Loomdex (“Loomdex”, “we”, “our”, or “us”) is committed to protecting user privacy and handling personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect information when you access or use the Loomdex platform, website, and related services (collectively, the “Services”).

1. Information We Collect

We collect only the minimum information necessary to operate a secure blockchain infrastructure platform.

1.1 Information You Provide Directly

• Email address (for account creation and authentication)
• Password credentials (stored only in hashed form)
• Optional profile or account preferences
• Communications you send to us (support requests, inquiries)

1.2 Authentication & OAuth Data

When you sign in using third-party authentication providers (such as Google OAuth):

• We receive basic account identifiers (e.g., email address, unique user ID)
• We do not access contacts, emails, files, calendars, or content outside authentication
• OAuth access is used strictly for login and identity verification

Loomdex does not request sensitive or restricted Google user data.

1.3 Automatically Collected Information

• Device and browser information
• IP address (used for security, fraud prevention, and abuse mitigation)
• Session activity and timestamps
• Basic usage analytics (non-behavioral, non-advertising)

2. How We Use Information

We use collected data only for legitimate operational purposes, including:

• Account authentication and access control
• Security monitoring and fraud prevention
• Platform functionality and service delivery
• User support and communications
• Compliance with legal and regulatory obligations

We do not:

• Sell personal data
• Use data for advertising or profiling
• Share data with third parties for marketing
• Use OAuth data for anything beyond authentication

3. Data Encryption & Security

Security is a core design principle of Loomdex.

• All sensitive user data is encrypted in transit and at rest
• Passwords are stored using industry-standard cryptographic hashing
• Access to systems is restricted and audited
• Infrastructure is monitored continuously for unauthorized access

Despite best practices, no system is 100% secure. We encourage users to maintain strong passwords and protect their credentials.

4. Wallet Infrastructure & Key Security

Loomdex utilizes enterprise-grade security for wallet management:

• Wallets are generated and managed securely on behalf of users
• Private keys are secured using Google Secret Manager and are never exposed in plaintext
• Keys are encrypted both in transit and at rest
• On-chain transactions are publicly verifiable on the TRON blockchain

Blockchain data is public by nature and governed by the underlying protocol.

5. Data Sharing & Disclosure

We do not sell or rent personal data.

We may share limited information only when necessary:

• To comply with legal obligations or lawful requests
• To enforce platform policies or prevent fraud
• With infrastructure providers strictly for service operation (under confidentiality agreements)

6. Data Retention

• Personal data is retained only as long as required for operational, legal, or security purposes
• Users may request account deletion where legally permitted
• Certain records may be retained to comply with regulatory or audit requirements

7. Your Rights & Choices

Depending on your jurisdiction, you may have rights to:

• Access your personal data
• Request correction or deletion
• Withdraw consent where applicable
• Request data portability

Requests can be submitted via our support channels.

8. Children’s Privacy

Loomdex is not intended for individuals under 18. We do not knowingly collect personal data from minors.

9. Third-Party Services

Our Services may link to third-party websites or integrations. We are not responsible for the privacy practices of external platforms.

10. Compliance With Google API Services User Data Policy

Loomdex’s use of information obtained from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

10.1 Scopes and Data Access

We request only the following specific scopes for authentication purposes:

• .../auth/userinfo.email: To verify your email address for account creation and login.
• .../auth/userinfo.profile: To display your basic profile name and picture within the application.
• openid: To authenticate your identity securely.

10.2 Strict Usage Limitations

• Authentication Only: Google user data is used solely to log you in and maintain your authenticated session.
• No Data Transfer: We do not transfer or share Google user data with third-party tools, AI models, or external databases, except as strictly necessary for security and service operation (e.g., secure cloud hosting).
• No Advertising: We do not use Google user data for serving advertisements, retargeting, or personalized marketing.
• No Human Access: No humans read your Google user data unless you have explicitly consented to specific support requests or for security investigations.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the platform or website.