Third Parties

This page describes which companies, services and other parties store, process or exchange data in order to provide you with either loomio.org or a private Loomio service managed by Loomio Cooperative.

We describe what data is exchanged, when and why. We also link to relevant policy documents including GDPR compliance statements and privacy policies.

Personally Identifying data and user content

Parties listed here store, process or receive personally identifying data and user generated content on behalf of Loomio.

Search engines and members of the public

If your group makes content "public", the names & profile photos of participants in the content along with the content itself, will be indexed by search engines and available to the general public.

Members of your group

The members of your group receive your name, profile picture and any user content shared with the group. If your group is on a paid subscription, the coordinator of the group has access to the email addresses of the group members.

It's worth noting that the security of information entered into your Loomio group is dependent upon the security of the email services, personal computers and security practices of your group's members.

Intercom

Intercom is our customer support system, which we use to keep in touch with you and track support requests. They receive names and email addresses, location information, and group names and usage metadata.

If you don't want these details going to Intercom, you can install privacy badger or something similar in your browser.

GDPR statement
Privacy policy

Slack

If a group coordinator decides to use the Slack integration, we send user content and names of group members to Slack.

GDPR statement
Privacy policy

Chargify

We use Chargify to manage subscriptions and process credit card transactions. If you sign up for a paid loomio.org subscription, Chargify receives your name and email address and your group's name and id. You will then be asked to provide your credit card details and billing address directly to Chargify. Loomio does not hold your credit card details .

GDPR statement
Privacy policy

Heroku

Heroku provide servers and services (known as an Application platform) to run loomio.org. Heroku is owned and operated by Salesforce. They are trusted with securely hosting our application database and running our core systems.

Salesforce has certified certain of its services under the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework

Salesforce GDPR page
Heroku privacy policy
Heroku Security Privacy and Compliance page

Cloudflare

We use Cloudflare for

This helps to protect the system from malicious attacks and provides performance improvements.

GDPR compliance
Privacy & Security Policy

Amazon Web Services

We use AWS for

"All AWS Services GDPR ready" - Amazon.

GDPR statement
Privacy Policy

Digital Ocean

We use DigitalOcean for

GDPR statement
Privacy Policy

Google Translate

When users request translations of content written by users who speak other languages via the translate button, we send that content to Google Translate for machine translation. Translated data is not used for any other purpose than providing the translation, and it is not retained for longer than necessary to do so.

Google Translate FAQ - Data Confidentiality
Google Cloud Privacy Policy

Google reCAPTCHA

Google reCAPTCHA is a service which can detect malicious use of Loomio and keeps our users and systems protected from some kinds of automated online abuse.

We use reCAPTCHA on our signup form when you signup without a third party sign in. Your IP address and metadata from your browser are shared with Google.

Your use of the reCAPTCHA service is subject to the Google Privacy Policy and Terms of Use

Potentially personally identify data

Services listed here receive your IP address, browser information and associated metadata. In some cases you will have already provided personally identifying information to these companies, which we receive from them, however we do not transmit your personally identifying data to them.

Facebook, Google and Slack sign in

We allow you to login via your Facebook, Google or Slack accounts if wish to. When you do this we receive the profile information necessary to create your Loomio user profile. Our use of your Loomio profile information is described in our Privacy Policy.

YouTube (owned by Google)

We use the "No Cookie" Youtube service to host help and marketing videos. This means that only your IP address is known to Google when you use this service.