Privacy Policy

    Last updated: February 8, 2026

    1. Introduction

    Infinity Looper ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our curated looping video background platform ("Service").

    By accessing or using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

    2. Information We Collect

    2.1 Information You Provide

    • Account Information: Email address and password when you create an account
    • Payment Information: Payment details processed securely through Stripe. we never store, access, or log full card numbers, CVVs, or bank details
    • Support Communications: Name, issue type, and description when you submit support requests
    • Feedback and Surveys: Responses you provide through onboarding surveys, download feedback, and feature request forms
    • Newsletter Subscription: Email address if you subscribe to our mailing list

    2.2 Automatically Collected Information

    • Device Information: Browser type, operating system, screen resolution, and device identifiers
    • Usage Data: Pages visited, features used, time spent, click patterns, and navigation flow
    • Log Data: IP address, access times, referring URLs, and error logs
    • Session Identifiers: Anonymized session IDs for analytics and fraud prevention

    2.3 Analytics Data

    We collect first-party analytics data to understand how users interact with our Service. This includes page views, section visibility, feature engagement, and conversion events. Analytics data is tied to anonymized session identifiers, not your personal identity.

    2.4 Information We Do Not Collect

    Infinity Looper is a curated gallery. we do not accept user-uploaded video content. We do not collect biometric data, precise geolocation, or data from social media profiles.

    3. Legal Basis for Processing (GDPR)

    If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

    • Contract Performance: Processing necessary to deliver the Service, manage your account, and fulfill subscriptions (Art. 6(1)(b) GDPR)
    • Legitimate Interest: Analytics, fraud prevention, and Service improvement where our interests do not override your rights (Art. 6(1)(f) GDPR)
    • Consent: Newsletter subscription and optional feedback surveys. you may withdraw consent at any time (Art. 6(1)(a) GDPR)
    • Legal Obligation: Retaining transaction records as required by tax and financial regulations (Art. 6(1)(c) GDPR)

    4. How We Use Your Information

    We use your information for the following purposes:

    • Service Delivery: Provide access to the gallery, process downloads, and manage subscriptions
    • Authentication: Verify your identity, manage login sessions, and enforce account security
    • Payment Processing: Process Creator Pass subscriptions, single-loop purchases, and maintain purchase history
    • Customer Support: Respond to your inquiries and support tickets
    • Service Improvement: Analyze usage patterns to enhance features, curate content, and optimize performance
    • Communications: Send transactional emails (purchase confirmations, subscription updates) and, with your consent, newsletter updates
    • Security and Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity
    • Legal Compliance: Comply with applicable laws, respond to lawful requests, and enforce our Terms of Service

    5. Data Sharing and Disclosure

    We do not sell, rent, or trade your personal information. We share data only with:

    5.1 Service Providers

    • Cloud Infrastructure: Hosting, database, and file storage (data processed within the provider's standard terms)
    • Payment Processing: Stripe handles all payment transactions. see Stripe's Privacy Policy
    • Email Services: Transactional email delivery for account and purchase notifications

    All service providers are contractually obligated to protect your data and use it only for the specific services they provide to us. We conduct due diligence on all sub-processors.

    5.2 Legal Requirements

    We may disclose your information if required to:

    • Comply with applicable law, regulation, or valid legal process
    • Respond to lawful requests from public authorities, including law enforcement
    • Protect our rights, privacy, safety, or property, or that of our users
    • Enforce our Terms of Service

    5.3 Business Transfers

    In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.

    6. Data Security

    We implement industry-standard security measures to protect your data:

    • Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
    • Encryption at Rest: Sensitive data stored in our database is encrypted using AES-256
    • Access Controls: Role-based access controls limit who can access your data internally
    • Password Security: Passwords are hashed with modern algorithms; we utilize Have I Been Pwned (HIBP) breach detection to block compromised passwords
    • Row-Level Security: Database-level security policies ensure users can only access their own data
    • Input Validation: Server-side constraints on all user inputs to prevent injection and abuse

    While we employ commercially reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

    7. Cookies and Tracking Technologies

    7.1 Essential Cookies

    We use strictly necessary cookies for authentication and session management. These cookies are required for the Service to function and cannot be disabled.

    7.2 First-Party Analytics

    We use our own first-party analytics system to understand how visitors interact with the Service. This data is stored on our own infrastructure and is not shared with third-party advertising networks. We do not use Google Analytics or other third-party tracking tools.

    7.3 No Third-Party Advertising

    We do not display advertisements and do not share your data with advertising networks or data brokers.

    7.4 Global Privacy Control (GPC)

    We respect the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we will treat it as an opt-out of any non-essential data collection.

    8. Data Retention

    We retain your data for the following periods:

    • Account Information: As long as your account is active, plus 30 days after a deletion request is processed
    • Purchase and Transaction History: 7 years from the date of transaction, as required for tax and legal compliance
    • Download History: As long as your account is active
    • Support Tickets: 2 years from resolution
    • Newsletter Subscriptions: Until you unsubscribe
    • Analytics Data: Session-level data is retained for up to 12 months; aggregated and anonymized data may be retained indefinitely
    • Feedback and Surveys: 3 years from submission, or until account deletion

    When data is no longer needed, it is securely deleted or irreversibly anonymized.

    9. Your Privacy Rights

    Depending on your location, you may have the following rights regarding your personal data:

    9.1 Access and Portability

    You can access your account information at any time through your dashboard. You may request a copy of your personal data in a commonly used, machine-readable format.

    9.2 Correction

    You can update your account information through your account settings or by contacting support.

    9.3 Deletion

    You may request deletion of your account and associated personal data through your account settings. Some information may be retained as required by law (e.g., transaction records for tax compliance). We will process deletion requests within 30 days.

    9.4 Opt-Out of Communications

    You can unsubscribe from our newsletter at any time using the unsubscribe link in any email. Transactional emails (purchase confirmations, security alerts) cannot be opted out of while your account is active.

    9.5 Rights for EEA and UK Residents (GDPR)

    If you are in the European Economic Area or United Kingdom, you have additional rights including:

    • Right to object to processing based on legitimate interest
    • Right to restrict processing
    • Right to withdraw consent at any time (without affecting prior lawful processing)
    • Right to lodge a complaint with your local data protection authority

    9.6 Rights for California Residents (CCPA/CPRA)

    California residents have the right to:

    • Know what personal information is collected, used, and shared
    • Request deletion of personal information
    • Opt-out of the sale or sharing of personal information. we do not sell or share personal information for cross-context behavioral advertising
    • Correct inaccurate personal information
    • Limit the use of sensitive personal information
    • Non-discrimination for exercising privacy rights

    9.7 How to Exercise Your Rights

    To exercise any of the above rights, contact us through the Support page. We will respond to verifiable requests within 30 days (or 45 days for complex requests, with notice).

    10. Children's Privacy

    Our Service is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete such information within 30 days.

    11. International Data Transfers

    Your information may be transferred to and processed in countries other than your country of residence. If you are located in the EEA, UK, or Switzerland, we ensure that any transfer of personal data to countries outside the EEA is protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision.

    12. Third-Party Links

    Our Service may contain links to third-party websites or services (e.g., Stripe for payments). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

    13. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where required by law, sending you an email notification.

    Your continued use of the Service after any modifications indicates your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and may request deletion of your data.

    14. Contact Us

    For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through the Support section.

    For more information about our service terms, please see our Terms of Service.