Privacy Policy

RequestLoops ("we", "us", "our") is a document and data collection platform operated by Cyril Boyer, located at 11 Haeyang 5-ro, Sangnok-gu, 15596 Ansan-si, Gyeonggi, South Korea.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use RequestLoops as an account holder (the professional creating requests) or as a recipient (the person submitting documents or data in response to a request).

By using RequestLoops, you agree to the practices described in this policy. If you do not agree, please do not use our service.

Account holders:

• Name, email address, and profile picture (provided via Google or Microsoft sign-in)
• Organization name and team member information
• Payment information (processed and stored by Stripe; we do not store card details)
• Requests, items, and configuration data you create
• Usage data (emails sent, SMS sent, AI tokens used)

Recipients:

• Name, email address, and/or phone number (provided by the account holder who created the request)
• Documents, files, signatures, and form data you submit
• Browser language and access timestamps

Technical data (all users):

• IP address, browser type, device information
• Pages visited and actions taken within the application

We process your data based on the following legal grounds under applicable data protection laws (including GDPR and South Korea's PIPA):

• Contract performance: To provide the service you or the account holder signed up for
• Legitimate interests: To improve our service, prevent fraud, and ensure security
• Legal obligations: To comply with applicable laws and regulations
• Consent: Where you have given explicit consent (e.g., receiving marketing communications)

We use collected data to:

• Provide and operate the RequestLoops platform
• Send notifications, reminders, and portal access links to recipients via email and SMS
• Process payments and manage subscriptions
• Sync uploaded files to connected cloud storage (Google Drive or OneDrive)
• Power AI-assisted form building features
• Monitor usage and enforce plan limits
• Improve the service and fix issues

We will never sell your personal data. We will never use recipient-submitted documents for any purpose other than delivering them to the account holder.

We share data with the following third-party services, strictly to operate RequestLoops:

• Google and Microsoft: Authentication (OAuth sign-in) and cloud storage sync (Google Drive, OneDrive)
• Stripe: Payment processing. Stripe handles all payment data under their own privacy policy.
• Email and SMS providers: To deliver notifications and reminders to recipients
• AI service providers: To power the AI form building assistant. Prompts may include request metadata but never recipient-submitted files or personal data.

We do not share data with advertisers or data brokers.

RequestLoops is operated from South Korea. Your data may be processed in jurisdictions outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses for transfers from the EU/EEA, and compliance with South Korea's PIPA cross-border transfer requirements.

Account holders: Your data is retained for the duration of your account. If you delete your account, your personal data is removed within 30 days. Request data, submissions, and activity logs associated with your organization are permanently deleted.

Recipients: Submitted data is retained as long as the associated request exists. When an account holder deletes a request, all related recipient data and submissions are permanently deleted.

Backups: Encrypted backups may retain data for up to 90 days after deletion.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at .

EU/EEA residents: You have the right to lodge a complaint with your local data protection authority.

South Korean residents: You may file a complaint with the Personal Information Protection Commission (PIPC).

We take reasonable measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) and at rest
• Access controls and authentication for all systems
• Regular security reviews
• Minimal data collection practices

No system is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify affected users and relevant authorities as required by law.

RequestLoops uses only essential cookies and local storage required for the application to function (authentication tokens, locale preferences). We do not use tracking cookies, analytics cookies, or advertising cookies.

RequestLoops is designed for professional use and is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via the application or email. Continued use of RequestLoops after changes constitutes acceptance of the updated policy.

For questions about this Privacy Policy or to exercise your data rights:

Cyril Boyer
11 Haeyang 5-ro, Sangnok-gu
15596 Ansan-si, Gyeonggi
South Korea

Email: