Privacy Policy

Last updated: May 14, 2026

The short version

Looom is a local-first app. Your threads, photos, and project data stay on your device by default. When you use AI features (summaries, suggested tags, auto-generated titles, and Looom Walk record analysis), the relevant photos and voice transcripts leave the device for processing by Anthropic and return as text. See "AI features" below for the full disclosure. We don't track you and we don't sell data. Sign in with Apple identifies your account; your Apple ID subject identifier is stored locally and is also transmitted to our worker when you use AI features (for rate limiting + cost monitoring, never sold or shared with third parties beyond Anthropic as part of the AI request).

What data stays on your device

All core app data is stored locally on your iPhone or iPad:

This data never leaves your device unless you (a) explicitly share or export it, or (b) use AI features, which transmit only the inputs needed for each analysis as described below.

AI features

Looom has two AI layers. The first is a heuristic analyzer that runs entirely on your device. It labels trade, severity, and category from your photo and notes with no network involved. The second is Claude (Anthropic), which generates natural-language summaries, suggested tags, descriptions, and titles.

When you use the Claude-backed features, Looom sends the relevant inputs to Anthropic via Looom's Cloudflare Worker at share.looom.build/api/ai/*. The worker forwards the request to Anthropic's API with a Looom-managed key and returns Anthropic's response. We never store your photos or transcripts on Looom servers. The worker proxies the request in-flight and writes only per-call counters (user identifier, model, token totals, timestamp) for cost monitoring and abuse prevention.

What gets sent for each analysis:

No training. Anthropic's commercial API does not use customer inputs or outputs to train their models. See Anthropic's commercial terms and usage policy.

Looom retention. Our worker holds the request only for the duration of the Anthropic round-trip (typically a few seconds). The only persistent record on our side is the per-call counter described above.

Anthropic retention. Anthropic's commercial API retains inputs and outputs for up to 30 days by default for operational and policy-enforcement purposes, after which they are deleted. Exceptions for legal or safety review may apply per Anthropic's policy. See Anthropic's retention policy for the current specifics.

Opting out. AI features can be disabled from Settings › AI Summaries. The on-device heuristic analyzer remains available regardless. Developer iteration uses a "bring your own key" path that bypasses our worker entirely; that mode is off by default and gated behind a debug toggle.

Sign in with Apple

Looom requires Sign in with Apple at first launch. Your Apple ID subject identifier, display name, and email address are stored locally on your device in the iOS Keychain. Display name and email never leave the device. The subject identifier is also sent to our worker as part of every AI request (forwarded as Anthropic's metadata.user_id) so we can rate-limit and meter cost on a per-user basis. It is not used for tracking, advertising, or any cross-app correlation. Your Apple ID identifier is stamped on threads you create, so your data is ready for future account features like sync and collaboration. You can sign out at any time from Settings, which removes your credentials from the device.

Voice memo transcription

When you record a voice memo, Looom can transcribe it using Apple's on-device speech recognition (SFSpeechRecognizer). On devices running iOS 17 or later, transcription happens entirely on-device. On older devices, audio may be sent to Apple's servers for processing. Apple's speech recognition privacy policy applies. You can skip transcription and use voice memos without it.

Shared reports

When you create a shared link, the report content and associated photos are uploaded to our hosting service (Cloudflare). Shared links expire after the duration you select (7, 30, or 90 days) and can be revoked at any time from the app. GPS coordinates and EXIF metadata are stripped from photos before upload.

If you set a PIN on a shared link, the PIN is hashed using PBKDF2 before being stored. We do not store PINs in plain text. Access attempts are rate-limited to prevent brute-force attacks.

Location data

Looom requests location access to tag entries with your job site coordinates. Location data is stored on your device and is stripped from photos before sharing. The one exception is the Weather feature below: when enabled, your coordinates are sent to Open-Meteo to fetch current conditions. No identifier accompanies the request. You can deny location access and the app works without it.

Weather data

Looom fetches current weather conditions based on your location to attach to entries. This request goes to Open-Meteo, a free weather API. Only your coordinates are sent, no device identifiers or personal information.

Analytics and crash reporting

Looom does not include third-party analytics or crash reporting SDKs. We rely on Apple's built-in crash reports, which you can opt out of in your device settings.

Third-party services

Children's privacy

Looom is not directed at children under 13 and we do not knowingly collect information from children.

Changes to this policy

If this policy changes, we'll update the date at the top of this page. Material changes will be noted in the app's release notes.

Contact

Questions about privacy? Reach us at [email protected].