Last updated: June 2026
Quick note from us
This document explains what data we collect, why we collect it, and what you can do about it. Each section opens with a plain-language summary so kids and parents can both follow along. The full text underneath is the legally binding version.
If anything is unclear, write to us at support@loopyty.com. Our Terms explain the rules of using Loopyty. This document is only about data.
Loopyty AS
Norwegian organisation number: 933 519 708
Email for privacy questions: support@loopyty.com
We follow the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (Personopplysningsloven).
If we ever want to use your data for something not on this list, we'll ask you first.
We share data with:
These partners are data processors. They follow our instructions and have signed data processing agreements with us as required by GDPR Article 28.
We may also share data with:
We do not sell your data to advertisers.
Stripe and Google may process some data in the United States or other countries outside the EU/EEA. When that happens, we rely on one of the legal mechanisms GDPR allows:
You can ask us for a copy of the safeguards by emailing support@loopyty.com.
When data is no longer needed, we delete it or anonymise it (so it can't be linked back to you).
Under GDPR, you have the right to:
To use any of these rights, email support@loopyty.com. We'll respond within 30 days (sometimes sooner). We may ask you to confirm your identity first, so no one else can pretend to be you.
If you think we're handling your data wrongly, you can complain to Datatilsynet (the Norwegian Data Protection Authority) at datatilsynet.no, or to the data protection authority where you live.
Accounts are for grown-ups. You must be 18 or older to open and run a Loopyty account. If kids in your family want to join in — choosing toys, picking photos, writing reviews — that's the whole point of Loopyty. They should always check with home base first, and home base is responsible for what gets posted.
Children's data we may process:
Why we ask for kids' info (if you give it). To show toys that are likely to be a good fit (right age, right interests). That's it. We don't share children's information with advertisers, and we don't build profiles on kids.
Article 8 GDPR. Norway sets the age at which a child can consent to digital services at 13. Because all Loopyty accounts are held by an adult home base, this isn't usually relevant — but if we ever discover that an account is being used by someone under 18 without a home base, we'll suspend it and contact the parent or guardian.
Removing children's data. Email support@loopyty.com any time, and we'll delete any information about your kids straight away.
On our side:
Payments — Stripe. Card numbers and bank details are stored by Stripe, not by us. Stripe is certified to PCI Service Provider Level 1, the highest standard in the payments industry. Card numbers are encrypted with AES-256, and Loopyty never sees your full card number.
Hosting — Google Cloud Platform. GCP is one of the most secure cloud platforms available.
If something goes wrong. If there's a data breach likely to put you at risk, we'll notify Datatilsynet within 72 hours and notify you directly without undue delay, as the GDPR requires.
Necessary cookies keep you logged in, remember your settings, and keep the platform secure. We use these without asking — we have to, for the platform to work.
Optional cookies help us understand how Loopyty is used so we can improve it. We use Google Analytics and PostHog for this, and we only set these cookies if you've accepted them in our cookie banner. You can change your mind at any time using the "Cookie settings" link in the footer, or by clearing your browser cookies.
Session replay. With your consent, PostHog also records on-screen interactions (clicks, scrolling, navigation) so we can spot problems and improve the experience. Sensitive content — names, addresses, email and payment details — is masked and never recorded, and this data is stored in the EU.
Retention. Most cookies expire within 24 months. Session cookies disappear when you close the browser.
We follow the EU ePrivacy Directive and Norwegian electronic communications law (Ekomloven) on cookies and tracking.
We may update this policy from time to time. If a change meaningfully affects your rights or how we use your data, we'll let you know by email or in the app at least 30 days before it takes effect. Smaller wording changes will just be posted here with a new "last updated" date.
Loopyty AS
Org. no. 933 519 708
Email: support@loopyty.com
For complaints you'd rather take to a regulator: Datatilsynet — datatilsynet.no.
Thanks for trusting us with your data. We'll look after it.