LoopShift is live on iOS · Android coming soon. Download on the App Store →
LoopShift

Privacy Policy

Last updated: May 23, 2026

Our Commitment

LoopShift is built on a fundamental principle: your habit data is deeply personal, and it should stay under your control. We designed our app from the ground up to minimize data collection and maximize your privacy.

Data Storage

Personal Habit Data (Local Only)

All personal habit data — including habits, logs, urge events, check-in sessions, triggers, context notes, and rescue plans — is stored locally on your device using SQLite. This data never leaves your phone and is never transmitted to our servers or any third party.

Cloud Data (When You Create an Account)

Creating an account is optional and only required for group features and Pro subscription management. If you create an account, we collect and store the following data on our servers:

  • Email address — for authentication and account recovery
  • Display name — shown to other members in your groups
  • Group data — group memberships, group habit definitions, and automaticity scores for group leaderboards
  • Group timeline events — privacy-safe activity entries (e.g., “completed”, “resisted”) visible to group members. These never include triggers, context notes, or personal reflections.
  • Group photos & notes (Pro feature) — when you attach a photo or short note to a group habit log, it is uploaded to our servers and visible to members of that group. Group photos are not end-to-end encrypted — they are stored in a private storage bucket accessible only to authenticated group members. Photos are compressed before upload (max 1080px). A local copy is also saved on your device for your personal backup. When you delete the log, the photo is removed from both your device and our servers.
  • Subscription status — whether you have an active Pro subscription (managed via RevenueCat)

Sharing off-platform

You can share group invite links and personal milestone images off the platform (e.g., via Messages, email, or social apps) from within the app. Group invite links contain only the group’s short invite code. Milestone share images are generated on your device and never uploaded to our servers. We do not expose break-habit activity (urge counts, slips, or trigger notes) to any off-platform sharing surface.

End-to-End Encrypted Cloud Backup (Pro)

Pro subscribers can enable cloud backup, which creates an encrypted snapshot of all local data — including habits, logs, urge events, and photos (from both personal and group habits). This backup is end-to-end encrypted using AES-256-GCM with a separate backup password that you choose (this is different from your account login password). We cannot read, access, or recover the contents of your backup — only you can decrypt it with your backup password. The encrypted blob is stored on our servers and overwritten daily. If you lose your backup password, the backup cannot be recovered.

What we never collect: personal habit details, activity logs, urge intensities, trigger descriptions, context notes, coach messages, or any other sensitive habit data. Even when using group features, only your automaticity score and privacy-safe outcomes are shared — group members never see your personal activity data. Cloud backups contain your full data but are encrypted with your own password — we have zero access to the contents.

Legal Basis for Processing

We process your data under the following legal bases (GDPR Art. 6):

  • Contract performance: account creation, authentication, group features, and subscription management
  • Consent: you choose to create an account and join groups. You can withdraw consent at any time by deleting your account.
  • Legitimate interest: maintaining service security and preventing abuse

Third-Party Processors

We use the following third-party services to operate LoopShift. Each processes only the minimum data necessary:

ServicePurposeData processed
SupabaseAuthentication, group data & storageEmail, display name, group memberships, scores, timeline events, group photos, encrypted backups
RevenueCatSubscription managementEmail, purchase history, subscription status
Apple App Store / Google PlayPayment processingPayment details (we never see or store these)
CloudflareWebsite hosting, DNS & cookieless Web AnalyticsStandard web request logs (IP, user agent); aggregate Core Web Vitals and visit counts for the marketing website (no cookies, no cross-site tracking)
GoatCounterCookieless marketing website analyticsPage path visited, referrer URL, country (derived from IP then discarded), browser, OS, screen size. No cookies, no persistent identifiers, no IP storage. Used only on loopshift.app — not in the mobile app.
SentryCrash & error reportingAnonymous device metadata (device model, OS version, app version), error stacktraces. IP addresses are stripped before transmission. No habit data, names, or emails are sent.

We do not sell, share, or provide your data to any other third parties.

No Cloud AI Processing

LoopShift's coaching system is entirely rule-based and runs locally on your device. We do not use cloud-based artificial intelligence or large language models to process your personal data. This is a deliberate design choice: many users track sensitive habits related to compulsions and personal struggles, and this data should never be processed by external AI systems.

No Third-Party Analytics or Ad Tracking (in the app)

The LoopShift mobile app does not include any third-party analytics SDKs, advertising frameworks, or tracking pixels. We do not track your behavior within the app for marketing purposes. We do not sell, share, or monetize your data in any way. We use Sentry solely for crash and error reporting to improve app stability — it receives only anonymous technical diagnostics (see Third-Party Processors above), never your habit data or personal content.

Marketing website (loopshift.app): the marketing website uses two privacy-friendly, cookieless analytics tools — Cloudflare Web Analytics and GoatCounter — to understand aggregate traffic patterns (which pages are visited, where visitors came from, roughly which country). Neither sets cookies, neither stores your IP address, and neither tracks you across other websites. No analytics or tracking of any kind happens inside the mobile app itself.

Data Retention

  • Local data: stored on your device indefinitely until you uninstall the app or delete it manually.
  • Cloud account data: retained while your account is active. Permanently deleted when you delete your account (see below).
  • Group timeline events & photos: retained while the group exists. Photos are deleted when you delete the associated log. If you delete your account, all your photos are removed from our servers and your display name in past timeline events is cleared.
  • Encrypted backups: one encrypted file per user, overwritten daily. Permanently deleted when you delete your account.
  • Payment records: retained by Apple/Google and RevenueCat per their respective policies. We do not control these records.

Your Rights

Under GDPR, CCPA, and similar regulations, you have the following rights:

  • Right to access: you can view all your cloud data through the app (group memberships, scores, timeline events). Local data is already on your device.
  • Right to data portability: you can export all your local data in JSON or CSV format at any time from the app's Profile screen. This is available to all users, free and Pro.
  • Right to erasure: you can permanently delete your account and all associated cloud data directly from the app (Profile → Account → Delete my account). This removes all Supabase data including group memberships, scores, score history, timeline events, photos, encrypted backups, and tracking records, deletes your authentication record, and wipes local data. This action is irreversible.
  • Right to rectification: you can update your display name and email through your account settings.
  • Right to withdraw consent: you can delete your account at any time, which removes all cloud data.

To exercise any of these rights, use the in-app tools or contact us at [email protected].

Payment Processing

Pro subscriptions are managed through RevenueCat, which interfaces with the Apple App Store and Google Play Store. Payment information is handled entirely by Apple and Google — we never see or store your credit card details. RevenueCat receives your email address and purchase history to verify subscription status.

Data Security

Local data is protected by your device's built-in security (passcode, biometrics, encryption). Cloud data stored in Supabase uses Row Level Security (RLS) policies to ensure you can only access your own data and data from groups you belong to. All data in transit uses TLS encryption.

End-to-end encrypted: cloud backups (AES-256-GCM, password-based key derivation). We cannot access the contents.

Server-stored (not E2E encrypted): group timeline events, group photos, display names, scores. These are protected by Supabase RLS (only group members can access) and TLS in transit, but are readable by the database system.

Children's Privacy

LoopShift is not directed at children under 16 (or under 13 in jurisdictions where that is the applicable age). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

International Transfers

Our servers (Supabase) may be located outside your country of residence. By using the cloud features of LoopShift, you consent to the transfer of your data to these servers. We ensure appropriate safeguards are in place for international data transfers.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new privacy policy within the app and on this page. Your continued use of the app after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, please contact us at [email protected].