Privacy

This policy applies to the information ReasonLoom processes when you visit reasonloom.com and reasonloom.ai, subscribe to updates, contact us, attend our events, apply for a role, or use our products and services (together, the “Services”). For our enterprise products, ReasonLoom typically acts as a processor on behalf of the customer that operates the deployment; in that case the customer’s own privacy notice governs how end-user data is used, and we process it only on their documented instructions. For this website and our direct relationships, ReasonLoom is the data controller.

This policy does not cover third-party websites, products, or services that we link to but do not operate. Their own privacy notices apply.

Information you provide to us

• Contact details — your name, email address, organisation, and role when you subscribe, fill in a form, or get in touch.
• Messages and content — anything you choose to send us, such as questions, feedback, support requests, or research enquiries.
• Recruitment information — if you apply to work with us, the details in your application and any materials you share.
• Event information — registration details when you sign up for a talk, demo, or briefing.

Information we collect automatically

• Device and connection data — IP address, browser type, operating system, language, and referring page, captured in standard server logs.
• Usage data — which pages you view and broad interaction signals, used in aggregate to understand what is useful. We do not run third-party advertising trackers.
• Cookies and similar storage — only what is needed to run the site and remember your preferences (for example, your language and your cookie choice). See Cookies for the full list and your controls.

We do not seek to collect sensitive personal information through this website, and we ask that you do not send it to us unless strictly necessary and lawful.

Under the GDPR and equivalent laws, we rely on one or more of the following legal bases for each purpose:

• To provide and operate the Services — running the website, responding to you, and delivering what you requested. Basis: performance of a contract, or our legitimate interest in operating the Services.
• To send you updates you asked for — and nothing else. Basis: your consent, which you can withdraw at any time.
• To keep the Services secure and reliable — detecting, preventing, and responding to abuse, fraud, and technical problems. Basis: legitimate interest, and compliance with legal obligations.
• To improve our research and products — understanding, in aggregate, what is helpful. Basis: legitimate interest. We never use the personal data of website visitors to train models.
• To recruit and to run events — assessing applications and managing attendance. Basis: steps prior to a contract, or legitimate interest.
• To meet legal and regulatory obligations — including responding to lawful requests. Basis: legal obligation.

We do not sell personal information, and we do not share your email for third-party marketing. We share information only in these limited circumstances:

• With service providers — vetted vendors who process data on our behalf and on our instructions (for example, email delivery, hosting, and analytics), bound by contract to protect it.
• With your consent — when you ask us to, or otherwise direct us to share it.
• For enterprise deployments — with the customer that operates the deployment, where ReasonLoom acts as their processor.
• For legal reasons — where we reasonably believe disclosure is required by applicable law, regulation, legal process, or an enforceable governmental request, or to protect the rights, safety, and property of ReasonLoom, our users, or the public.
• In a business transfer — if ReasonLoom is involved in a merger, acquisition, or sale of assets, with continued protection of your information and notice where required.

ReasonLoom is based in the European Union and our default is to keep and process personal data within the EU/EEA. Where a service provider processes data outside the EEA, we put appropriate safeguards in place — such as the European Commission’s Standard Contractual Clauses, or transfers to countries with an adequacy decision — so that your information continues to receive an equivalent level of protection.

We build security into our Services. We use encryption in transit, access controls on a need-to-know basis, tenant isolation in our products, audit logging, and ongoing review of our practices to protect information against unauthorised access, alteration, disclosure, or destruction. No system is perfectly secure, but we work continuously to reduce risk and to respond quickly if something goes wrong.

• Subscription records — kept until you unsubscribe, then removed within a reasonable period.
• Correspondence — kept for as long as needed to handle your request and for a limited period afterwards.
• Server and security logs — retained for a short rolling window, then deleted or anonymised.
• Recruitment data — kept only for the relevant hiring process, unless you agree to a longer period.

Where the law requires us to keep certain records for longer, we will retain them for that period and then delete them.

Depending on where you live, you have some or all of the following rights over your personal information:

• Access — ask what we hold about you and get a copy.
• Rectification — ask us to correct information that is wrong or incomplete.
• Erasure — ask us to delete your information where there is no overriding reason to keep it.
• Restriction and objection — ask us to limit or stop certain processing, including processing based on legitimate interests.
• Portability — receive your information in a portable, machine-readable format.
• Withdraw consent — at any time, without affecting processing already carried out.
• Unsubscribe — from updates, using the link in any message we send you.

To exercise any of these rights, write to privacy@reasonloom.com. We will respond within the time required by law. You also have the right to lodge a complaint with your local data protection authority (in Spain, the Agencia Española de Protección de Datos, www.aepd.es).

Our Services are intended for organisations and adults, and are not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.

We may update this policy from time to time. When we make a material change, we will update the date above and, where appropriate, notify subscribers. We will not reduce your rights under this policy without your explicit consent. The current version is always the one published here.

For any privacy question or request, contact our privacy team at privacy@reasonloom.com. We will work with you to resolve it.

• Personal information — information that identifies you or can reasonably be linked to you, such as your name, email, or IP address.
• Sensitive personal information — special categories such as health, biometric, or political data, which receive extra protection under law.
• Data controller — the party that decides why and how personal data is processed; for this website, ReasonLoom.
• Processor — a party that processes data on a controller’s instructions; ReasonLoom’s role for many enterprise deployments.
• Cookies — small files stored on your device that let a site remember information, such as your preferences.
• Server logs — automatically recorded details of requests to our servers, used to operate and secure the Services.
• Appropriate safeguards — legal mechanisms, such as Standard Contractual Clauses, that protect data transferred across borders.