Privacy Policy
Effective Date: May 1, 2026 · Last Updated: May 1, 2026
This Privacy Policy describes how Blueberry Consultants FZCO ("Loomlock," "we," "us," or "our") collects, uses, stores, shares, and protects your information when you use the Loomlock mobile application, related software, NFC features, social features, journaling tools, and associated physical devices and services (collectively, the "Service").
This Policy works alongside our Terms of Service. Capitalized terms not defined here have the meanings given in our Terms.
Privacy-first by design. Loomlock is engineered so that the most sensitive parts of your activity — including your specific app restrictions, journal entries, plan details, and session history — stay on your device. We collect the minimum information needed to operate the parts of the Service that require a server.
At a Glance
- Most of your data stays on your device. Plans, sessions, journals, and habit history are stored locally on your phone.
- We do not see which apps or websites you choose to restrict. Apple's privacy framework prevents us from doing so.
- We do not sell your personal information.
- We do not use your data for advertising.
- We collect account information, basic analytics, and limited social-feature data on our servers — that's it.
- You can request access, correction, or deletion of your data at any time.
- The Service is for adults 18 and older.
Section 1
Who We Are and How to Reach Us
Loomlock is the data controller responsible for your personal information. Loomlock Email: support@loomlock.com Address: Blueberry Consultants FZCO, PO Box 942577, United Arab Emirates For data subject requests, regulatory inquiries, or data protection questions, use the email above.
Section 2
Age Requirement
The Service is intended for individuals 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a person under 18, contact us at the email in Section 1 and we will delete that information promptly.
Section 3
Information We Collect
We collect only what we need. Below is a complete list of the data categories the Service may collect, organized by source.
3.1 Information You Provide
• Account information: email address, authentication identifier (e.g., Sign in with Apple, Google, or email), display name, and password (stored as a salted hash, never in plaintext). • Profile information: optional display preferences and avatar selections. • Communications: messages you send to support and feedback you submit through the app. • Locker content: messages, reactions, and shared progress indicators you choose to send within social groups ("Lockers").
3.2 Information Generated Through Use
• Session history: limited summaries (e.g., session completed, duration) that you opt into sharing within Lockers. Detailed session content remains on your device. • Aggregate plan progress: high-level metrics (e.g., plans completed count, category counts) used for achievements and goals, abstracted from specific plan details. • Crash logs and diagnostic data: used to identify and fix issues.
3.3 Information Stored On-Device Only
The following are stored on your device. We do not transmit, store, or have access to this information on our servers: • Journal entries and reflection answers • Specific apps, websites, or categories you have selected to restrict (see Section 4) • Detailed plan configurations and personal goal settings • Detailed session history • NFC tag configurations • Per-session timing and check-in data
3.4 Device and Technical Information
• Device type, model, and operating system version • App version and build • Device language and region • A non-resettable identifier required for account integrity and abuse prevention • IP address (used at the moment of a request, not stored long-term except in security logs) • General performance and diagnostic events
3.5 Permission-Based Access
Some features require your explicit permission through the operating system. We only access these features when you grant permission. • Family Controls / Screen Time: enables app and category restrictions. We do not see which apps you select. (See Section 4.) • NFC: enables tap-based session and restriction triggers. NFC reads happen on-device. • Notifications: enables session reminders, plan check-ins, and Locker activity alerts. You can disable these any time in your device settings. • Health data (if and when integrated): if integrated, HealthKit data will not be used for advertising or shared with third parties. You will be asked to opt in.
3.6 Information from Third Parties
• Authentication providers: when you sign in with Apple or Google, we receive a unique identifier and the email you choose to share. We do not receive your password. • Apple in-app purchases: Apple notifies us of subscription state. We do not receive your payment card information.
Section 4
Apple Family Controls and Screen Time API — Important Notice
Loomlock's app restriction features are built on Apple's Family Controls, Managed Settings, Device Activity, and Screen Time frameworks ("Apple Frameworks"). We do not collect, transmit, store, sell, or share information identifying which specific applications, websites, or categories you have chosen to restrict. Apple's frameworks deliver your selections to the operating system as opaque, non-readable tokens. These tokens are processed entirely on your device. We have no technical way to read them. This is consistent with Apple's policy for the Family Controls and Screen Time entitlements.
