Last Updated: September 2025

About Loopio

Loopio Inc., together with Loopio UK Ltd., Loopio India Software Private Limited, and all other affiliates and subsidiaries (collectively, “Loopio”), is a group of privately held companies that provides a software-as-a-service (SaaS) platform (the “Services”). The Services help organizations curate, review, maintain, and access a centralized content library used to respond to Requests for Proposals (RFPs), Requests for Information (RFIs), Due Diligence Questionnaires (DDQs), and Security Questionnaires (SQs).

Loopio respects your privacy and is committed to protecting the privacy and security of Personal Data in accordance with the practices set out below. For purposes of this Policy, “Personal Data” is defined as any information relating to an identified or identifiable natural person, as may be defined, or limited under applicable privacy legislation.

Scope

This Privacy Policy (this “Policy”) is intended to describe how we collect, use, store, and share Personal Data from prospects, customers, suppliers, business partners, website visitors, candidates and other individuals (collectively “User”, “you”, or “your”) to manage our relationship with you and fulfill our obligations to you through the use of the Services (as defined below) and/or your interactions with Loopio. This Policy also describes your rights regarding the Personal Data that you provide us and how you can withdraw consent, and access, correct, and request erasure of your Personal Data.

We are committed to protecting your Personal Data and handle it in compliance with applicable privacy laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK Data Protection Act, the Information Technology Act, 2000 (together with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011), and the California Consumer Privacy Act of 2018 (“CCPA”).

By accessing or using our Services, visiting our websites (including downloading content), registering for an event we host, applying for a role with us, or otherwise interacting with us, you acknowledge and agree that your Personal Data may be collected, used, and shared as described in this Policy. If you do not agree with any part of this Policy, please refrain from providing us with your Personal Data.

What We Collect

To provide you with our Services and fulfill our contractual obligations, we may collect, store, transfer, and use the following categories of Personal Data:

• General Contact Information: Your first and last name, username (or similar identifier), business billing address, business telephone number, job title, and business email address.
• Technical Information: Data such as cookies, (see below for more information), full or partial Internet Protocol (IP) addresses used to connect your device to the Internet, login credentials, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.
• Non-Personal Usage Information: Details of your interactions with our websites, including full URLs, clickstream data (to, through, and from our site, including date and time), pages viewed or searched for, page response times, download errors, duration of visits, page interaction data (e.g., scrolling, clicks, and mouse-overs), and navigation methods used to leave the website.
• Recruitment Information: Information you provide when applying for a role, such as your resume/CV, cover letter, employment history, education background, and any publicly available social media information or professional platform profiles you choose to share.
• Financial Information: Payment details such as bank account, credit card, debit card, or other payment method information, where required for processing transactions related to our Services.
• Other Information: Passwords created for accessing our Services and related recovery information.

Our Role

In connection with Loopio’s provision of the Services:

• You are the “Data Controller”, meaning you determine the purposes and means of processing Personal Data when using the Services.
• Loopio is the “Data Processor”, meaning we process Personal Data on your behalf to deliver the Services.

If you upload or otherwise provide Personal Data in connection with your use of the Services, you are responsible for ensuring that:

• Your use of the Services complies with all applicable privacy laws;
• You have provided all necessary notices, obtained all required consents, and have the lawful authority to share such Personal Data with Loopio; and
• You do not provide Loopio with any sensitive Personal Data (as defined under applicable laws), unless explicitly agreed otherwise.

Where the California Consumer Privacy Act (CCPA) applies:

• You will be considered the “business” and
• Loopio will act as the “service provider” as defined under the CCPA.

If you are applying for a job with Loopio or otherwise engaging with us outside the context of the Services (e.g., by visiting our website), you will similarly be considered the Data Controller, and Loopio the Data Processor with respect to any Personal Data you provide.

How Your Personal Data is Collected

We use different methods to collect your Personal Data, such as directly from you when you access our website, subscribe to our Services, apply for a job with us or otherwise interact with us.

We may also collect Personal Data from you indirectly when you interact with our website by using cookies, server logs and other similar technologies. This may include Technical Information about your equipment, browsing actions and patterns from (i) third-party analytics providers (such as Google based outside the EU) and (ii) search information providers (such as Google based outside the EU). We may also collect Contact Information from publicly available sources.

