General

Thanks for using Loop! Our Terms cover your use and access to our services, client software ("Apps") and websites ("Services"). Our Service is a cloud-based work email and messaging web, mobile and desktop app that interfaces with your existing work email account (including, but not limited to, Microsoft Exchange, Office 365, Google Apps) and creates a new experience by combining email, direct and team messaging. By using our Services, you agree to be bound by these Terms of Use.

We occasionally may need to make changes to our Services without notice. Though we do our best to make the Services operate smoothly, like in any other service or software, we cannot guarantee that Loop will always run uninterrupted, or be immune from errors or bugs. In those cases, we will do all we can to fix things immediately but cannot guarantee this will always be possible.

Your Loop Account

Your account ("Account") is automatically created when you sign in to our Services by using the log-in details to your existing email account (i.e. email and password). The best way to keep your account secure is to make sure that no other person uses your Account or knows your password. Our Services are designed for work and by using our Services, you are representing that you are over 13 and that you have the legal ability to use our Services.

Your consent

By installing our Apps, you voluntarily consent to our collection, processing, transfer and use of your personal information and data in accordance to these Terms of Use.

Types of information and data we collect, store and use

We collect, store and use the following types of information and data: 1. Personally identifiable information (PII); 2. Non-personal information (NPI); 3. Your private email data including metadata and email content. Personally identifiable information Personally identifiable information (PII) is information that can be used to identify an individual person and includes information such as IP addresses, Account details, emails addresses, names, contact lists and all similar information retrieved by any other email client when accessing public email exchange information.

We collect, store, and use PII for the sole purpose of being able to deliver our Services to you.

Accounts are added to Loop through OAuth 2.0 protocol where possible. OAuth 2.0 is an open standard authorization protocol that allows third parties to access user data without needing to know or store user passwords. Also, OAuth 2.0 authentication allows users to revoke app access at any moment in app settings. If a user revokes Loop app access, our Services do not have access to any of the user data anymore.

Where OAuth 2.0 is not supported, we keep your account username and password secure in our Services. To ensure the greatest possible levels of security, user passwords are never stored in our databases. For secure storage of user credentials, we use a certified secure storage service called MS Azure Key Vault, with special purpose Hardware Security Modules (HSMs) accessed using a 2048 bit digital certificate. We then use the authorization provided to download your emails to our cloud servers and push to your device.

We use Amazon Web Services (AWS) infrastructure to store your data. Apart from AWS security policies, we take a number of measures to ensure that your data is never read by anyone else. We ensure that all transmission is secured with HTTPS so that no one else can access your data. For this, we use a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a strong cipher (AES_128_GCM) with industry standard 256 bit encryption using TLS/SSL (HTTPS). Non-personal information Non-personal information (NPI) is information which cannot be used to identify an individual person, such as technical information about your device, location, time zone, activity usage, performance metrics, configuration settings, anonymous behavioral information and other aggregated information.

Additionally, whenever you interact with our Services, we automatically receive and record ‘cookie’ information from your browser or device. ‘Cookies’ are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit these, but this may prevent you from taking advantage of some of our features.

We use NPI to customize content for you and to provide the functionality of the Services, such as email follow-ups and categorization, based on your usage patterns. We also use NPI in order to improve your user experience when using our Services. We may use internal and third party processing and analytic systems to analyze user experience, behavior and trends with NPI.

Private emails

Private emails (message headers, subject, body, attachments and other metadata) are stored by Loop's cloud service and some of that content is stored locally on your device. They are used exclusively to provide you with our Services.

You can request the deletion of your data from Loop by writing to support@intheloop.io. Email content stored locally on your device can be removed by deleting the Loop apps. Access to data Except as described elsewhere in these Terms, no Loop employees, contractors, agents or other personnel (collectively ‘Loop personnel’) will access or use your data in a manner that would identify you as an individual.

We have strict controls and processes in place which are designed to limit access to and use of your data by Loop personnel. We have technical controls and audit policies in place which are designed to ensure that any access to such data by Loop personnel is logged. All Loop personnel who may have or require access to your data as part of their services to Loop are bound to our policies regarding your data and we treat the privacy and security of your data with utmost respect.

