Privacy Policy
Polyglot · a LoomOS application · Effective June 27, 2026
LoomOS is a suite of personal applications that help you understand your own life — your health, habits, finances, relationships, and rhythms. Polyglot is one of those applications. This policy explains what information we collect, how we use and protect it, and the choices and controls you have. It applies to Polyglot and the LoomOS platform it runs on.
Our guiding principle is simple: your data is yours. We collect it to show you insights about yourself, we never sell it, and we never use it for advertising.
1. Information we collect
- Account information. The email address you sign in with, and basic authentication metadata needed to keep your account secure.
- Wearable & health data you connect. If you connect a wearable device such as WHOOP, we access the health metrics you authorize — for example recovery, sleep, physiological cycles, workouts, profile, and body-measurement data. See the WHOOP section below.
- Information you enter. Subjective check-ins (mood, energy, clarity, and similar self-ratings), notes, symptoms, and any summaries you paste in yourself.
- Minimal technical data. Standard security and reliability logs needed to operate the service. We do not run third-party advertising or behavioral-tracking analytics on your personal data.
2. WHOOP data
If you connect your WHOOP account, you authorize Polyglot to access your WHOOP data through WHOOP’s official API using OAuth 2.0. We want to be explicit about how that data is handled:
- What we access. Read-only access to the WHOOP data scopes you grant — recovery, sleep, cycles, workouts, profile, and body measurements. We never gain the ability to modify your WHOOP account.
- How we use it. Solely to display your own metrics back to you and to generate your personal daily/weekly summaries and momentum insights. WHOOP data is used only for your benefit, within your own account.
- How we store it. WHOOP data is stored in your own rows in our database, protected by row-level security so that only your authenticated account can read it. Your WHOOP access and refresh tokens are stored server-side and are never exposed to your browser or to other users.
- What we never do. We do not sell WHOOP data, use it for advertising, share it with data brokers, or use it to build or train models for anyone other than your own experience. We do not share your WHOOP data with third parties for their own purposes.
- Revoking access. You can disconnect WHOOP at any time from within Polyglot (which deletes the stored WHOOP credentials), and you can also revoke Polyglot’s access from your WHOOP account settings. On disconnection we stop accessing your WHOOP data and delete the stored credentials; you may additionally request deletion of the WHOOP-derived data we have already stored (see Section 6).
3. How we use your information
- To provide the core service: showing you your own data, summaries, and insights.
- To generate personal exports that you choose to create (see Section 4).
- To keep your account secure and the service reliable.
- To respond to your requests and support questions.
We do not use your personal health data for advertising, and we do not sell it. Your data is processed on a per-user basis to serve you; we do not combine it with other users’ data to profile you.
4. How we share information
We do not sell your personal information. Information leaves our systems only in these ways:
- Exports you initiate. Polyglot can generate an “AI export” of your own data so you can paste it into an AI assistant of your choice (for example ChatGPT or Claude). This only happens when you choose to do it, with the data you select. Once you paste an export into a third-party tool, that tool’s own privacy policy governs what it does with it. We encourage you to review it.
- Service providers. We use infrastructure providers (for hosting, databases, and authentication) that process data on our behalf, under contracts that limit them to providing those services. They are not permitted to use your data for their own purposes.
- Legal requirements. We may disclose information if required by law or to protect the safety, rights, or security of users or the public.
5. How we protect your information
Data is encrypted in transit. Your records are isolated per user with row-level security so that only your authenticated account can access them. Third-party integration credentials (such as WHOOP tokens) are kept server-side and are never sent to the browser. No system is perfectly secure, but we take reasonable measures appropriate to the sensitivity of health data.
6. Data retention & deletion
We retain your data for as long as your account is active or as needed to provide the service. You are in control:
- Disconnect a source. Disconnecting WHOOP (or another integration) deletes the stored credentials and stops further access immediately.
- Delete your data. You may request deletion of your stored data, including data derived from connected wearables. We will delete it within a reasonable period, except where we are required to retain limited records by law.
- Delete your account. Deleting your account removes your personal data associated with it.
To make any of these requests, contact us at privacy@loom.guru.
7. Your rights & choices
Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Because LoomOS is built around showing you your own data, much of this is available to you directly in the app; for anything else, contact us and we will help. We will not discriminate against you for exercising these rights.
8. Children
Polyglot is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us information, please contact us and we will delete it.
9. International users
We may process and store your information in the United States or other countries. By using Polyglot, you understand that your information may be transferred to and processed in countries with different data-protection laws than your own.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you. Your continued use of Polyglotafter an update means you accept the revised policy.
11. Contact us
Questions, requests, or concerns about your privacy? Reach us at privacy@loom.guru.
← Back to Polyglot