Privacy Policy
Last Updated: March 28, 2026
Member Loop, LLC d/b/a CopyLoop (“CopyLoop,” “we,” “us,” or “our”), provides a brand voice intelligence and email marketing platform that enables businesses to generate on-brand content, manage email campaigns, and integrate with customer relationship management systems. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our platform, websites, and related services (collectively, the “Services”).
1. Scope
This Privacy Policy applies to individuals who create accounts on the CopyLoop platform, including workspace owners, administrators, members, and viewers (collectively, “Users” or “you”). It covers the personal information we collect and process about Users in connection with your use of the Services.
This Privacy Policy does not apply to Contact Data. When our customers upload, import, or collect contact information (such as email addresses, names, or other data about their own customers, leads, or recipients) into the Services (“Contact Data”), we process that data as a data processor on behalf of our customers. The processing of Contact Data is governed by our Data Processing Agreement (“DPA”) and the privacy policy of the applicable customer, not this Privacy Policy. If you are a recipient of emails sent through the CopyLoop platform by one of our customers, please refer to that customer’s privacy policy for information about how your data is handled.
2. Information We Collect
The types of personal information we collect depend on how you interact with the Services.
2.1 Information You Provide to Us
We collect information you provide directly when you create an account, configure your workspace, use the Services, or communicate with us, including:
- Account Information. Your name, email address, password, company name, and job title.
- Billing Information. Payment method details necessary to process your subscription. Payment processing is handled by Stripe, Inc. We do not store credit card numbers, CVVs, or full payment card details on our systems. For more information, see Stripe’s privacy policy at https://stripe.com/privacy.
- Content You Upload. Documents (PDF, DOCX, TXT) that you upload for brand voice learning, text you input into the content generation features, and email content you create using the platform.
- Communication Data. Information you provide when you contact us for customer support, submit feedback, respond to surveys, or otherwise communicate with us.
- Integration Credentials. OAuth tokens and authentication credentials for third-party services you connect to the platform, such as Salesforce or HubSpot CRM integrations. These credentials are encrypted at rest using AES-256-GCM envelope encryption.
2.2 Information We Collect Automatically
When you access or use the Services, we automatically collect certain information, including:
- Usage Data. Information about how you use the Services, including features accessed, pages viewed, actions taken (such as content generated, campaigns created, and documents uploaded), session duration, interaction patterns, and session recordings (clicks, scrolls, and navigation — text content and form inputs are masked).
- Device and Connection Data. Your IP address, browser type and version, operating system, device type, device identifiers, and referring URL.
- Authentication Data. Session tokens, login timestamps, and login history for security and account protection purposes.
2.3 Information from Cookies and Similar Technologies
We use cookies and similar technologies to collect information about your interactions with the Services. See Section 9 (“Cookies and Tracking Technologies”) for more detail.
2.4 Information from Third-Party Sources
We may receive information about you from third-party services that you integrate with the platform, such as CRM systems (Salesforce, HubSpot). This information is limited to what is necessary to provide the integration functionality you have authorized.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and Maintain the Services. To operate, deliver, and improve the platform, process your requests, manage your account and workspace, and provide the features you use, including AI-powered content generation, email campaign management, and CRM integration.
- Process Payments. To process subscription payments, send transaction-related information such as purchase confirmations and invoices, and manage billing.
- Send Transactional Communications. To send you account notifications, security alerts, password reset emails, workspace invitations, and other service-related messages necessary for the operation of the Services.
- Improve and Develop the Services. To understand how Users interact with the Services, identify usage trends, diagnose technical issues, and improve platform performance and functionality. We use PostHog for product analytics.
- Monitor Errors and Performance. To detect, investigate, and resolve errors, bugs, and performance issues. We use Sentry for error monitoring and reporting.
- Provide Customer Support. To respond to your requests, troubleshoot problems, and provide technical assistance.
- Ensure Security. To detect, prevent, and address fraud, unauthorized access, and other security incidents, and to protect the rights, property, and safety of CopyLoop, our Users, and others.
- Send Marketing Communications. To send you information about new features, product updates, and other communications that may be of interest to you. You may opt out of marketing communications at any time (see Section 8).
- Comply with Legal Obligations. To comply with applicable laws, regulations, legal processes, and governmental requests.
We do not use the content you upload or generate through the Services to train general-purpose AI models. Content you provide is used solely to deliver the Services to you, including brand voice learning within your workspace.
