Privacy Policy

Legal

Effective date: March 23, 2026

1. Who We Are (Data Controller)

GetLoops (“we”, “us”, “our”) is the data controller responsible for your personal data. We are based in Portugal and operate within the European Union. The platform is accessible at getloops.net.

Contact: support@getloops.net

Our supervisory authority for data protection is the Portuguese Data Protection Authority (CNPD — Comissão Nacional de Proteção de Dados), reachable at cnpd.pt.

2. What Data We Collect

We collect the following categories of personal data depending on how you use the Service:

Account data (when you register)

Email address
Username / display name
Profile picture (optional)

Usage and technical data

IP address and general geographic location (country/city)
Browser type, operating system, device type
Pages visited, features used, session duration
Referring URLs

User content

Audio files you upload (stored in Cloudflare R2)
Tags, descriptions, and metadata you provide

Advertising and analytics data

Pseudonymous identifiers assigned by Google AdSense for ad personalisation (with your consent)
Aggregated analytics data collected by Google Analytics (with your consent)

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

Contract performance

Processing necessary to create and manage your account, enable file uploads, and provide core platform features (Art. 6(1)(b)).

Legitimate interest

Security monitoring, fraud prevention, improving our service, and showing contextual (non-personalised) advertisements (Art. 6(1)(f)).

Consent

Personalised advertising via Google AdSense, analytics via Google Analytics, and any marketing communications. You can withdraw consent at any time through the cookie banner or by contacting us (Art. 6(1)(a)).

Legal obligation

Compliance with applicable EU and Portuguese law, including responding to lawful requests from public authorities (Art. 6(1)(c)).

4. How We Use Your Data

To create and manage your account and authenticate you.
To store and serve your uploaded audio files.
To provide the browse, search, trending, and playback features.
To display advertisements that fund the free Service (see Section 5).
To analyse aggregate usage patterns and improve the platform.
To send service-related communications (e.g. account, DMCA notices).
To detect and prevent fraud, abuse, and security incidents.
To comply with our legal obligations.

5. Advertising (Google AdSense)

GetLoops is a free service supported by advertising revenue. Advertisements are always shown on the platform — displaying an ad does not require consent. What requires consent is personalisation: whether ads are tailored to your interests using tracking technologies.

We use Google AdSense to serve ads. Google operates in one of two modes depending on your cookie preferences:

Personalised mode (with your consent) — Google may set cookies and pseudonymous advertising identifiers to show ads tailored to your browsing activity within GetLoops and across other websites.
Non-personalised mode (if consent is declined) — Google serves contextual ads based on page content only. No tracking cookies are placed.

In both modes, ads are displayed. We do not share your personally identifiable information (name, email address) with Google for advertising purposes. Google acts as an independent data controller for advertising data under its own privacy policy (policies.google.com/privacy).

Your choices: At any time you can switch between personalised and non-personalised ads by updating your preferences in the cookie banner, or by visiting g.co/adsettings. You will always see ads regardless of your choice.

6. Third-Party Services

We share personal data with the following third-party processors under appropriate contractual safeguards (GDPR Art. 28 Data Processing Agreements):

Keycloak

Our self-hosted identity provider. Manages authentication and stores account credentials. Runs on our own infrastructure.

Cloudflare R2

Object storage for audio files. Cloudflare processes data under EU-compatible Standard Contractual Clauses.

Google AdSense

Advertising network. Processes pseudonymous ad data under Google's own DPA and SCCs. See Section 5.

Google Analytics

Analytics service (with consent). Aggregated usage statistics. Data may be transferred to the US under SCCs.

Apache Kafka / Redis

Internal infrastructure for event streaming and job queuing. Not shared with third parties.

We do not sell your personal data to any third party.

7. Data Retention

Account data

Retained as long as your account is active. Deleted within 30 days of account deletion request.

Audio uploads

Retained until you delete them or your account is closed.

Usage logs

Retained for up to 90 days for security and debugging purposes.

Analytics data

Retained for up to 14 months in anonymised form (Google Analytics default).

Ad data

Managed by Google according to its own retention policy.

Consent records

Retained for 2 years to demonstrate compliance.

8. Your Rights Under GDPR

Under GDPR, you have the following rights with respect to your personal data:

Right of access (Art. 15) — Request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — Ask us to correct inaccurate or incomplete data.
Right to erasure / "right to be forgotten" (Art. 17) — Request deletion of your personal data, subject to legal obligations.
Right to restriction of processing (Art. 18) — Ask us to limit how we use your data.
Right to data portability (Art. 20) — Receive your data in a machine-readable format.
Right to object (Art. 21) — Object to processing based on legitimate interests, including profiling.
Right to withdraw consent (Art. 7(3)) — Withdraw your consent for advertising or analytics cookies at any time via the cookie banner.
Right to lodge a complaint — Lodge a complaint with the CNPD (cnpd.pt) or any EU Data Protection Authority.

To exercise any of these rights, contact us at support@getloops.net. We will respond within 30 days. We may ask you to verify your identity before acting on your request.

9. Cookies

We use cookies and similar technologies on GetLoops. A cookie is a small text file placed on your device by a website. Cookies help us provide core functionality, understand how the Service is used, and show relevant advertisements.

Strictly Necessary Cookies

Always active — these cannot be disabled as they are essential for the platform to function.

kc-access

Keycloak access token for authentication. Session cookie.

kc-refresh

Keycloak refresh token. Enables session refresh without re-login.

cc_cookie

Stores your cookie consent preferences. Expires after 1 year.

Analytics Cookies (with consent)

Help us understand aggregate usage patterns. Opt in or out via the cookie banner.

_ga

Google Analytics — distinguishes users. Expires after 2 years.

_ga_*

Google Analytics — maintains session state. Expires after 2 years.

Advertising Cookies (with consent)

Used by Google AdSense to serve relevant ads. We only set these if you consent via the cookie banner.

__gads

Google Ad Manager — prevents showing the same ad too many times. Expires after 13 months.

__gpi

Google Ad Manager — pseudonymous advertising identifier. Expires after 13 months.

DSID

DoubleClick (Google) — tracks conversion and ad performance. Session cookie.

IDE

Google DoubleClick — used to measure and target ads. Expires after 13 months.

You can manage your cookie preferences at any time by clicking “Manage Preferences” in the cookie banner (re-open it by clearing your browser cookies or via browser settings). You can also disable cookies entirely via your browser settings, though this may affect platform functionality.

10. Children's Privacy

GetLoops is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at support@getloops.net and we will delete it promptly.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, or destruction. These include:

HTTPS encryption for all data in transit.
Authentication managed by Keycloak with JWT tokens and HTTP-only cookies.
Private object storage for audio files (Cloudflare R2).
Role-based access controls for internal systems.

No system is completely secure. If you believe a security incident has occurred, please contact us immediately at support@getloops.net.

12. International Data Transfers

We are based in Portugal (EU). Some of our third-party processors (Google AdSense, Google Analytics, Cloudflare) may transfer data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a prominent notice in the Service at least 30 days in advance. The “Effective date” at the top of this page indicates when the policy was last updated.

14. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

GetLoops
Email: support@getloops.net
Jurisdiction: Portugal, European Union
Supervisory Authority: CNPD — cnpd.pt