Privacy Policy

Last updated: March 14, 2026

The short version

Looom is a local-first app. Your logs, photos, and project data stay on your device. We don't track you and we don't sell data. You can optionally sign in with Apple to identify your account — your Apple ID is stored locally, not on our servers.

What data stays on your device

All core app data is stored locally on your iPhone or iPad:

• Log entries, punch items, and project records
• Photos and attachments
• Tags, notes, and measurements
• App preferences and settings

This data never leaves your device unless you explicitly choose to share or export it.

AI photo analysis

When you use the AI analysis feature, your photo is sent to a third-party AI service (OpenAI) to generate descriptions, tags, and defect identification. The photo is processed and discarded — it is not stored or used for training. You can skip AI analysis and enter details manually.

Sign in with Apple

Looom offers optional sign-in via Apple. When you sign in, we store your Apple ID subject identifier, display name, and email address locally on your device in the iOS Keychain. This information is not transmitted to any server. We use your Apple ID identifier to stamp entries you create, so your data is ready for future account features like sync and collaboration. You can sign out at any time from Settings, which removes your credentials from the device.

Voice memo transcription

When you record a voice memo, Looom can transcribe it using Apple's on-device speech recognition (SFSpeechRecognizer). On devices running iOS 17 or later, transcription happens entirely on-device. On older devices, audio may be sent to Apple's servers for processing. Apple's speech recognition privacy policy applies. You can skip transcription and use voice memos without it.

Shared reports

When you create a shared link, the report content and associated photos are uploaded to our hosting service (Cloudflare). Shared links expire after the duration you select (7, 30, or 90 days) and can be revoked at any time from the app. GPS coordinates and EXIF metadata are stripped from photos before upload.

If you set a PIN on a shared link, the PIN is hashed using PBKDF2 before being stored. We do not store PINs in plain text. Access attempts are rate-limited to prevent brute-force attacks.

Location data

Looom requests location access to tag entries with your job site coordinates. Location data is stored only on your device and is stripped from photos before sharing. You can deny location access and the app works without it.

Weather data

Looom fetches current weather conditions based on your location to attach to log entries. This request goes to Open-Meteo, a free weather API. Only your coordinates are sent — no device identifiers or personal information.

Analytics and crash reporting

Looom does not include third-party analytics or crash reporting SDKs. We rely on Apple's built-in crash reports, which you can opt out of in your device settings.

Third-party services

• OpenAI — photo analysis (when you use AI features)
• Cloudflare — shared report hosting (when you create shared links)
• Open-Meteo — weather conditions (when location is enabled)
• Apple Speech Recognition — voice memo transcription (may use Apple servers on older devices)
• Apple Sign In — optional authentication (credentials stored locally only)

Children's privacy

Looom is not directed at children under 13 and we do not knowingly collect information from children.

Changes to this policy

If this policy changes, we'll update the date at the top of this page. Material changes will be noted in the app's release notes.

Contact

Questions about privacy? Reach us at hello@looom.build.