Skip to content

Loom Terms & Policies

Privacy for Humans

Howdy there! 🤠

At Loom, our users’ privacy is at the core of our decision making. We provide a service that changes the way we work and allows us to be more expressive and informative in our daily work communication. Sensitive information may pass through our systems, and we don’t take that lightly.

We have created this page to show you how our systems use your data. For more information about how we use personal data, please view our Privacy Policy.

Where does my data go within Loom?

Text-based Data

Your text-based data is comprised of things like your name, notifications, password, linked accounts like Google and Slack, video names, comments, transcripts, and so on. The majority of this data is stored on an encrypted database at both rest and in-transit within AWS. This server is behind a VPC that only privileged servers have access to (such as our backend application servers). Some of this data is encrypted and sent to our caching layer where it is also encrypted at-rest. This caching layer is also behind a VPC and is additionally not accessible between data centers within AWS.

Image and Video Data

This includes your avatars, videos and thumbnails. These files are stored on our encrypted S3 buckets, which can only be accessed by certain robots and engineers within our organization who have special access.

In order to speed up delivery of your videos to your computer, we utilize our CDN. Our CDN makes use of signed URLs. The CDN URL is not your video page URL. Your video page URL stays the same no matter what, but your CDN URL is the URL that actually delivers the video content.

When we sign these CDN URLs, we have complete control over deciding to not issue a URL to someone who requests it. Basically, even if you understand where a video is located on our CDN, you will not be able to access that URL unless you have the URL signed by us. This is how our password-protected videos work. In this case, we only give you a valid signed URL to view/download if you’ve provided the proper password. An additional benefit to signed URLs is that they expire, so old links will not be usable after some amount of time and you will then need to be issued a new one to access the same content.

Where does my data go outside of Loom?

We only send data to trusted third-party systems that are subject to strict privacy and security controls. We think it’s important you understand not only what these systems are but also why we send your data to these systems. If you don’t agree with or understand our reasoning, please email us at If you do not agree with your data going to a specific system, deleting your Loom account will permanently delete all of your data from all our systems. If you participate in a Loom Business or Loom Enterprise account, only the Loom account administrator at your organization can delete your data.

For folks coming to figure out GDPR compliance, the following third-party services act as data processors for us. When we work with these service providers in our capacity as a data processor for our customers' personal data, the General Data Protection Regulation (GDPR) calls these third-party service providers a sub-processor. A subprocessor is a third party data processor engaged by Loom who may have access to or process personal data: (i) on behalf of Loom customers; (ii) in accordance with customer instructions as communicated by Loom; and (iii) in accordance with the terms of a written contract between Loom and the subprocessor.

Subscribe to an RSS feed to be notified when we add new Loom subprocessors (note: you may need to cut and paste the "Subscribe to an RSS feed" URL into an RSS Feed Reader to monitor updates).

👤 Clearbit

Location: United States

Nature of Processing: Data enrichment service

What: Clearbit is a business intelligence API. What Clearbit basically does is take your email and scrapes public web profiles (LinkedIn, Twitter, etc.) to figure out core demographic information about you. We believe this is our most obviously intrusive system, so we list it first to clear up what it does and why we use it.

  1. Pre-filling your welcome screen on-boarding to make signup easier. You can always change and update your persona or use case from this flow.
  2. Pre-filling your videos dashboard with a "How to Use Loom" folder with relevant use cases.
  3. Tying your persona to anonymous data points within our analytics dashboards so we can better understand which features of our platform are being used by different individuals and how we might build on top of these features to better serve you.

🤖 Segment

Location: United States

Nature of Processing: Data analytics distribution service

What: Segment is a data pipeline service that lets us send data to the other third-party services listed here in a standardized way and ensures this data does not get lost.

Why: Our core competency at Loom is ensuring workplace communication happens more effectively and humanely. With that being said, we’re a small team, and data pipelines certainly are not our core competency, so we let our friends at Segment do the heavy lifting in ensuring our data gets to where it needs to go (analytics services, Intercom and the like). Since this data goes to other services where we need your information (such as analytics platforms), personal data invariably gets passed through Segment.


Location: United States

Nature of Processing: Transcription service

What: allows us to automatically transcribe your videos and display the text alongside the video player. only receives audio files, and not full videos, so they can create the transcripts. stores audio files and transcripts for 24 hours, then they are automatically deleted from’s systems. Audio files and transcripts are encrypted in transit and at rest, and we make sure protects them under the same privacy and security standards that Loom has for protecting this data in its own systems.