Section 5
How We Use Your Information
We use information for the following purposes only: • Provide and maintain the Service, including account authentication, syncing, and core features • Operate social features (Lockers) you opt into • Send transactional messages and notifications you have enabled • Diagnose, debug, and improve the Service • Analyze aggregate, de-identified usage trends to improve features • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms • Comply with legal obligations and respond to lawful requests • Enforce our Terms of Service We do not use your information for personalized advertising. We do not use your information to train large language models or any other machine learning models without your express, separate consent.
Section 6
Legal Bases for Processing (EU/UK/EEA Users)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your information under the following legal bases: • Contractual necessity: to provide the Service you have requested • Legitimate interests: to maintain security, prevent fraud, and improve the Service in ways you would reasonably expect, balanced against your rights • Consent: where required (for example, certain notifications and any future health data integrations). You may withdraw consent at any time • Legal obligation: where we are required to retain or disclose information by law
Section 7
How We Share Information
We do not sell or rent your personal information. We share information only as described below.
7.1 With Other Users (Social Features)
When you join a Locker, certain information becomes visible to other members, including: • Your display name and avatar • High-level progress indicators (e.g., session completed today, basic streak state) Detailed plan content, journal entries, and the specific apps you restrict are never shared with other users.
7.2 With Service Providers (Processors)
We use trusted third-party providers to operate the Service. They process information only on our instructions and are bound by contractual confidentiality and security obligations. Categories include: • Cloud infrastructure and hosting (e.g., AWS or equivalent) • Authentication services (Apple, Google) • Crash reporting and diagnostics • Privacy-respecting product analytics • Customer support tooling • Email delivery services for transactional messages A current list of subprocessors is available on request at support@loomlock.com.
7.3 For Legal Reasons
We may disclose information if we believe in good faith that disclosure is necessary to: • Comply with applicable law, regulation, legal process, or governmental request • Enforce our Terms of Service or investigate potential violations • Detect, prevent, or address fraud, security, or technical issues • Protect the rights, property, or safety of Loomlock, our users, or the public Where legally permitted, we will notify you of legal requests for your information.
7.4 Business Transfers
If Loomlock is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.
7.5 With Your Consent
We may share information for purposes you specifically consent to.
Section 8
International Data Transfers
Loomlock is based in the United Arab Emirates. Your information may be transferred to and processed in countries other than your own, including the United States and member states of the European Economic Area, where laws governing data protection may differ. When we transfer personal information out of the EEA, the UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards, including the Standard Contractual Clauses adopted by the European Commission and equivalent UK and Swiss mechanisms. You may request a copy of the safeguards in place by contacting us.
Section 9
Data Storage and Security
We use technical and organizational measures designed to protect your information, including: • Encryption in transit using TLS 1.2 or higher • Encryption at rest for personal information stored on our servers • Access controls limiting personnel access on a need-to-know basis • Logging and monitoring of administrative access • Regular review of security practices On-device data is protected by your device's built-in security (passcode, Face ID, Touch ID, full-disk encryption). If you enable iCloud backup, that data is protected by Apple's backup encryption and your iCloud security settings. No system can be made completely secure. While we work hard to protect your information, we cannot guarantee absolute security.
9.1 Breach Notification
If we become aware of a personal data breach affecting you, we will notify you and, where applicable, the relevant supervisory authority without undue delay and consistent with applicable law (including, where required, within 72 hours for purposes of GDPR Article 33).
Section 10
How Long We Keep Your Information
We retain personal information only for as long as necessary for the purposes described in this Policy.
| Data Category | Retention | Notes |
|---|---|---|
| Account information | Until deletion + up to 30 days | Brief retention for backup integrity and abuse prevention. |
| Authentication identifiers | Until account deletion | Required to operate sign-in. |
| Locker messages and shared progress | Up to 90 days, or until you leave the Locker | Configurable in some Lockers. |
| Crash logs and diagnostics | Up to 90 days | De-identified where possible. |
| Aggregate, de-identified analytics | Up to 24 months | Used for product improvement only. |
| Security and abuse logs | Up to 12 months | Includes IP addresses for security events. |
| Subscription and transactional records | As required by law (typically 5–7 years) | Retained for legal compliance. |
| On-device data (journals, plans, sessions) | Until you delete it on your device | Loomlock has no copy. |
When the retention period ends, we will delete or de-identify your information unless we are required by law to retain it longer.
