Close

Privacy for Humans

Howdy there!

At Loom, our users’ privacy is at the core of our decision making. We provide a service that changes the way we work and allows us to be more expressive and informative in our daily work communication. Sensitive information may pass through our systems, and we don’t take that lightly.

We have created this page to show you how our systems use your data. For more information about how we use personal data, please view our Privacy Policy.

Where does my data go within Loom?

Text-based Data

Your text-based data is comprised of things like your name, notifications, password, linked accounts like Google and Slack, video names, comments, transcripts, and so on. The majority of this data is stored on an encrypted database at both rest and in-transit within AWS. This server is behind a VPC that only privileged servers have access to (such as our backend application servers). Some of this data is encrypted and sent to our caching layer where it is also encrypted at-rest. This caching layer is also behind a VPC and is additionally not accessible between data centers within AWS.

Image and Video Data

This includes your avatars, videos and thumbnails. These files are stored on our encrypted S3 buckets, which can only be accessed by certain robots and engineers within our organization who have special access.

In order to speed up delivery of your videos to your computer, we utilize our CDN. Our CDN makes use of signed URLs. The CDN URL is not your video page URL. Your video page URL stays the same no matter what, but your CDN URL is the URL that actually delivers the video content.

When we sign these CDN URLs, we have complete control over deciding to not issue a URL to someone who requests it. Basically, even if you understand where a video is located on our CDN, you will not be able to access that URL unless you have the URL signed by us. This is how our password-protected videos work. In this case, we only give you a valid signed URL to view/download if you’ve provided the proper password. An additional benefit to signed URLs is that they expire, so old links will not be usable after some amount of time and you will then need to be issued a new one to access the same content.

Where does my data go outside of Loom?

We only send data to trusted third-party systems that are subject to strict privacy and security controls. We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t agree with or understand our reasoning, please email us at privacy@loom.com. If you do not agree with your data going to a specific system, deleting your Loom account will permanently delete all of your data from all our systems. If you participate in a Loom Business or Loom Enterprise account, only the Loom account administrator at your organization can delete your data.

For folks coming to figure out GDPR compliance, the following third-party services act as data processors for us. When we work with these service providers in our capacity as a data processor for our customers' personal data, the General Data Protection Regulation (GDPR) calls these third-party service providers a sub-processor. A subprocessor is a third party data processor engaged by Loom who may have access to or process personal data: (i) on behalf of Loom customers; (ii) in accordance with customer instructions as communicated by Loom; and (iii) in accordance with the terms of a written contract between Loom and the subprocessor.

Subscribe to an RSS feed to be notified when we add new Loom subprocessors (note: you may need to cut and paste the "Subscribe to an RSS feed" URL into an RSS Feed Reader to monitor updates).

☁️ Amazon Web Services (AWS)

Location: United States
Nature of Processing: Cloud hosting services and storage
What: AWS is the cloud provider we use at Loom to run our service. AWS processes, hosts, and stores your account and the videos you record with us.
Why: AWS provides Loom with a reliable, scalable, and secure global computing infrastructure. In addition, AWS data centers have rigorous security, physical, and environmental controls to ensure these risks are mitigated. We leverage AWS services so we can continue focusing on providing our users the best recording experience.

 

👤 Clearbit

Location: United States
Nature of Processing: Data enrichment service
What: Clearbit is an enrichment API. Clearbit uses your email and scrapes public web profiles (e.g. LinkedIn, Twitter, etc.) to figure out core demographic information about you. We use Clearbit to:

  1. Pre-fill your welcome screen on-boarding to make signup easier. You can always change and update your persona or use case from this flow.
  2. Pre-fill your videos dashboard with a "How to Use Loom" folder with relevant use cases.
  3. Tying your persona to anonymous data points within our analytics dashboards so we can better understand which features of our platform are being used by different individuals and how we might build on top of these features to better serve you.

🤖 Segment

Location: United States
Nature of Processing: Data analytics distribution service
What: Segment is a data pipeline service that lets us send data to the other third-party services listed here in a standardized way and ensures this data does not get lost.
Why: Our core competency at Loom is ensuring workplace communication happens more effectively and humanely. With that being said, we’re a small team, and data pipelines certainly are not our core competency, so we let our friends at Segment do the heavy lifting in ensuring our data gets to where it needs to go (analytics services, Intercom and the like). Since this data goes to other services where we need your information (such as analytics platforms), personal data invariably gets passed through Segment.

🗒️ OpenAI

Location: United States
Nature of Processing: Instant transcription and audio intelligence service
What: OpenAI allows us to automatically provide transcription-based intelligence and automation features. OpenAI only receives transcription text files, and not full videos or audio. According to OpenAI’s policy, they do not use Loom’s data to train their models, and they retain the transcripts that we send them for a maximum of 30 days. Users may opt out of having their data sent to OpenAI if they wish by contacting support@loom.com.
Why: Transcription-based intelligence helps us create value for users by summarizing and interpreting the information that was spoken in a Loom, making it more efficient for viewers to consume.