Loop personnel may need to access your data in connection with troubleshooting or responding to a problem, system maintenance or upgrades, or other activities in the ordinary course of operating our Services. In most cases, we will notify you and ask for your permission prior to giving Loop personnel permission to access your data. However, we may access and disclose certain data if we have a good-faith belief that such access, use, preservation or disclosure of your data is reasonably necessary to:

• meet any applicable law, regulation, legal process or enforceable governmental request;
• enforce these Terms, including investigation of potential violations;
• detect, prevent, or otherwise address fraud or security issues; and/or
• protect against harm the rights, property or safety of Loop, our users or the public as required or permitted by law.

Security

Loop considers the security, confidentiality and availability of your information to be of the upmost importance. It is policy that manifests itself through all aspects of the delivery of our Services, including the infrastructure our Services run on and all Loop personnel. Loop’s approach to information security management is based on adherence to best practice methodologies such as ISO 27001, regular third-party penetration testing and close monitoring of customer security requirements.

Loop is a web, mobile & desktop email client that works with other email providers (Gmail, Office 365 and Microsoft Exchange accounts). In order to send and receive user emails, our Services need to have access to user email accounts.

When you log into your email account through our Services, you are granting Loop permission to securely access the information contained in or associated with that account. The whole process is similar to connecting any other email client.

In order for our Services to achieve this, we need to store user email account access tokens:

• For services that support it (i.e. Gmail), Loop uses OAuth 2.0, which is an open standard authorization protocol that allows us to access you email data without needing to know your password. This helps keep your information as secure as possible. We never know or store your passwords on our servers. With OAuth 2.0 authentication, our Services use application specific tokens that you can revoke at any moment in the app settings. If you revoke our access to your email account, our Services do not have access to any of your data anymore.
• When OAuth 2.0 authentication is not available (i.e. hosted Exchange), the access token is composed of your email username and password. To ensure the greatest possible levels of security, we never store user passwords in our databases. For secure storage of user credentials our Services use a certified secure storage service called MS Azure Key Vault with special purpose Hardware Security Modules (HSMs) accessed using a 2048 bit digital certificate.
• To provide our services, Loop stores personal information, including user's email address and contents of user's emails that may include but is not limited to, attachments, documents, images and videos. We limit access to personal data to only those employees, contractors and service providers who we believe reasonably need access to that information for operating our Services. We have physical, electronic, and procedural safeguards that are designed to comply with regulations to protect user personal data.

To ensure safe and reliable operations of our Services, we rely on the most advanced and secure solution available in the industry – Amazon Web Services (AWS). Apart from AWS security policies, we encrypt all data between the client and our service. For client encryption and authentication, we user a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a strong cipher (AES_128_GCM) with industry standard 256 bit encryption using TLS/SSL (HTTPS).

Third party services

We make efforts to engage with third parties that post a privacy policy governing their collection, storage, processing and use of PII and NPI. Such service providers include, without limitation, and subject to change, Amazon Web Services (AWS), Microsoft Azure KeyVault, Fabric, Sentry, Mixpanel, NetResults, Zendesk, MailChimp, and Google Analytics. Please read their terms of use and privacy policies to better understand their privacy practices.

License

As long as you comply with these Terms of Use, we grant you a personal, nonexclusive, non-transferable and fully revocable license to download and use our Apps for your internal, non-commercial, email use and for no other purpose. Acceptable use and conduct You are solely responsible for your conduct and your data related to our Services. You agree to indemnify, defend, and hold harmless Loop and its suppliers from any and all loss, cost, liability, and expense arising from or related to your data, your use of our Services, or your violation of these Terms.

Our Services are made available to you only for your personal or internal business use, which must be in compliance with all applicable laws, rules and regulations and must not infringe or violate third party rights. You may not make commercial use of our Services, including but not limited to selling or distributing our Services to any third party.