Section 11
Your Rights
Subject to applicable law, you have the following rights with respect to your personal information.
11.1 Universal Rights
• Access: request a copy of the personal information we hold about you • Correction: ask us to correct information that is inaccurate or incomplete • Deletion: ask us to delete your personal information • Withdrawal of consent: where processing is based on consent, withdraw it at any time • Stop using the Service: uninstall the app and cancel any subscription at any time
11.2 EEA, UK, and Switzerland
In addition to the universal rights above, you have the right to: • Restrict processing in certain circumstances • Object to processing based on legitimate interests • Data portability: receive your information in a structured, machine-readable format • Lodge a complaint with your local data protection supervisory authority
11.3 California Residents (CCPA / CPRA)
If you are a California resident, you have the right to: • Know what categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it • Access the specific pieces of personal information we have collected about you in the prior 12 months • Delete your personal information, subject to certain exceptions • Correct inaccurate personal information • Opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as defined under California law • Non-discrimination: we will not discriminate against you for exercising your rights You may also designate an authorized agent to make a request on your behalf, subject to verification. California Shine the Light: we do not disclose personal information to third parties for direct marketing purposes.
11.4 United Arab Emirates
If you are in the UAE, you have rights under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, including the right to access, rectify, erase, restrict processing, object, and transfer your personal information. The UAE Data Office is the supervising authority.
11.5 How to Exercise Your Rights
Submit a request to support@loomlock.com. We will verify your identity and respond within the time required by applicable law (generally within 30 days for GDPR, 45 days for CCPA, with possible extensions where permitted).
Section 12
Cookies and Similar Technologies
The Loomlock mobile application does not use cookies. Our website may use a small number of cookies and similar technologies for essential functionality, security, and basic analytics. Where required by law, we obtain consent through a banner on first visit. You can manage preferences through your browser settings. We do not use cross-app or cross-site tracking.
Section 13
Push Notifications
With your permission, we send notifications related to: • Session reminders and plan check-ins • Locker activity (messages, member encouragement, group milestones) • Account and security alerts • Significant product updates You can disable notifications at any time in your device settings or in-app settings.
Section 14
Marketing Communications
We send marketing emails only if you opt in. You can unsubscribe at any time using the link in any marketing email. We will continue to send transactional and service messages necessary to operate the Service.
Section 15
Apple Privacy Nutrition Label
The summary below corresponds to the data categories disclosed on our App Store listing. Loomlock does not track you across apps and websites owned by other companies.
| Category | Collected | Linked to You | Used to Track |
|---|---|---|---|
| Contact info (email) | Yes | Yes | No |
| User content (Locker messages) | Yes | Yes | No |
| Identifiers (user ID) | Yes | Yes | No |
| Usage data (product interactions) | Yes | Yes | No |
| Diagnostics (crash, performance) | Yes | No | No |
| Location | No | — | — |
| Health & fitness | No (future opt-in) | — | — |
| Browsing / search history | No | — | — |
| Restricted apps / Screen Time selections | No (on-device, opaque tokens) | — | — |
Section 16
Third-Party Services and Links
The Service may include features that rely on third parties (e.g., Apple sign-in, Apple Family Controls, payment processing through the App Store). These third parties have their own privacy practices, governed by their own policies, which we encourage you to review. Following links from within the Service to third-party websites or services takes you outside the scope of this Policy.
Section 17
Automated Decision-Making and Profiling
We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
Section 18
Do Not Track
Our Service does not respond to "Do Not Track" browser signals because there is no consistent industry standard for them. The Service does not track users across third-party apps or websites regardless.
Section 19
Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email and update the "Last Updated" date. Your continued use of the Service after the effective date of the updated Policy constitutes acceptance of the changes. If you do not agree, stop using the Service and request deletion of your information.
Section 20
Contact Us
For privacy questions, requests, or complaints:
Privacy & Data Requests
Email: support@loomlock.com
Company: Loomlock (Blueberry Consultants FZCO)
Address: PO Box 942577, United Arab Emirates
If you are in the EEA, UK, or Switzerland and we have not addressed your concern adequately, you have the right to contact your local data protection authority. If you are in the UAE, you may contact the UAE Data Office.