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1 Service Providers
We share information with third-party service providers who perform services on our behalf. These providers are contractually obligated to use your information only as necessary to provide services to us and are bound by confidentiality obligations. Our key service providers include:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, hosting, email sending (SES), document storage (S3) | All data processed through the Services |
| Stripe | Payment processing | Billing and payment information |
| Anthropic | AI content generation (Claude) | Content prompts and context provided during generation |
| Voyage AI | Text embeddings for content search and brand voice | Uploaded document text and content excerpts |
| Qdrant | Vector database for content similarity | Vector representations of content (not raw text) |
| PostHog | Product analytics | Usage data, device data (pseudonymized) |
| Sentry | Error monitoring | Error logs, device data, session data |
| Cloudflare | SSL and request proxying for email tracking domains | IP addresses, click tracking data |
| Firecrawl | Web page crawling for document processing | URLs and web page content provided for processing |
4.2 Legal Requirements
We may disclose your information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our agreements, including our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of CopyLoop, our Users, or the public.
4.3 Business Transfers
In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business to another company, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the Services of any such change in ownership or control of your personal information.
4.4 With Your Consent
We may share your information with third parties when you have given us your explicit consent to do so, or at your direction (for example, when you enable a third-party integration).
4.5 Aggregated or De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you.
5. Data Security
We implement and maintain appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption in Transit. All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
- Encryption at Rest. Data stored on our infrastructure is encrypted at rest. Integration credentials (such as CRM OAuth tokens) are encrypted using AES-256-GCM envelope encryption with separate key encryption keys (KEK) and data encryption keys (DEK).
- Multi-Tenant Isolation. Our platform enforces strict workspace-level data isolation through PostgreSQL Row-Level Security (RLS) policies. Each workspace’s data is logically separated at the database level, preventing cross-tenant data access.
- Access Controls. We employ role-based access controls, requiring authentication for all platform access and restricting internal access to personal information to authorized personnel on a need-to-know basis.
- Infrastructure Security. Our Services are hosted on AWS infrastructure, which maintains industry-standard security certifications and compliance programs.
No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Services. Specifically:
- Active Account Data. We retain your account information, usage data, and associated content for the duration of your active subscription.
- After Account Termination. Following the termination or cancellation of your account, we will delete or anonymize your personal information within ninety (90) days, except as described below.
- Extended Retention. We may retain certain information beyond the 90-day period where necessary to: (a) comply with legal or regulatory obligations (such as tax, accounting, or audit requirements); (b) resolve disputes; (c) enforce our agreements; or (d) as otherwise permitted by applicable law.
- Backup and Log Data. Backup copies and system logs may be retained for a limited additional period consistent with our backup retention schedules and will be deleted in the ordinary course.
7. Your Rights
Depending on your location and applicable law, you may have the following rights with respect to your personal information:
- Right of Access. You may request confirmation of whether we process your personal information and obtain a copy of that information.
- Right to Correction. You may request that we correct inaccurate or incomplete personal information.
- Right to Deletion. You may request that we delete your personal information, subject to certain exceptions.
- Right to Data Portability. You may request a copy of your personal information in a structured, commonly used, and machine-readable format.
- Right to Object. You may object to our processing of your personal information in certain circumstances, including processing based on legitimate interests.
- Right to Restrict Processing. You may request that we restrict the processing of your personal information in certain circumstances.
- Right to Withdraw Consent. Where we process your personal information based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at privacy@copyloop.com. We will respond to your request in accordance with applicable law. We may need to verify your identity before fulfilling your request. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority (see Sections 12 and 13).
8. Your Choices
8.1 Account Information
You may update, correct, or delete certain account information at any time by logging into your account and accessing your account settings. If you wish to delete your account entirely, please contact us at privacy@copyloop.com.
8.2 Marketing Communications
You may opt out of receiving marketing communications from us by clicking the “unsubscribe” link in any marketing email or by contacting us at privacy@copyloop.com. Even if you opt out of marketing communications, we will continue to send you transactional and service-related messages necessary for the operation of your account.
8.3 Cookies
You may manage your cookie preferences as described in Section 9 below.
9. Cookies and Tracking Technologies
9.1 Cookies We Use
We use the following categories of cookies and similar technologies:
- Essential Cookies. These cookies are necessary for the operation of the Services, including authentication session management, CSRF protection, and workspace context. You cannot opt out of essential cookies as the Services cannot function without them.
- Analytics Cookies. We use PostHog to collect analytics data about how Users interact with the Services, including page views, clicks, navigation patterns, and session recordings. Session recordings capture your interactions with the platform (such as clicks, scrolls, and page navigation) to help us identify usability issues and improve the experience. Text content and form inputs are masked in session recordings and are not captured. PostHog also provides error tracking to help us detect and resolve bugs. You may opt out of analytics cookies through your account settings or browser controls. If your browser sends a Do Not Track signal, we honor it.
9.2 Cookies We Do Not Use
We do not use third-party advertising cookies, social media tracking pixels, or cross-site behavioral advertising technologies on the Services.
9.3 Browser Controls
Most web browsers allow you to manage cookie preferences through browser settings. You may set your browser to refuse cookies or to alert you when cookies are being sent. Please note that disabling essential cookies may impair the functionality of the Services.