We collect Personal Data through a variety of methods, including:

• Direct interactions: You may provide Personal Data directly to us when you access our website, subscribe to our Services, apply for a position with us, or otherwise communicate or engage with us.
• Automated technologies: We may collect certain data automatically as you interact with our website through the use of cookies, server logs, and similar technologies. This may include Technical Information about your device, browsing behavior, and usage patterns. Such data may be collected from:
  • Third-party analytics providers (e.g., Google, which may be based outside the EU); and
  • Search information providers (e.g., Google, also potentially based outside the EU).
• Public sources: We may also collect Contact Information from publicly available sources where permitted by law.

How We Use Personal Data

We use your Personal Data to provide and improve our Services, communicate with you, support business operations, deliver relevant marketing, and-where applicable-consider you for employment opportunities. We also use your data to help ensure compliance with our legal obligations and to protect the integrity and security of our systems and users.

Examples of how we may use your Personal Data include:

• To deliver & manage our Services:
  • Present and maintain our website, and provide the information, products, services, and support you request.
  • Fulfill contractual obligations and enforce our rights, including for billing, collections, and customer support.
  • Fulfill the purposes for which the data was provided or as described at the time of collection.
  • Notify you about updates to our website, Services, or relevant policies.
  • Ensure the website is displayed optimally for your device and user preferences.
• To operate & improve our business:
  • Administer and enhance our website and internal operations, including troubleshooting, data analysis, testing, research, statistics, and surveys.
  • Improve our products, services, customer relationships, and user experiences.
  • Enable participation in interactive features, such as social media tools or feedback forms.
  • Analyze and measure the effectiveness of marketing and advertising campaigns.
  • Deliver personalized content, product recommendations, and relevant advertisements.
• For recruitment and employment purposes:
  • Review and respond to job applications.
  • Evaluate your qualifications and suitability for current or future roles at Loopio.
• For legal, safety, and compliance purposes:
  • Comply with applicable laws and regulations, including those related to anti-money laundering (AML) and sanctions screening.
  • Respond to lawful requests, subpoenas, court orders, or other legal processes.
  • Protect our rights, privacy, safety, and property, as well as those of our users and third parties.
  • Audit internal processes to ensure compliance with legal and contractual requirements.
  • Enforce the terms governing the use of our Services.
  • Prevent, detect, investigate, and mitigate fraudulent, unauthorized, unethical, or illegal activity, including cybersecurity threats and identity theft.
• Use of generative Al technologies:
  • We may use generative Al (“GenAI”) technologies, such as large language models (LLMs), to enhance and deliver certain features in our Services. These technologies are deployed under strict data protection controls to safeguard customer content, Personal Data, and proprietary information.
• For other disclosed or consented purposes:
  • We may use your Personal Data for any additional purpose disclosed at the time of collection or with your explicit consent.

Use of GenAI

Any Personal Data processed by GenAl tools is handled in accordance with this Policy and all applicable data protection laws.

When engaging third-party Al providers, Loopio ensures appropriate contractual safeguards and technical measures are in place to protect your information. We do not use Al tools to make automated decisions that produce legal or similarly significant effects without human review.

We may also use GenAl technologies, such as large language models (LLMs), to enhance and deliver specific features within our Services. These technologies are used under strict data protection protocols to help safeguard customer content, Personal Data, and proprietary information.

Use of GenAI GenAI in Recruitment

We may also use GenAI tools, including generative AI, to support and streamline aspects of our recruitment and hiring processes. These tools may assist with:

• Reviewing candidate materials (e.g., resumes and cover letters)
• Generating structured interview questions
• Summarizing interviewer notes
• Drafting communications to candidates
• Analyzing feedback to improve our hiring processes

Where GenAI tools are used in the recruitment process, they may process Personal Data that you voluntarily provide (e.g., your name, work history, or interview responses). However, these tools do not make hiring decisions or evaluations independently, all hiring decisions are made by human reviewers.

We partner only with reputable GenAI service providers and implement safeguards to ensure that your Personal Data is processed lawfully, fairly, and securely. We do not use AI in any way that would result in decisions with legal or similarly significant effects on you without meaningful human involvement.

If you have questions about our use of Gen AI in the hiring process, or if you would like to request human review or object to AI-assisted processing, please contact us at privacy@loopio.com.

Sharing of Personal Data

We will only share your Personal Data with third parties when required by law or where necessary to manage our relationship with you. This includes sharing with our employees, contractors, authorized agents, and trusted third-party service providers who need access to your data to deliver services to us or on our behalf.

These third-party service providers may include, but are not limited to, those who:

• Host or maintain our website and IT infrastructure
• Store or back up data
• Provide customer support or process payments
• Deliver data analytics or reporting services
• Conduct surveys or gather user feedback.