📥 Mailchimp

Location: United States
Nature of Processing: Transactional email service
What: Mailchimp is a messaging and marketing platform which allows us to communicate a variety of transactional emails and product updates via email with our users.
Why: Mailchimp is designed to help communicate important account updates that are core to our recording experience. These emails include communicating topics such as video interactions, account information, and new product features.

🚦 OneSignal

Location: United States
Nature of Processing: Notifications service
What: OneSignal is a notifications service. We use OneSignal to send notifications to our Android and iOS application users.
Why: It is critical for our mobile users to know when their videos were engaged with. We send User IDs and relevant content such as video titles and comment content to OneSignal so our users can preview the engagement on their mobile device.

☎️ Zendesk

Location: United States
Nature of Processing: Customer support service
What: Zendesk is a customer ticketing system, or help desk system, which allows us to track, prioritize, and solve customer support requests. Zendesk allows our Support team to assist our community in many different ways; email, webform, chat and others.
Why: Zendesk has helped us nurture customer relationships with personalized, responsive support. It also allows us to have tool which centralizes customer support request and inquiries to ensure our customers receive the best response.

✏️ PartnerHero

Location: Honduras, Romania, South Africa, Spain, Philippines, Portugal
Nature of Processing: Customer support services
What: PartnerHero provides outsourced customer support services. PartnerHero helps our Support team increase staff as support volume grows by offering pay-as-you-go, dedicated service teams, and full-time employees. In addition, PartnerHero may be provided access to user data, such as a user’s account or videos, for the purposes of handling support requests.
Why: PartnerHero has enabled us to offer personalized support to all Loom users, regardless of their pricing tier. By partnering with PartnerHero, we’ve been able to assist the Loom community at scale by offering a support experience available 24/7 globally focused on responsiveness, quality and customer satisfaction.

🐦 Sentry

Location: United States
Nature of Processing: Error logging service
What: Sentry is used as our error logging platform. We use Sentry to capture errors throw within our Service to better understand and resolve issues in real-time.
Why: No one likes bugs! Data sent to Sentry includes IP addresses and User IDs. We grab your IP to get a general location the error is happening in and potentially pin-down bugs that have to do with timezones. We send your user ID so we can more quickly search and diagnose issues surfaced by our users in our customer support panel.

🐕 Datadog

Location: United States
Nature of Processing: Infrastructure monitoring service
What: Loom uses Datadog for infrastructure monitoring and analytics.
Why: We use Datadog for logging, monitoring, and observability to understand how our service is performing. Datadog logs may include user and video metadata to help us investigate potential issues and ensure our users have the best experience across all our clients.

🖥️ Atlassian

Location: Australia, Canada, France, Germany, India, Japan, Netherlands, New Zealand, Poland, The Philippines, South Korea, Turkey, United Kingdom, United States
Nature of Processing: Providing Loom services
What: Atlassian provides technical services and customer support for Loom customers.
Why: Atlassian acquired Loom through a business acquisition.

Who has access to what within Loom?

Our Support team may be provided access to user data, such as a user’s account or videos, for the purposes of handling support requests.

Our technical team can be granted temporary access to our servers, video and thumbnail storage layers. This is only for debugging or development purposes. Each engineer has a unique key that identifies them within our systems. All actions are logged for 6 years. If their key is compromised, we have an instantaneous way of expiring that key, checking if their key was used by an outsider, and processes to remedy such situations and alert the affected user base.

How can I export my data?

Videos: You can export all of your video data by downloading each individual video.

Text-based Data: Your user information, folders and video metadata, comments, comment replies, and emoji reactions can be exported using the "Get my Data" button in your account settings.

If you ever want to delete your data, deleting your account will permanently delete all of your data off our systems.

Useful Vocabulary

🔒 Encrypted

Encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images and text) are encrypted at-rest and in-transit across all systems.

🏃 In-transit

Your data is being sent from one location to another (usually one server/computer to another).

🛌🏾 At-rest

Your data is physically being stored on a device (usually a server).

🕳️ S3 Bucket

This is where we store larger (usually media) files such as images and videos.

⚡ Cache Layer

A group of servers that uses faster storage for the purpose of being able to retrieve it faster.

🤝 Database

This is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: "what is a user?", "does a user own one or many videos?", "could you get me a list of all of this user's comments?"

🔥 VPC

A firewall that blocks access to a server or group of servers only to users/robots that have the proper permissions.

🌐 CDN

A CDN (Content Delivery Network) is a network of computers around the world whose purpose is to store data as close as possible to the downloader to speed up delivery of media.

🤖 AWS

Short for Amazon Web Services. This is the cloud provider we use at Loom that allows us to rent storage and compute capacity from their data centers. 

Stay informed

Subscribe to receive notifications from us about updates to our legal terms (including our legal policies) and our list of sub-processors.