawful bases for processing include: contract performance (providing the service), legitimate interests (improving the platform), and consent (where specifically requested). For users in the European Economic Area, data transfers outside the EEA are protected by appropriate safeguards.

10. Data Security

We implement industry-standard security measures including encryption in transit (TLS), secure authentication, and access controls. However, no method of transmission over the Internet is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect.

12. Contact

For privacy-related questions or to exercise your data rights, contact us at [email protected].