We will not publish or publicly disclose your Personal Data without your specific consent. Furthermore, third parties with whom we share your data are not permitted to disclose it further without our prior authorization.

We may disclose your Personal Data in the following circumstances:

• Within the Loopio Group: To support the purposes outlined in this Policy, fulfill our obligations or exercise our rights, and enable internal reporting and business operations.
• To comply with legal obligations: When required to respond to lawful requests such as subpoenas, court orders, or search warrants. In such cases, we will take reasonable steps to disclose only the minimum necessary Personal Data.
• In emergency situations: Where disclosure is necessary to protect the safety or vital interests of an individual.
• Publicly available information: Where the data is already publicly accessible.
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where Personal Data may be transferred as part of the transaction.
• With your consent: For any additional purposes, where your consent is required under applicable privacy laws.

Children’s Personal Data

Loopio’s Services, including our website, and web and mobile applications, are not directed to children. We do not knowingly collect Personal Data from individuals who are under the age permitted by applicable data protection laws in the relevant jurisdiction.

If a parent or guardian becomes aware that their child, who is younger than the minimum legal age in their jurisdiction, has provided us with Personal Data without their consent, they should contact us at privacy@loopio.com. Upon becoming aware of such a situation, we will take reasonable steps to delete the information from our records.

Marketing Preferences

Where our processing of your Personal Data is based on your consent, you have the right to withdraw that consent at any time without detriment. To do so, please contact us at privacy@loopio.com. You may also update your marketing preferences at any time by emailing us at the same address.

Visiting Our Website

When you visit our website, we automatically collect your Internet Protocol (IP) address along with related technical information such as browser type, operating system, page requests, and the average time spent on our site. This information helps us understand website usage patterns and improve the functionality and performance of our site.

Use of Cookies & Similar Technologies

Our website uses cookies and similar technologies (such as device IDs, in-app codes, pixel tags, and web beacons) to enhance your experience, improve site performance, and support our services. A cookie is a small data file that is sent to your browser and stored on your device, allowing us to recognize you when you return and tailor the website to your preferences.

We use the following types of cookies:

• Strictly necessary cookies: Required for the website to function (e.g., to manage your session or remember your cookie preferences). These cannot be switched off.
• Performance Cookies: Help us understand how visitors use the website so we can improve it.
• Functionality Cookies: Remember your choices and personalize your experience.
• Targeting Cookies: Used by us and our third-party partners to deliver relevant advertising.

Your Choices:

• On your first visit, you will be asked to ‘opt-in’ through our cookie banner and “Allow” the cookies you select. Except for strictly necessary cookies, we will not place cookies on your device unless you choose to “Allow All”.
• You may update or withdraw your consent at any time by ‘opting out’ under the “Manage Consent Preferences” tab and “Rejecting” the cookies you do not want collected.
• You can also manage or block cookies through your browser settings. Please note that if you disable certain cookies, some features of the website may not function properly.

Analytics

We may use third-party analytics providers, such as Google Analytics, to collect and analyze information about your use of our website. This includes data such as pages visited, time spent on each page, search queries, and general engagement metrics. These providers may use cookies and other tracking technologies to deliver these services.

These providers are responsible for how they use the data they collect. To prevent Google Analytics from collecting and processing your data (including your IP address), you can install the opt-out browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en

For more information about how Google uses data and protects your privacy, please see:

• Google’s Partner Sites Policy
• Google Analytics Help Center

Interest-Based Advertising

Online Advertising & Third-Party Links

We may work with third parties, including advertising networks and social media platforms, to deliver targeted advertisements on other websites and apps (including social media sites). These third parties may use technologies such as cookies, tracer tags, or web beacons to collect information about your activity on our website and across other digital properties. This may include the pages you visit, your interactions with our content and ads, and other online behaviors.

This information helps us and our partners:

• Understand your preferences
• Deliver more relevant ads on and off our website (including on social media platforms); and
• Measure the effectiveness of our advertising campaigns and refine marketing strategies.

Opting Out of Interest-Based Advertising

If you choose to opt-out of targeted advertising, you may still see Loopio ads online, but they will not be tailored based on your browsing behavior.

• To successfully opt-out, cookies must be enabled in your web browser.
• Your opt-out will only apply to the specific browser and device you are using at the time.
• and if you clear your cookies, you will need to repeat the opt-out process.

Refer to your browser’s help documentation for more information on managing cookies and tracking settings.

Third-Party Websites

Our website may contain links to third-party websites that are not owned or operated by Loopio. These links are provided for your convenience only and do not constitute an endorsement or referral.

