Effective May 15, 2026
Privacy.
Loop is a tiny knitting counter built by one person in Canada for my mom and her friends. I take this seriously, so here's exactly what happens with your data — in plain language.
Who runs Loop
Just me — an individual hobbyist based in Canada. There's no company, no investors, and no analytics team peeking at your stitches. If Loop ever grows into something bigger, I'll update this page first.
What I collect
- Google sign-in details — your Google account ID, name, email, and sometimes profile image URL as returned by Google. Loop uses this to know it's you, show your account drawer, and scope your private save file. I never see or store your Google password.
- Your knitting records — project names, statuses, pattern references, counters, reminders, notes, yarn details, needle details, and last-updated times. Whatever you type into Loop is what gets saved.
- Contact form messages — if you use the form below, it sends your optional name, message, and IP address to my inbox so I can reply and limit spam.
- Basic analytics — in production, Loop uses Google Analytics to understand page views and general usage patterns. This does not include your project names, notes, counters, yarn, needles, or contact form messages.
That's the whole list. No marketing pixels, no device fingerprinting.
What gets saved to S3
The S3 file contains only your Loop app state: projects, statuses, pattern references, counters, reminders, notes, yarn details, needle details, generated record IDs, and timestamps. It does not contain your Google name, email, profile image, Google password, contact form messages, or Google Analytics data.
Where it lives
Your knitting records are stored in a private folder on Amazon Web Services S3, scoped to your Google ID. Only you (signed in) can read or write them through Loop. I don't browse them. AWS handles the encryption at rest.
Sign-in goes through Google OAuth and the session is handled by Auth.js / NextAuth cookies. Contact form messages go through Resendemail. Google sees that you signed in to a thing called Loop — that's between you and them.
Basic usage analytics go through Google Analytics. Loop configures GA4 with IP anonymization, and Google says GA4 does not log or store IP addresses. Google Analytics may set a first-party _ga cookie with a client ID so it can count users and sessions. Analytics is there to answer broad questions like which pages are used, not to inspect knitting records.
Loop's use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements.
Deleting your stuff
You can delete an individual project from its status/edit flow; once saved, that record is removed from the S3 file. Hit “Sign out” and your session ends. To wipe everything, use the “Delete account” button in the account drawer — it permanently removes your S3 file in the same request, no soft-delete, no 30-day retention, just gone.
Your rights
Under Canada's PIPEDA (and equivalents elsewhere), you can ask me what I have about you, ask me to correct it, or ask me to delete it. Use the form below — I'm the one who reads it.
Changes
If anything material changes, this page updates and the “Effective” date at the top moves with it. If you're signed in when that happens, you'll see a note in the app.
Reach out
Privacy questions, data requests, or “hey this thing doesn't work” — this form goes straight to me. No mailing list, no auto-responder bots.