Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains what personal data Loops House collects, how we use it, and the choices you have. We keep things minimal — we only collect what we need to run the Platform. Loops House is operated by Germina Labs GmbH, which is the data controller responsible for your personal data.

1. Who we are

The data controller is Germina Labs GmbH, Herman-Greulich-Strasse 60, 8004 Zürich, Switzerland. For any privacy question or request, contact us at contact@loops.house.

2. What we collect

Account & profile

  • Your email address (used to sign in and to send you account-related messages).
  • Your display name, and optionally a profile photo, bio, work experience, and location.
  • Optional links you choose to add, such as your GitHub, X (Twitter), or LinkedIn profile.
  • If you sign in with Google or GitHub, basic profile details those providers share with us (such as your email and name).

Your projects & submissions

  • Project details you submit — name, tagline, description, screenshots, logos, and links (repository, website, demo video).
  • Content you generate using our AI-assisted tools, such as ideation drafts.
  • If you provide a public code repository for judging, information we read from that repository to support evaluation.

Technical data

  • A login session cookie that keeps you signed in.
  • Basic technical information (such as your request data and logs) needed to operate and secure the Platform.

We don’t collect special categories of data, and we don’t ask for payment-card details on the Platform.

3. How we use your data

  • To create and manage your account and let you sign in.
  • To operate core features — submitting projects, joining hackathons, displaying galleries and project pages, and supporting judging.
  • To send you transactional emails, such as sign-in codes and invitations.
  • To provide AI-assisted features you choose to use.
  • To keep the Platform secure, prevent abuse, and fix problems.
  • To comply with our legal obligations.

4. Legal bases

Where the EU GDPR or the Swiss Federal Act on Data Protection (FADP) applies, we rely on: the performance of our contract with you (to provide the Platform); our legitimate interests (to keep the Platform secure and improve it); your consent where we ask for it (for example, optional profile details you choose to share); and compliance with legal obligations.

5. Who we share data with

We don’t sell your personal data. We share it only with service providers (“processors”) who help us run the Platform, and only as needed:

  • Supabase— authentication and database hosting.
  • Google and GitHub— optional sign-in providers, if you choose to use them.
  • Email delivery providers— to send transactional emails such as sign-in codes.
  • OpenRouter and the AI model providers it routes to— to power AI-assisted features.
  • Our hosting and infrastructure providers— including Vercel (application hosting) and our self-hosted knowledge service.

We may also disclose data if required by law, to protect our rights, or as part of a business transfer (such as a merger or acquisition).

6. Cookies

We use a small number of essential cookies— mainly to keep you signed in. We don’t currently use third-party analytics, advertising, or behavioural tracking cookies. If we introduce analytics in the future, we’ll update this policy and, where required, ask for your consent first.

7. International transfers

Some of our service providers operate outside Switzerland and the EEA (for example, in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards — such as the European Commission’s Standard Contractual Clauses and equivalent measures recognised under Swiss law — to protect your data.

8. How long we keep data

We keep your personal data for as long as your account is active and as needed to provide the Platform. If you delete your account, we’ll delete or anonymise your personal data within a reasonable period, except where we need to retain some information to meet legal obligations or resolve disputes. Note that content you published publicly (such as a submitted project page) may remain visible until it’s removed.

9. Security

We use technical and organisational measures — including access controls and encryption in transit — to protect your data. No system is perfectly secure, but we take reasonable steps to keep your information safe.

10. Your rights

Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal data, to object to or restrict certain processing, and to withdraw consent at any time. You can exercise many of these directly in your profile settings, or by contacting us at contact@loops.house.

If you’re in Switzerland, you can lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC). If you’re in the EEA, you can complain to your local data protection authority.

11. Children

Loops House isn’t intended for anyone under 16. We don’t knowingly collect data from children. If you believe a child has given us personal data, please contact us and we’ll delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we’ll update the “Last updated” date above and, where appropriate, notify you.

13. Contact us

For any privacy question or to exercise your rights, email contact@loops.house or write to Germina Labs GmbH, Herman-Greulich-Strasse 60, 8004 Zürich, Switzerland.