Legal
Privacy policy
Last updated: June 30, 2026
This Privacy Policy explains what information Loppee collects, how we use it, and the choices you have. It applies to our website, public business registry, APIs, MCP connector, and related services (the Services).
1. Who we are
Loppee operates a public business-trust registry and directory. For the purposes of this policy, Loppee is the controller of the personal information described below. Contact us at privacy@loppee.com with any privacy questions or requests.
2. Information we collect
- Account & authentication data. When you sign in we use a passwordless email "magic link." We process your email address and authentication events (such as sign-in timestamps and multi-factor status) to operate accounts.
- Business information. Business owners and authorized agents may submit business details, documents, media, and verification evidence. Some of this information is published on public Trust Cards and directory listings.
- Submissions & requests. Information you provide through forms (for example, agent-access requests, claims, reviews, or messages).
- Agent/API usage. If you use Loppee through an API key, MCP connector, or third-party agent, we process request metadata, tool/action names, scoped-key identifiers, account and business scope, rate-limit events, and audit logs needed to authenticate, authorize, and secure those requests.
- Billing, jobs, and workflow data. Paid business features may involve subscription, invoice, and checkout metadata handled by our payment processor. Job applications, resumes, customer messages, and owner replies are stored privately and made available only through scoped account or business access.
- Usage & device data. Standard server logs, including IP address, browser/user-agent, pages requested, and timestamps, used for security, abuse prevention, and analytics.
3. How we use information
- To provide, maintain, and secure the Services and your account.
- To verify businesses and publish Trust Cards and directory listings.
- To operate public agent endpoints, MCP tools, scoped API keys, rate limits, and audit logs.
- To respond to your requests, claims, and messages.
- To process billing, subscriptions, job applications, reviews, and owner workflows.
- To detect, prevent, and investigate fraud, abuse, and security incidents.
- To comply with legal obligations and enforce our Terms of Service.
4. How information is shared
Published business information (such as Trust Cards and directory listings) is, by design, publicly visible and accessible to people and to AI agents. We also share information with service providers who process data on our behalf (for example, hosting through Render, database and authentication through Supabase, email delivery through Resend/SMTP, and payment processing through Stripe), under contracts that require them to protect it. Third-party AI agents or connector clients may retrieve public registry data when they call public endpoints. We may disclose information if required by law or to protect rights, safety, and the integrity of the Services. We do not sell personal information.
5. Cookies & similar technologies
We use a small number of strictly necessary, privacy-preserving cookies and local-storage items to keep you signed in, remember your preferences (including your cookie choice), and operate core features. We do not use advertising or cross-site-tracking cookies. Because the cookies we set are strictly necessary for the Services to function, disabling them in your browser may break sign-in and other features. See the cookie notice shown on first visit for a summary.
6. Data retention
We retain information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Published business records may persist in the public registry until removed through our business-removal process. Scoped-key audit logs, moderation records, billing records, and security logs may be retained as needed to investigate abuse, prove authorization, resolve disputes, and meet legal or accounting obligations.
7. Your choices & rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. To make a request, email privacy@loppee.com. Business owners can request changes or removal of a listing through our business-removal request process.
8. Security
We use technical and organizational measures designed to protect information, including transport encryption, access controls, and multi-factor authentication for privileged accounts. No method of transmission or storage is completely secure.
9. Children's privacy
The Services are intended for businesses and adults. They are not directed to children under 13, and we do not knowingly collect personal information from them.
10. Changes to this policy
We may update this policy from time to time. We will revise the "Last updated" date above and, where appropriate, provide additional notice.
11. Contact
Questions or requests: privacy@loppee.com.