Privacy Policy

Last updated: April 6, 2026

This Privacy Policy applies to all users worldwide. It has been drafted to comply with applicable privacy and data protection laws across all major jurisdictions, including the EU GDPR, UK GDPR, India DPDPA 2023, US CCPA/CPRA, Australia Privacy Act 1988, Canada PIPEDA, and equivalent statutes globally.

1. Introduction

LoopDigger (“we,” “us,” or “our”) operates this website and store, including all related information, content, features, tools, products, and services (the “Services”), to provide you, the customer, with a curated shopping experience for melodic loops and sound kits. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit, use, or make a purchase using the Services, or otherwise communicate with us.

The Services are powered by Shopify, Inc. This Privacy Policy applies to information we collect and process as a data controller. Where Shopify independently collects or processes your data, Shopify’s own Privacy Policy applies, and Shopify is the data controller in respect of that processing.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you acknowledge that you have read, understood, and agree to the practices described herein. If you do not agree, please do not use the Services.

2. Who We Are (Data Controller Information)

For the purposes of applicable data protection laws, LoopDigger is the data controller of your personal information collected directly through the Services. All enquiries regarding this Privacy Policy or the exercise of your rights should be directed to LoopDigger via the contact details at the end of this document.

Where the EU GDPR, UK GDPR, or India DPDPA applies, LoopDigger is the Data Fiduciary / Data Controller in respect of personal data processed directly by LoopDigger. Where Shopify processes data as part of its platform services, Shopify acts as a separate or joint data controller; please refer to the Shopify Consumer Privacy Policy for those processing activities.

3. Personal Information We Collect

When we use the term “personal information” (or “personal data” as defined in applicable law), we are referring to information that identifies, or can reasonably be linked to, you or another individual. We may collect or process the following categories of personal information, depending on how you interact with the Services and as permitted or required by applicable law:

3.1 Categories of Personal Information

Contact Details: Including your name, billing address, shipping address, phone number, and email address.
Financial Information: Including payment card information (processed securely via Shopify Payments / PayPal), transaction details, form of payment, payment confirmation, and other payment details. We do not store full card numbers on our systems; payment processing is handled by PCI-DSS compliant third parties.
Account Information: Including your username, password (stored in hashed form), security questions, preferences, and settings.
Transaction Information: Including the items you view, place in your cart, add to a wishlist, or purchase, return, exchange, or cancel, and your past transaction history.
Communications with Us: Including the content of communications you send us, for example via customer support enquiries or email.
Device and Technical Information: Including your device type, browser, operating system, network connection, IP address, and other unique identifiers.
Usage Information: Including information regarding your interaction with the Services, including how and when you navigate or interact with our website, and pages visited.
Inferences: We may draw inferences from the above categories to create a profile about you reflecting your preferences, characteristics, and likely interests for the purpose of improving and personalising the Services.

3.2 Sensitive Personal Information

We do not intentionally collect sensitive personal information (such as health data, biometric data, racial or ethnic origin, political opinions, religious beliefs, or criminal history). Please do not provide such information when using our Services.

3.3 Sources of Personal Information

We may collect personal information from the following sources:

Directly from you, including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information.
Automatically through the Services, from your device when you use our products or services or visit our website, including through cookies and similar technologies (see Section 7).
From our service providers, including Shopify, when they collect or process your personal information on our behalf.
From business partners or other third parties, where permitted by applicable law.

4. How We Use Your Personal Information

We use your personal information only for lawful purposes. We rely on one or more of the following legal bases (where required by applicable law):

Performance of a contract with you (e.g., processing your order).
Compliance with a legal obligation.
Our legitimate interests (e.g., fraud prevention, security, improving the Services), provided these do not override your rights.
Your consent, where we have obtained it.

Specifically, we may use your personal information for the following purposes:

4.1 Providing and Improving the Services: To process your payments, fulfil your orders, manage your account, arrange for shipping, facilitate returns and exchanges, remember your preferences, send account-related notifications, and create a personalised shopping experience.

4.2 Marketing and Advertising: To send marketing, advertising, and promotional communications by email, text message, or postal mail, and to show you online advertisements for products or services, including based on your past purchases and activity. You may opt out at any time (see Section 9).

4.3 Security and Fraud Prevention: To authenticate your account, provide a secure payment and shopping experience, detect and investigate possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and secure our Services. You are responsible for keeping your account credentials safe and should not share them with any third party.

4.4 Customer Communications: To provide you with customer support, respond to your enquiries, and maintain our business relationship with you.

