Privacy Policy
Loopify.pro · Serhii Hrytsyshyn, Poland · Last updated: March 2026
Contents
1Data Controller
Loopify (loopify.pro) is operated by Serhii Hrytsyshyn, an individual based in Poland. This Privacy Policy explains how we collect, use, and protect your personal data when you use our 24/7 YouTube streaming service.
For all privacy-related enquiries: support@loopify.pro
2What Data We Collect
| Data Type | Description | Purpose |
|---|---|---|
| Email address | Provided at registration | Login, notifications, password recovery |
| Username | Chosen by you or imported from Google OAuth | Account identification |
| Password | Hashed using scrypt — never stored in plain text | Authentication |
| IP address | Logged on login and API requests | Security, abuse prevention |
| YouTube stream keys | Stored server-side, transmitted via RTMPS to YouTube | Delivering the streaming service |
| Google OAuth data | Email, name, YouTube channel ID (when signing in with Google) | Authentication and streaming integration |
| Payment references | Transaction IDs from Monobank / CryptoBot / Paddle. No card numbers are ever stored. | Subscription confirmation, accounting |
| Telegram Chat ID | Only if you connect the Telegram bot | Stream notifications, support |
| Language preference | Browser language or selected language | Interface localisation |
We do not collect: credit card numbers, plain-text passwords, video content (stored solely for streaming to your channel), geolocation, or behavioural analytics.
3Legal Basis for Processing
- Contract performance (Art. 6(1)(b) GDPR): email, username, stream keys, payment references — required to deliver the service you subscribed to.
- Legitimate interest (Art. 6(1)(f) GDPR): IP addresses, server logs — to maintain security and prevent abuse.
- Consent (Art. 6(1)(a) GDPR): marketing emails — only where you have given explicit consent. You may withdraw consent at any time by emailing support@loopify.pro.
4Third-Party Processors
| Processor | Role | Location |
|---|---|---|
| Brevo (Sendinblue) | Email delivery (notifications, password reset) | France / EU |
| Monobank | Payment processing (Ukrainian users) | Ukraine |
| Google / YouTube | OAuth authentication, streaming API | USA (EU-US Data Privacy Framework) |
| Hetzner Online GmbH | Server hosting and data storage | Falkenstein, Germany / EU |
| CryptoBot / Telegram | Cryptocurrency payments | UAE |
| ImprovMX | Email forwarding | EU |
| Paddle.com | Global payment processing (Merchant of Record) | United Kingdom / EU |
We do not sell, rent, or share your personal data with third parties for advertising or profiling purposes.
5Data Storage Location
All account data and videos are stored on a dedicated Hetzner server in Falkenstein, Germany, within EU jurisdiction. Backups are stored on the same server. We do not use cloud storage outside the EU for core user data.
6Retention Periods
- Account data: retained while the account is active, plus 30 days after a deletion request is received.
- Payment records: 7 years as required by accounting and tax law.
- Server logs (IP, errors): 90 days.
- Stream logs: 30 days.
- Videos: retained until you delete them or close your account.
7Your Rights under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain a copy of the personal data we hold about you.
- Right to rectification (Art. 16): correct inaccurate or incomplete data.
- Right to erasure (Art. 17): request deletion of your data ("right to be forgotten").
- Right to restriction (Art. 18): limit the way we use your data.
- Right to data portability (Art. 20): receive your data in a machine-readable format.
- Right to object (Art. 21): object to processing based on legitimate interest.
- Withdraw consent: opt out of marketing communications at any time.
To exercise any of these rights, email support@loopify.pro. We will respond within 30 days as required by GDPR.
8International Transfers
Google / YouTube (USA): data transfers are covered by the EU-US Data Privacy Framework, adopted by European Commission Adequacy Decision of 10 July 2023.
CryptoBot / Telegram (UAE): payment data is processed only when you explicitly choose to pay with cryptocurrency. Only technically necessary data is transmitted to complete the transaction.
All other processors are located within the EU. No other international transfers take place.
9Cookies
We use essential cookies only. We do not use analytics, advertising, or tracking cookies of any kind.
| Cookie | Purpose | Expires |
|---|---|---|
| session | Keeps you logged in | When browser closes |
| lang | Remembers your language preference | 1 year |
| cookie_consent | Remembers that you acknowledged this notice | 1 year |
10Children, Breach Notification, Changes & Contact
Minimum age: Loopify is intended for users aged 16 and over, in accordance with Art. 8 GDPR. If you become aware that a child under 16 has registered an account, please contact us at support@loopify.pro immediately.
Data breach notification: In the event of a data breach likely to result in risk to your rights and freedoms, we will notify affected users within 72 hours as required by Art. 33 GDPR.
Changes to this policy: We will notify you of material changes by email at least 30 days before they take effect. The "Last updated" date at the top of this page will be revised accordingly.
Supervisory authority: You have the right to lodge a complaint with your local data protection authority. In Poland, this is the UODO (Urząd Ochrony Danych Osobowych — uodo.gov.pl). In other EU countries, please contact your national DPA.
Contact: All privacy requests should be sent to support@loopify.pro.