Effective May 15, 2026

Privacy.

Loop is a tiny knitting counter built by one person in Canada for my mom and her friends. I take this seriously, so here's exactly what happens with your data — in plain language.

Who runs Loop

Just me — an individual hobbyist based in Canada. There's no company, no investors, and no analytics team peeking at your stitches. If Loop ever grows into something bigger, I'll update this page first.

What I collect

That's the whole list. No marketing pixels, no device fingerprinting.

What gets saved to S3

The S3 file contains only your Loop app state: projects, statuses, pattern references, counters, reminders, notes, yarn details, needle details, generated record IDs, and timestamps. It does not contain your Google name, email, profile image, Google password, contact form messages, or Google Analytics data.

Where it lives

Your knitting records are stored in a private folder on Amazon Web Services S3, scoped to your Google ID. Only you (signed in) can read or write them through Loop. I don't browse them. AWS handles the encryption at rest.

Sign-in goes through Google OAuth and the session is handled by Auth.js / NextAuth cookies. Contact form messages go through Resendemail. Google sees that you signed in to a thing called Loop — that's between you and them.

Basic usage analytics go through Google Analytics. Loop configures GA4 with IP anonymization, and Google says GA4 does not log or store IP addresses. Google Analytics may set a first-party _ga cookie with a client ID so it can count users and sessions. Analytics is there to answer broad questions like which pages are used, not to inspect knitting records.

Loop's use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements.

Deleting your stuff

You can delete an individual project from its status/edit flow; once saved, that record is removed from the S3 file. Hit “Sign out” and your session ends. To wipe everything, use the “Delete account” button in the account drawer — it permanently removes your S3 file in the same request, no soft-delete, no 30-day retention, just gone.

Your rights

Under Canada's PIPEDA (and equivalents elsewhere), you can ask me what I have about you, ask me to correct it, or ask me to delete it. Use the form below — I'm the one who reads it.

Changes

If anything material changes, this page updates and the “Effective” date at the top moves with it. If you're signed in when that happens, you'll see a note in the app.

Reach out

Privacy questions, data requests, or “hey this thing doesn't work” — this form goes straight to me. No mailing list, no auto-responder bots.