10. International Data Transfers
CopyLoop is based in the United States, and the Services are hosted on AWS infrastructure in the US-East-1 (Northern Virginia) region. Your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.
If you are located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or Switzerland, your personal information may be transferred to countries that have not been deemed to provide an adequate level of data protection by the European Commission or other relevant authorities. In such cases, we rely on appropriate safeguards to ensure the lawful transfer of your data, including:
- Standard Contractual Clauses (SCCs). We enter into Standard Contractual Clauses approved by the European Commission with service providers and partners that process personal information on our behalf outside of the EEA.
- UK International Data Transfer Agreement or Addendum. For transfers from the UK, we rely on the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs, as applicable.
You may request a copy of the applicable transfer safeguards by contacting us at privacy@copyloop.com.
11. Children’s Privacy
The Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you believe that a child under 18 has provided us with personal information, please contact us at privacy@copyloop.com.
12. Additional Information for California Residents
If you are a California resident, you have certain rights under the California Consumer Privacy Act (“CCPA,” Cal. Civ. Code Section 1798.100 et seq.), as amended by the California Privacy Rights Act (“CPRA”).
12.1 Categories of Personal Information Collected
In the preceding twelve (12) months, we have collected the following categories of personal information as defined under the CCPA:
- Identifiers. Such as name, email address, account name, IP address, and unique personal identifiers.
- Commercial Information. Such as records of products or services purchased or subscription history.
- Internet or Other Electronic Network Activity Information. Such as browsing history, search history, and information regarding interactions with the Services.
- Professional or Employment-Related Information. Such as company name and job title.
- Inferences. Drawn from the above categories to create a profile reflecting your preferences and usage characteristics.
12.2 How We Use Personal Information
We use these categories of personal information for the business and commercial purposes described in Section 3 (“How We Use Your Information”).
12.3 Disclosure of Personal Information
We disclose personal information to the categories of service providers described in Section 4 (“How We Share Your Information”) for the business purposes of providing, maintaining, and improving the Services.
12.4 No Sale or Sharing of Personal Information
We do not “sell” your personal information as that term is defined under the CCPA. We do not “share” your personal information for cross-context behavioral advertising purposes.
12.5 Your California Privacy Rights
As a California resident, you have the right to:
- Know and Access. Request information about the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we have shared your information.
- Delete. Request deletion of your personal information, subject to certain exceptions.
- Correct. Request correction of inaccurate personal information.
- Non-Discrimination. Exercise your privacy rights without receiving discriminatory treatment.
To exercise these rights, please contact us at privacy@copyloop.com. We will verify your identity before fulfilling your request by confirming information associated with your account.
12.6 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. If you use an authorized agent, we may require proof that the agent is authorized to act on your behalf and may still require you to verify your identity directly.
12.7 Retention
We retain personal information for the periods described in Section 6 (“Data Retention”).
13. Additional Information for EEA, UK, and Swiss Residents
If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional provisions apply.
13.1 Data Controller
The data controller for the processing of your personal information under this Privacy Policy is:
Member Loop, LLC d/b/a CopyLoop
439 US Route 1, Suite A, York, ME 03909, USA
Email: privacy@copyloop.com
13.2 Legal Bases for Processing
We process your personal information on the following legal bases:
- Performance of a Contract. Processing necessary to provide the Services to you in accordance with our Terms of Service, including account management, service delivery, and payment processing.
- Legitimate Interests. Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include improving and developing the Services, understanding usage patterns through analytics, ensuring platform security, and communicating with you about the Services.
- Consent. Processing based on your freely given consent, such as sending marketing communications or placing non-essential cookies. You may withdraw your consent at any time.
- Legal Obligation. Processing necessary to comply with our legal obligations under applicable laws and regulations.
13.3 Data Subject Rights
In addition to the rights described in Section 7, EEA, UK, and Swiss residents have the right to:
- Lodge a complaint with a supervisory authority. If you are in the EEA, you may contact your local data protection authority (a list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en). If you are in the UK, you may contact the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/. If you are in Switzerland, you may contact the Federal Data Protection and Information Commissioner at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
We encourage you to contact us at privacy@copyloop.com before filing a complaint with a supervisory authority so that we may attempt to resolve your concern.
13.4 Data Protection Contact
For questions or concerns regarding our processing of your personal information, or to exercise your data protection rights, please contact us at privacy@copyloop.com.
14. Third-Party Websites and Services
The Services may contain links to third-party websites, services, or integrations that are not owned or controlled by CopyLoop. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Services.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. If we make material changes, we will notify you by email (sent to the email address associated with your account) or by posting a prominent notice within the Services prior to the change becoming effective. We will also update the “Last Updated” date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Member Loop, LLC d/b/a CopyLoop
439 US Route 1, Suite A, York, ME 03909, USA
Email: privacy@copyloop.com
Website: https://copyloop.com