Please be aware that Loopio does not control, and is not responsible for, how these third parties collect, use, disclose, or secure your Personal Data. These external websites are governed by their own privacy policies, terms of use, and data practices. We do not control and are not responsible for how these third parties collect, use, disclose, or secure your personal data. We strongly encourage you to review their policies before providing any information or engaging with their websites.

Social Media Features & Integrations

When you interact with Loopio content via third-party social media platforms, plug-ins, or applications, we may access certain information from your social media account—such as your name, username, email address, profile picture, or gender—depending on your privacy settings on those platforms.

We may use this information to:

• Personalize your experience on our website or affiliated social channels;
• Respond to your inquiries or requests; and
• Provide content or offers that are more relevant to your interests.

Data Security

We implement appropriate and reasonable physical, technical, and organizational security measures to protect your Personal Data from accidental loss, unauthorized access, use, alteration, or disclosure. Access to Personal Data is restricted to employees, agents, contractors, and third parties who have a legitimate business need to access such data and are subject to confidentiality obligations.

Cross-Border Transfers

Where permitted by applicable law, we may transfer your Personal Data to the United States or other jurisdictions as necessary to provide our Services and for the purposes outlined in this Policy.

We make reasonable efforts to ensure that any organization to which we transfer Personal Data upholds a level of data protection comparable to that provided by Loopio. However, such transfers are subject to the legal requirements of the destination jurisdiction, which may include lawful obligations to disclose data to law enforcement or government authorities.

We take all reasonably necessary steps to ensure that appropriate safeguards are in place-such as reliance on legally recognized data transfer mechanisms-to ensure your Personal Data is treated securely and in accordance with this Policy and applicable laws.

Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, or regulatory requirements, unless otherwise permitted or required by applicable law.

In some cases, we may anonymize your Personal Data so that it can no longer be associated with you (“Anonymized Data”). This data no longer identifies you and may be used for any legitimate business purpose without further notice or consent. We use Anonymized Data to help us understand, develop, improve, and market our Services, and we may share it with third parties as permitted by law.

Your Rights: Access, Correction, Erasure, & Objection

We are committed to ensuring the accuracy and completeness of the Personal Data we hold about you. Please notify us of any changes to your information so we can keep it current.

Under applicable data protection laws, you may have the right to:

• Access the Personal Data we hold about you;
• Request correction of inaccurate or incomplete data;
• Withdraw consent where processing is based on consent;
• Request deletion of your data under certain circumstances.

If you are no longer an active customer or user, we may require you to provide additional information to verify your identity before responding to your request.

In some cases, applicable law may allow or require us to deny your request, for example, if:

• Providing access would breach another individual’s privacy;
• The data has already been anonymized or deleted in accordance with our retention policies; and
• We are legally prevented from doing so.

If we are unable to fulfill your request, we will inform you of the reason(s), subject to any legal or regulatory limitations.

To exercise any of your rights, please contact us at privacy@loopio.com.

Right to Withdraw Consent

If you have provided consent for the collection, use, or disclosure of your Personal Data, you have the legal right to withdraw that consent at any time, subject to legal or contractual restrictions. To do so, please contact us at privacy@loopio.com.

Data Privacy Officer

Loopio has appointed Neetu Toor, our General Counsel, as the company’s Data Protection Officer (DPO). The DPO is responsible for overseeing compliance with this Policy and addressing any questions you may have regarding our handling of Personal Data.

If you have questions about this Policy, our privacy practices, or would like to request access to your Personal Data, please contact us at privacy@loopio.com.

If we are unable to resolve your inquiry or concern to your satisfaction, you may contact your local data protection authority. For example, in the EU, you may refer to the list of authorities available here.

Compliance & Policy Violation

Compliance with this Policy is mandatory. Any actual or suspected violations must be reported promptly to Loopio’s Legal Department. We strictly prohibit retaliation against individuals who report concerns in good faith. Violations of this Policy may result in disciplinary action, including suspension or termination of employment or third-party agreements, as appropriate.

Changes to this Policy

We reserve the right to update this Policy at any time to reflect changes to our privacy practices. If material changes are made, we will notify you by updating the “Last Updated” date at the top of this Policy and posting the revised version on our website or other Services. Where appropriate, we may also notify you via email or other reasonable means.

We encourage you to review this Policy periodically to stay informed about how we protect your Personal Data.

Contact Us

If you have any questions, concerns, or comments about this Policy or the way we manage your Personal Data, please contact Loopio’s Legal Team at privacy@loopio.com.