Why: We want to continue delivering value to our users by offering an alternative way to consume and navigate video content.

💭 Intercom

Location: United States

Nature of Processing: Customer support service

What: Intercom is a messaging and marketing platform that allows us to do customer success better. This is where you’re able to chat with us from that little bubble in the bottom-right of our web pages.

Why: Intercom has drastically increased our ability to address bugs and handle requests from our users (that’s you!) over when we used to primarily use email. As a part of being able to maintain your relationship with us on this platform, we have to know who you are. We only know this once you’ve created an account, but we use this information for various debugging purposes and to send you product updates and announcements.

📈 Amplitude

Location: United States

Nature of Processing: User analytics service

What: Amplitude is our main analytics platform. It allows us to track whether a feature or product is successful in delivering impact to our users, and it lets us discover new (anonymized) trends of usage via conversion funnels, event segmentation, data pathways, retention charts, and cohort analysis.

Why: If we are going to be a platform that delivers immense value to our users, we have to constantly be innovating. At over half a million users around the world, it’s no longer feasible for us to do user interviews and conduct surveys with all of our users. We need a way to see trends in usage on our products to understand if they're loved or hated, and then we swiftly nix things that don’t deliver value.

☎️ Zendesk

Location: United States

Nature of Processing: Customer support service

What: Zendesk is our customer support ticketing system. It allows us to help track, prioritize, and solve customer support interactions.

Why: Zendesk has helped us nurture customer relationships with personalized, responsive support. It also allows us to have tool which centralizes customer support request and inquiries to ensure our customers receive the best response.

📊 Google Analytics

Location: United States

Nature of Processing: Data analytics service

What: Google Analytics is an analytics platform that more uniquely gives us certain nice-to-have "vanity" analytics and serves as a good place for understanding where on the web our users are coming from.

Why: It’s good to know where our users are finding us so we can promote our product more with those partners and channels or figure out whether there are tangential products that should be introduced to our platform.

🐦 Sentry

Location: United States

Nature of Processing: Error logging service

What: Sentry is used as our error logging platform. When you get an error, we get it too so we can better fix these bugs as soon as possible.

Why: No one likes bugs! Data sent to Sentry includes IP address and your Loom ID and no other personal information. We grab your IP to get a general location the error is happening in and potentially pin-down bugs that have to do with timezones. We send your user ID so we can more quickly search and diagnose issues surfaced by our users in our customer support panel (Intercom). Your user ID does not reveal any other personal information to the engineer investigating the issue.

Who has access to what within Loom?

Our non-technical team members have access to Intercom, which allows every person at Loom to be able to do customer support. Over time, this will become more restricted as we scale up the team to only be customer support individuals.

Our technical team can be granted temporary access to our servers, video and thumbnail storage layers. This is only for debugging or development purposes. Each engineer has a unique key that identifies them within our systems. All actions are logged for 6 years. If their key is compromised, we have an instantaneous way of expiring that key, checking if their key was used by an outsider, and processes to remedy such situations and alert the affected user base. So far, this has never happened in Loom's history, and we’re very proud of that.

How can I export my data?

Videos: You can export all of your video data by downloading each individual video.

Text-based Data: Your user information, folders and video metadata, comments, comment replies, and emoji reactions can be exported using the "Get my Data" button in your account settings.

If you ever want to delete your data, deleting your account will permanently delete all of your data off our systems.

Useful Vocabulary

🔒 Encrypted

Encryption is a process where data is scrambled with a specific secret that only a select few have. If this data is stolen, it cannot be understood unless the stealer has the proper secret. All of your personally-identifiable data (videos, images and text) are encrypted at-rest and in-transit across all systems.

🏃 In-transit

Your data is being sent from one location to another (usually one server/computer to another)

🛌🏾 At-rest

Your data is physically being stored on a device (usually a server)

🕳️ S3 Bucket

This is where we store larger (usually media) files such as images and videos

⚡ Cache Layer

A group of servers that uses faster storage for the purpose of being able to retrieve it faster

🤝 Database

This is a server that stores data that relates to one another. In other words, this is where we can query to answer questions like: "what is a user?", "does a user own one or many videos?", "could you get me a list of all of this user's comments?"


A firewall that blocks access to a server or group of servers only to users/robots that have the proper permissions


A CDN (Content Delivery Network) is a network of computers around the world whose purpose is to store data as close as possible to the downloader to speed up delivery of media.


Short for Amazon Web Services. This is the cloud provider we use at Loom that allows us to rent storage and compute capacity from their data centers.

If you have any questions about privacy at Loom, we are here to help. Email us at