You may not register with Loop Services using existing email account information that you do not have the right to use, or another person’s existing email account information with the intent to impersonate that person. You represent and warrant that you are of legal age to form a binding contract (or if not, you have received your parents’ or guardian’s permission to use our Services and gotten your parent or guardian to agree to these Terms on your behalf).

If you are agreeing to these Terms on behalf of an organization or entity, you represent and warrant that you are authorized to agree to these Terms on that organization or entity’s behalf and bind them to these Terms (in which case, the references to “you” and “your” in these Terms, except for in this sentence, refer to that organization or entity). You will only use our Services in a manner that complies with all laws that apply to you.

You further represent, warrant, and agree that you will not use our Services or interact with our Services in a manner that:

• infringes or violates the intellectual property rights or any other rights of anyone else (including Loop);
• violates any law or regulation;
• is harmful, fraudulent, deceptive, threatening, harassing, defamatory, obscene, or otherwise objectionable;
• jeopardizes the security of your or anyone else’s Loop Account;
• violates the security of any computer network, or cracks any passwords or security encryption codes;
• runs Maillist, Listserv, any form of auto-responder or “spam” on our Services, or any processes that run or are activated while you are not logged into our Services, or that otherwise interfere with the proper working of our Services (including by placing an unreasonable load on the infrastructure of our Services);
• attempts, in any manner, to obtain Loop account information of any other user;
• uses our API in an excessive or abusive manner or run denial-of-service attacks;
• reports to support@intheloop.io any knowledge of any actual or potential security vulnerability in our Services;
• “crawls,” “scrapes,” or “spiders” any page, data, or portion of or relating to our Services (through use of manual or automated means);
• decompiles, reverse engineers, or otherwise attempts to obtain the source code or underlying ideas or information of or relating to our Services.

Any violation of any of the aforementioned is grounds for termination of your right to use or access our Services. Any unauthorized use of any Loop Services is a violation of these Terms and such violations may subject the unauthorized user and his or her agents to civil and criminal penalties.

Pricing

Loop Services are currently free. We reserve the right to charge for our Services in the future. We will notify you a reasonable period before any of our Services you are using begin carrying a fee. Changing these Terms We are constantly trying to improve our Services, so these Terms may change occasionally too. We reserve the right to change the Terms at any time. When we do, we will update the date to make it clear that a new version has been created and we will bring the update to your attention in a timely manner by sending you an email or by some other means within the app.

If you don’t agree with the new Terms, that unfortunately means that you will no longer be able to use our Services. Continued use of Services after a change to the Terms is effective means that you agree to any changes made to the Terms. Termination You are free to stop using our Services at any time. We reserve the right to suspend or terminate the Services at any time at our sole discretion and without notice (if you fail to comply with these Terms of Use for example). Once your use is terminated (by you or us) your right and license to use our Services terminates and you must delete any and all of our Apps. Disclaimer To the fullest extent permissible by law, our Services are provided on an ‘as is’ basis and Loop, including its agents, vendors, officers, shareholders, subcontractors, directors, employees, subsidiaries and suppliers (collectively Loop representatives), disclaim all warranties of any kind. You agree that your use of our Services is entirely at your own risk. Limitation of Liability To the fullest extent permissible by law, Loop or its representatives shall in no event be liable for any damages or losses whatsoever, including, but not limited to, direct, indirect, special, punitive, incidental or consequential damages. This includes without limitation loss of data, goodwill, profits or business interruptions and regardless of whether Loop or its representatives have been advised of such a possibility.

The total liability for any damages arising under these Terms of Use by Loop or its representatives shall be limited to the amount actually paid by you to Loop or its representatives or £1.00, whichever is greater. Legal Loop's failure to enforce these Terms of Use is not a waiver of its right to do so later. If any provision is found unenforceable, that provision shall be limited or eliminated to the minimum extent necessary, so that these Terms of Use shall otherwise remain in full force and effect while most nearly adhering to the intent expressed herein. You may not assign or transfer any right or obligation under these Terms of Use without our prior written consent and any attempt to do so shall be void. We may assign or transfer these Terms without restriction or notification.

These Terms of Use are to be interpreted according to the laws of the United Kingdom.