The Loomio Co-operative exists to create a world where it’s easy for anyone to participate in decisions that affect them.
Use of our software will often involve the exchange of personal data and personally identifying data.
Our overriding principle is that we will not sell or rent any information you share with us, nor will we place advertising within Loomio. We only share personal data where practically necessary to provide our service to you.
- Read our GDPR compliance statement.
- See or download all the Personal data related to you.
- Learn which Third parties receive or process personal data.
- View our source code or learn how to run your own Loomio server on our Github page.
- To obtain a copy of your group's data to import into your own Loomio server, please contact us.
Non-personally identifiable information
Like most website operators, Loomio collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Loomio’s purpose in collecting non-personally identifying information is to understand how Loomio’s visitors use the application and how to serve them better. From time to time, Loomio may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Potentially personally-identifying: IP addresses
Loomio masks IP addresses we collect as they are stored within our database. System logs with unmasked IP addresses are kept for a short amount of time for maintenance and security purposes, but are deleted automatically when they are no longer of use.
User Content and Personally Identifiable Information
As a decision-making platform, Loomio stores and processes discussions, comments, proposals, outcomes, etc - “user generated content”.
We also store and process your name, email address, profile photo, etc - "your user profile". This information usually makes a user personally identifiable, although you are welcome to use a pseudonym and anonymous email address to prevent this.
When you are a member of a group on Loomio your content including your user profile will be shared with the members of that group, however your email address will only be available to the group's coordinators.
Content including your user profile will be public on the internet if you participate in a public discussion or join a public group.
You may view or export your personal information at any time via the personal data page. You may update your information at any time via the application interface.
As a user, you may deactivate your account. Personally identifying information such as your name, username and profile photo will no longer be associated with content you have posted and Loomio will not contact you again. You are able to reactivate your account at a later date if you wish.
If you wish to delete your user account, you will not be able to reactivate your account at a later date. Your profile information will be permanently deleted from our system. Deletion of your user content will be at the discretion of the Data Protection Officer who will consider legal obligations, issues of personal safety, and the integrity of the discussions and groups the content belongs to.
You can deactivate or delete your user account from the "edit profile" link on the user menu in the top right corner of the app.
User content deletion requests may be made to the Data Protection Officer via the email address [email protected].
Data Security, Integrity and Access
Loomio will not sell or rent any information you share with us. Access to your content and personally identifiable information is tightly controlled internally. Loomio takes all reasonable steps to protect your content from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Content entered into the platform is distributed to the appropriate members of your groups via secure connections where possible and sent via email in the normal course of operation. Your content is only as secure as the personal devices, email services, ISP's, and actions of the members of your group.
From time to time, Loomio team members may access your email address to send you information about Loomio, services provided by Loomio’s partners, or ask for feedback either personally or through an email provider. If you do not wish to receive these emails please respond with a request to be taken off the contact list, or unsubscribe by clicking the unsubscribe link at the bottom of the email.
All data within loomio.org is currently stored by Heroku in the USA.
Data backup, archiving services and disaster recovery are also managed by Heroku automatically. The software and data is backed up on secure, access controlled, and redundant storage.
To learn more about the data processors used in the course of providing Loomio please see our Third parties page.
Loomio software can be set up on a separate private installation if required, at an additional charge. Please contact us if you would like to explore this further.
To provide some of Loomio’s functionality and a high level of service, Loomio engages other companies ("third parties") and in some cases shares personally identifying data with them.
We keep the number of third parties used to a minimum and we only share personally identifying information with third parties where it is necessary to provide our service, eg: with our payment provider (Chargify) and customer support tool (Intercom). These third parties adhere to industry best practices and comply with the EU GDPR, meaning that they in turn will not sell or share any data shared with them.
It is possible that these services may be compelled by court order to share the information they have with law enforcement.
To learn about our third parties and what data is shared with them, see our Third parties.
If you are concerned about the use of any third parties, we encourage you to use a Loomio private host service or to install your own instance of Loomio so you have complete control of how your data is managed.
Loomio Terms of Service and Service Level Agreements
Our standard terms of service are not offered as an SLA (Service Level Agreement) at this time, and are governed by the Terms of Service.
Under these terms, Loomio makes no guarantee of availability. Loomio’s standard service is for general use. Loomio software can be set up on a separate private installation and a Service Level Agreement established if required by a customer, at an additional charge. Customers requiring enterprise-level service managed under an SLA are encouraged to contact us to explore further.
We will always maintain the overriding principle that we will not sell or rent any information you share with us. However, we may change other aspects of this policy. Any amended policy is effective upon posting to this website, and we’ll make every effort to tell you about these changes via email or through the site.