Free to try, no signup·Your card opens animated on their phone

LoopJoyloopjoy

Browse occasions

BirthdayAnniversaryThank youCongratsGraduationHolidayBaby showerJust because

More

How it worksTemplatesPricingFAQ
Sign inMake a card

Privacy Policy

Effective date: June 18, 2026

LoopJoy (“LoopJoy,” “we,” “us,” or “our”) is operated by Riso Development LLC (“Riso Development”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices and rights you have. It applies to the LoopJoy website and service at tryloopjoy.com (the “Service”).

1. Who we are (data controller)

Riso Development LLC is the controller of personal data processed through the Service. You can reach us at contact@tryloopjoy.com or by mail at 4103 Rafia Drive, Naples, FL 34119, USA.

2. Information we collect

Information you provide

  • Account data: name, email address, and a hashed password (we never store plaintext passwords).
  • Card content: recipient names, your written messages, optional memories, photos you upload, and signatures.
  • Recipient delivery details: the email address or phone number you ask us to deliver a card to.
  • Contacts you add: names, emails, phone numbers, birthdays, relationships, and notes.
  • Payment information: processed by Stripe. We store a Stripe customer ID and payment/subscription metadata, but never your full card number.

Information collected automatically

  • Card view analytics: a salted, irreversible hash of the viewer’s IP address and the browser user-agent, used to de-duplicate view counts.
  • Authentication cookies needed to keep you signed in.

Information about third parties you provide

When you add contacts or send a card, you provide personal data about other people. You are responsible for ensuring you have a lawful basis to share that information with us, and that the recipient is willing to receive cards by email or SMS.

3. How we use your information

  • To create, render, schedule, and deliver your cards.
  • To generate AI-assisted message suggestions (see “AI features” below).
  • To process payments and manage subscriptions.
  • To send transactional email/SMS (delivery notifications, replies, password resets).
  • To operate, secure, and improve the Service and prevent abuse.
  • To comply with legal obligations.

4. Legal bases (EEA/UK users)

We process data to perform our contract with you (providing the Service), based on your consent (e.g., optional features), for our legitimate interests (security, service improvement), and to comply with legal obligations.

5. AI features

We use OpenAI to generate and rewrite card copy from the inputs you choose to provide. Those inputs are sent to OpenAI for processing. Under OpenAI’s API data policy, inputs and outputs submitted through the API are not used to train OpenAI’s models and are retained only briefly for abuse monitoring. We instruct the model not to fabricate facts, but you are responsible for reviewing generated text before sending.

6. Sub-processors and sharing

We share data with service providers who process it on our behalf:

  • Neon (database hosting)
  • Vercel (application hosting)
  • Stripe (payments)
  • OpenAI (AI message generation)
  • Resend (email delivery)
  • Twilio (SMS delivery)
  • Cloudinary (image storage)

We do not sell your personal information. We may disclose data if required by law or to protect our rights, users, or the public.

7. International transfers

We are based in the United States and our providers may process data in the US and elsewhere. Where required for transfers out of the EEA/UK, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

8. Data retention

We keep your account data while your account is active. Cards, contacts, and related records are retained until you delete them or close your account. View-analytics hashes are retained for up to 24 months. After account deletion we remove your personal data within 30 days, except where retention is legally required (e.g., payment records, which we retain for up to 7 years to meet tax and accounting obligations).

9. Your rights

Depending on where you live (e.g., under GDPR or CCPA/CPRA), you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain processing. You can export your data and delete your account at any time from Settings, or contact contact@tryloopjoy.com. We will not discriminate against you for exercising these rights.

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of “sharing.” We do not sell personal information.

10. Security

We use encryption in transit, hashed passwords, signed uploads, and access controls. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.

12. Changes

We may update this Policy. We will post the new effective date and, for material changes, provide additional notice.

13. Contact

Riso Development LLC
4103 Rafia Drive, Naples, FL 34119, USA
contact@tryloopjoy.com