Privacy Policy

This Privacy Policy describes how LOOMA("we," "us," or "our") collects, uses, discloses, and safeguards information when you use the LOOMA Ring, our website at loomaring.app, connected wearable devices, listening companion hardware, and related services (collectively, the "Services").

We design the Services to help you understand relationships between physiological signals and conversational context for personal wellness insights. Because the Services may process health-related and speech-related information, we apply administrative, physical, and technical safeguards aligned with the HIPAA Privacy Rule, HIPAA Security Rule, and applicable state health-privacy laws.

1. Information we collect

Account and profile information

• Name, email address, and authentication credentials
• Account preferences and communication settings

Ring and physiological data

When you connect a compatible smart ring or authorize access to ring-generated data, we may receive:

• Sleep duration, stages, efficiency, and timing
• Heart rate, heart rate variability, and inter-beat intervals
• Readiness, activity, stress, and recovery metrics
• Body temperature deviation, blood oxygen (SpO₂), and related cardiovascular indicators
• Workout, session, tag, and device configuration data you authorize

Conversation and listening companion data

When you use LOOMA listening features or connect a compatible ambient-audio wearable, we may receive:

• Audio streams and derived transcripts of conversations you choose to capture
• Speaker-labeled transcript segments, timestamps, and session metadata
• AI-generated summaries, titles, categories, and extracted action items
• Memories, notes, and structured insights derived from your speech
• Geolocation associated with a conversation, when available and authorized
• Daily or session-level recap summaries

Derived and fusion data

• Mood estimates, correlation scores, and wellness indicators computed from ring and conversation signals
• Ring color or display states reflecting your inferred emotional or physiological state
• Usage logs, device identifiers, and diagnostic data needed to operate the Services

2. How we use information

We use collected information to:

• Provide, maintain, and improve the Services
• Authenticate users and secure accounts
• Synchronize authorized wearable and conversation data
• Generate personal insights linking bio-signals and conversational context
• Send service-related notices and respond to support requests
• Comply with law and enforce our Terms of Service

We do not sell protected health information (PHI) or use PHI for third-party advertising. We use and disclose PHI only as permitted by applicable law, with your authorization where required, or as described in this Policy.

3. Legal bases and authorizations

Where required, we obtain your explicit authorization before accessing ring data, conversation data, or other sensitive health information through third-party integrations. You may revoke authorization at any time through your account settings or by disconnecting the integration at the source device or platform.

4. HIPAA-aligned safeguards

We maintain safeguards designed to meet or exceed HIPAA Security Rule requirements, including:

• Administrative: access management, workforce training, risk analysis, incident response, and vendor oversight
• Physical: secured facilities and controlled access to systems hosting production data
• Technical: encryption in transit (TLS 1.2+) and at rest, role-based access controls, audit logging, and regular security reviews

Production databases are hosted on encrypted infrastructure with access restricted to authorized personnel on a minimum-necessary basis.

5. Sharing and disclosure

We may share information with:

• Service providers who process data on our behalf under written agreements requiring appropriate safeguards (including Business Associate Agreements where applicable)
• Integration partners only when you explicitly connect a device or authorize data sharing
• Legal authorities when required by law, court order, or to protect rights, safety, and security

We do not disclose conversation transcripts or physiological data to third parties for their independent marketing purposes.

6. Retention and deletion

We retain information for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. You may request deletion of your account and associated data by contacting alakupono@icloud.com. We will honor verified requests subject to legal retention requirements.

7. Your rights

Depending on your location and the nature of the data, you may have the right to:

• Access and obtain a copy of your data
• Correct inaccurate information
• Request deletion or restriction of processing
• Receive an accounting of certain disclosures
• Withdraw consent or authorization for integrations
• Export your data in a portable format where technically feasible

To exercise these rights, email alakupono@icloud.com. We will respond within the timeframe required by applicable law.

8. Breach notification

In the event of a breach of unsecured PHI, we will notify affected individuals and regulators as required by the HIPAA Breach Notification Rule and applicable state laws.

9. Children

The Services are not directed to individuals under 18. We do not knowingly collect information from children. Contact us if you believe a child has provided information.

10. International users

If you access the Services from outside the United States, your information may be processed in the U.S. or other countries where we or our providers operate, subject to appropriate safeguards.

11. Changes

We may update this Policy from time to time. Material changes will be posted at https://loomaring.app/privacy with an updated effective date.

12. Contact

Privacy inquiries and HIPAA-related requests: alakupono@icloud.com
LOOMA · loomaring.app