4.5 Legal Compliance: To comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies in any jurisdiction, to investigate or participate in civil discovery, litigation, or other legal proceedings, and to enforce or investigate potential violations of our terms or policies.

4.6 AI and Automated Processing: We do not make solely automated decisions about you that produce significant legal effects without human review, except where explicitly permitted by law. Where automated profiling occurs for marketing personalisation, you have the right to object (see Section 9).

5. How We Disclose Personal Information

We do not sell your personal information to third parties for their own independent marketing purposes. We may disclose your personal information in the following circumstances:

5.1 Service Providers: With vendors and third parties who perform services on our behalf, including Shopify (platform and infrastructure), payment processors (Shopify Payments, PayPal), IT management providers, data analytics providers, customer support tools, cloud storage providers, and fulfilment and shipping partners. These parties are contractually required to protect your personal information and use it only for the purposes for which it was disclosed.

5.2 Business and Marketing Partners: With business and marketing partners to provide marketing services and display advertising to you, including through Shopify’s personalized advertising features based on your activity across merchants and websites. Our business and marketing partners use your information in accordance with their own privacy notices. You may opt out of targeted advertising (see Section 9).

5.3 At Your Direction: When you direct, request, or consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.

5.4 Within Our Corporate Group: With our affiliates or otherwise within our corporate group, where relevant to providing the Services.

5.5 Business Transactions: In connection with a business transaction such as a merger, acquisition, restructuring, or insolvency, in which case personal information may be transferred as a business asset, subject to applicable law.

5.6 Legal Requirements: To comply with any applicable legal obligations, including to respond to subpoenas, court orders, search warrants, and similar requests from law enforcement or government authorities in any jurisdiction; to enforce our Terms of Service or policies; and to protect or defend the rights of LoopDigger, our users, or others.

5.7 No Sale of Personal Data: We do not sell your personal information as that term is defined under the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act, the Virginia Consumer Data Protection Act, India’s DPDPA 2023, or any equivalent applicable law. We do not share personal information for cross-context behavioural advertising without offering you the right to opt out.

6. Relationship with Shopify

The Services are hosted and powered by Shopify, Inc. Shopify collects and processes personal information about your access to and use of the Services in order to provide and improve the Services. Information you submit to the Services will be transmitted to and stored by Shopify, as well as third parties that may be located in countries other than where you reside.

Shopify may use personal information collected about your interactions with our store, along with interactions with other merchants and with Shopify, to provide enhanced platform features. In these circumstances, Shopify is an independent data controller responsible for the processing of your personal information for those purposes and for responding to requests to exercise your rights in respect of that processing.

To learn more about how Shopify uses your personal information and any rights you may have, please visit the Shopify Consumer Privacy Policy at privacy.shopify.com. Depending on where you live, you may exercise certain rights with respect to Shopify’s processing via the Shopify Privacy Portal.

7. Cookies and Tracking Technologies

We and our service providers (including Shopify) use cookies, pixel tags, web beacons, and similar tracking technologies to collect device and usage information when you visit our website. These technologies help us operate the Services, remember your preferences, analyse usage, deliver targeted advertising, and detect fraud.

Types of cookies we use include:

Strictly necessary cookies: Required for the Services to function (e.g., maintaining your shopping cart and session). These cannot be disabled.
Analytics cookies: Used to understand how visitors interact with our website (e.g., pages visited, time spent). Data is aggregated and anonymised where possible.
Marketing and advertising cookies: Used to show you relevant advertisements on our site and third-party platforms, based on your browsing activity.
Preference cookies: Used to remember your settings and preferences.

Where required by applicable law (including the EU ePrivacy Directive and UK PECR), we will obtain your consent before placing non-essential cookies on your device. You may manage your cookie preferences via our cookie consent tool or your browser settings. Note that disabling certain cookies may affect the functionality of the Services.

We respect the Global Privacy Control (GPC) opt-out preference signal. If you visit our website with GPC enabled, we will treat this as an opt-out request for the device and browser you use. We do not otherwise recognise “Do Not Track” signals.

8. International Transfers of Personal Information

LoopDigger operates globally and your personal information may be transferred to, stored in, and processed in countries other than the country in which you reside, including countries that may not provide the same level of data protection as your home country.

Where we transfer personal information out of the European Economic Area (EEA) or the United Kingdom, we rely on one or more of the following safeguards:

European Commission Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreements (IDTAs), as applicable.
Adequacy decisions issued by the European Commission or the UK Secretary of State confirming that the recipient country ensures an adequate level of data protection.
Other lawful transfer mechanisms recognised under applicable law.

