Privacy & Security

We believe that privacy is a moral obligation.

LoopKit was built by indie devs who care about player trust. Your project data belongs to you. We do not sell it, we do not share it with third parties for ads, and we do not use your data to train AI models. If you want it deleted, tell us and we will remove it.

Contact us

What we collect

  • Only the events you choose to send from your game, for example session started, item picked up, error occurred, FPS sample.
  • By default we do not collect player names, emails, or other personal identifiers.
  • You can include identifiers if you choose, for example a user ID, but it is optional and under your control.

What we do not do

  • We do not sell your data.
  • We do not share your data with advertisers.
  • We do not use your game data to train AI models.
  • We do not run third-party trackers on your project dashboards.

Storage and security

  • Transport: all ingestion and dashboard traffic uses HTTPS with TLS 1.2 or higher.
  • At rest: data in DynamoDB and S3 is encrypted with AES-256. Backups are encrypted.
  • Infrastructure: LoopKit runs on AWS managed services, plus MotherDuck. These providers maintain their own SOC and ISO certifications.
  • Access: production data access is limited to essential engineers via role based access control and MFA.
  • Logging: access is logged and reviewed.

Data ownership and control

  • You own your project data. We only process it to provide the product.
  • You can request deletion at any time. Email security@loopkit.ai from your project owner address with the project ID. We will confirm and remove your data.
  • Exports: if you want a copy of your data, contact us. Automated export is on our roadmap.

Retention

  • Active projects: standard retention is 180 days for raw events and longer for aggregates. We tune this for performance and cost.
  • Deleted projects or explicit requests: we remove data from active systems and schedule removal from backups on the next cycle.

Regions and residency

Primary region: AWS us-west-2 unless otherwise stated. If you need a different region, contact us.

Compliance

  • Our providers, including AWS and MotherDuck, hold SOC and ISO certifications for their services.
  • LoopKit is working toward SOC 2. When available, we will publish details and offer report access under NDA.

Responsible disclosure

Found a security issue or privacy concern?

Email security@loopkit.ai with steps to reproduce. Please avoid sharing details publicly until we confirm a fix. We will acknowledge and respond quickly.

Configuration tips for sensitive data

  • Avoid sending personal identifiers unless necessary.
  • If you must include an ID, hash or pseudonymize it inside your game.
  • Use event properties that describe behavior rather than identity.

Questions?

We make games too, and we built LoopKit to help small teams improve faster without risking player trust. If you have questions about data handling or want us to delete your data, reach out any time.

Contact us