For transfers of personal data from India under the DPDPA 2023, we comply with any applicable cross-border transfer restrictions and will rely on recognised mechanisms as they are established under Indian law.

For transfers of personal data from Canada under PIPEDA, we implement contractual protections equivalent to those required under PIPEDA before transferring data to third parties in other countries.

By using the Services, you acknowledge that your personal information may be transferred internationally as described in this section.

9. Your Rights and Choices

Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. We will not discriminate against you for exercising any of these rights. We may need to verify your identity before processing your request, as permitted or required by applicable law.

9.1 Rights Available to All Users

Right to Access / Know: You may request access to or information about the personal information we hold about you.
Right to Delete: You may request that we delete personal information we hold about you, subject to certain exceptions.
Right to Correct: You may request that we correct inaccurate personal information we hold about you.
Right of Portability: You may request a copy of your personal information in a portable format and, in certain circumstances, request that we transfer it to a third party.
Right to Opt Out of Sale / Sharing for Targeted Advertising: You may opt out of the sale or sharing of your personal information for targeted advertising purposes. You can exercise this right via the opt-out link on our website or by enabling the Global Privacy Control on your browser.
Communication Preferences: You may opt out of promotional emails at any time by using the unsubscribe link in our emails. We may still send you non-promotional communications, such as order confirmations and account notices.

9.2 Additional Rights for EEA, UK, and Swiss Users

If you reside in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights under the GDPR / UK GDPR / Swiss Federal Act on Data Protection:

Right to Object: You may object to our processing of your personal information for direct marketing purposes (including profiling) or where we rely on legitimate interests as a legal basis, unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Restrict Processing: You may request that we restrict our processing of your personal information in certain circumstances.
Right to Withdraw Consent: Where we rely on your consent as a legal basis, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

9.3 Rights for Indian Users

If you reside in India, you have the following rights under the Digital Personal Data Protection Act 2023 (DPDPA):

Right to information about personal data being processed and the purposes for which it is being processed.
Right to correction and erasure of personal data.
Right to grievance redressal: You may contact us using the contact details in Section 13 to raise a grievance. We will acknowledge your grievance within 48 hours and resolve it within the timelines prescribed by applicable law.
Right to nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.

9.4 Rights for California and US State Users

If you reside in California or another US state with applicable privacy laws (including Colorado, Virginia, Connecticut, Utah, Texas, Oregon, or Montana), you may have rights including: the right to know, the right to delete, the right to correct, the right to opt out of sale/sharing, the right to limit use of sensitive personal information (California), and the right to non-discrimination for exercising your rights.

9.5 Rights for Canadian Users

If you reside in Canada, you have rights under PIPEDA and applicable provincial privacy laws, including the right to access your personal information, the right to challenge the accuracy of your personal information, and the right to file a complaint with the Office of the Privacy Commissioner of Canada.

9.6 Rights for Australian Users

If you reside in Australia, you have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, including the right to access and correct your personal information, and the right to make a complaint to the Office of the Australian Information Commissioner (OAIC).

9.7 Authorised Agents

In accordance with applicable laws, you may designate an authorised agent to make requests on your behalf. Before accepting such a request, we will require proof that you have authorised the agent to act on your behalf and may need to verify your identity directly with you.

10. Security and Retention of Your Information

10.1 Security: We implement and maintain appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption of data in transit (TLS/SSL), access controls, and regular security assessments. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law.

10.2 Retention: We retain your personal information for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Specifically, account and transaction data is retained for the duration of your account and for up to 7 years thereafter for legal and tax compliance purposes. When personal information is no longer required, we will delete or anonymise it in a secure manner.

11. Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites.

12. Children’s Privacy

The Services are not intended for use by children under the age of majority in their jurisdiction (18 in most countries). We do not knowingly collect personal information from children. If you are the parent or guardian of a child who has provided us with their personal information without your consent, please contact us using the details in Section 13 to request that it be deleted.

13. Contact Us

For all privacy-related enquiries, requests to exercise your rights, or complaints regarding our privacy practices, please contact us at:

LoopDigger
Email: Available via the contact form on our website
Website: loopdigger.com (Contact page)

We aim to respond to all requests within the timeframes required by applicable law. For EU/UK GDPR requests, we will respond within one month (extendable by a further two months in complex cases). For CCPA requests, we will respond within 45 days. For India DPDPA requests, we will acknowledge within 48 hours and respond within the prescribed period.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the “Last updated” date, and provide notice as required by applicable law. Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy, to the extent permitted by applicable law.