Last updated: May 12, 2026 | Effective: May 12, 2026
AIM Elemental Health Solutions, Inc. ("LoomProof," "we," "our," or "us") operates the LoomProof™ content protection platform. This Privacy Policy explains how we collect, use, and protect information when you use LoomProof.
What LoomProof is: LoomProof is a content protection and membership validation platform. We verify that a user has a valid subscription before allowing them to access digital content (PDFs, downloads). We do not know what is inside the content you protect — we only verify who can access it, when, and how many times.
1. Information We Collect
1.1 Information you provide
- Account information: Email address, name — collected when you register as a content creator or subscriber on LoomProof.
- Content creator profile: If you offer protected content, you provide a Payee name, business name, and Stripe account information (processed directly by Stripe — we do not store payment card data).
- Protected content metadata: You provide document titles, descriptions, and access rules (device limits, expiration, download limits) for each piece of content you protect.
1.2 Information collected automatically — download tokens
When a subscriber downloads a protected document, the following information is stored in our database:
- User identifier: The email address associated with the subscriber's account.
- Document identifier: The ID of the protected document downloaded.
- Download token: A unique token (format:
lp_dl_XXXXXXXX...) generated at download time and stored to verify subsequent access.
- Validation metadata: Number of uses remaining, expiration date, total validation count, last validated timestamp.
- IP address: Collected at download time for fraud prevention and terms enforcement.
What we do NOT collect: We do not collect the content of your PDFs, documents, or digital products. We do not scan, index, or process the content of protected materials. We do not know what your content contains.
1.3 Information collected automatically — extension and site usage
- LoomProof Browser Extension: The extension operates locally in your browser. It intercepts download requests to protected content and validates them against the LoomProof API. The extension does not collect browsing history, form inputs, or page content.
- API usage: We log API calls (endpoint, timestamp, IP) for abuse detection, fraud prevention, and service monitoring. These logs are retained for 30 days.
2. How We Use Information
- Provide the service: Generate and validate download tokens, enforce device limits and expiration, process Stripe billing, send download receipts.
- Security and fraud: Detect and block unauthorized sharing, credential sharing, and token abuse.
- Support: Use your email to respond to support requests.
- Product improvement: Aggregate, de-identified usage statistics to understand how content protection features are used. Individual users cannot be identified from these statistics.
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
3. Data Architecture
| Data Type |
Storage Location |
Notes |
| Subscriber email / account |
LoomProof database |
Encrypted at rest |
| Download tokens |
LoomProof database |
Retained until expiry + 30 days |
| Document content |
⚠️ NOT stored by LoomProof |
Your content stays on your own hosting |
| Payment / card data |
Stripe (not LoomProof) |
PCI-compliant Stripe infrastructure |
| API access logs |
LoomProof infrastructure |
30-day retention |
| PHI / health information |
❌ Not collected |
LoomProof does not process PHI |
HIPAA note: LoomProof does not knowingly process protected health information (PHI). Our system observes only that "User@example.com accessed Document X at time T" — we do not know what is inside Document X. If you protect health-related content (e.g., medical guides, therapy worksheets) and your subscribers submit PHI as part of their membership content, you are responsible for ensuring your content hosting and distribution complies with HIPAA. Contact
privacy@signalloomai.com to discuss enterprise BAA arrangements if needed.
4. Data Retention
- Download tokens: Retained until the token expires, then deleted within 30 days.
- Subscriber accounts: Retained for the duration of the subscription plus 90 days after cancellation.
- API access logs: Retained for 30 days for abuse detection.
- Content creator payout data: Retained for 7 years per financial record-keeping requirements.
5. Third-Party Services
6. Security
Download tokens are generated using cryptographically secure random generation (128-bit entropy). Tokens are stored using one-way hashing in our database. API access is encrypted in transit over TLS 1.2+. We maintain access controls, monitor for unauthorized access, and conduct periodic security reviews.
7. Cookies
LoomProof uses essential session cookies to maintain authenticated user sessions for content creators. We do not use tracking or advertising cookies. Download tokens are stored in our database, not in cookies.
8. Children's Privacy
LoomProof is a business product for content creators and subscribers. It is not directed at individuals under 18. We do not knowingly collect information from children.
9. International Users
LoomProof is operated from the United States. If you access the service from outside the US, you consent to the transfer of your data to the United States in accordance with this policy.
10. Your Rights
You may at any time request access to, correction of, or deletion of your personal information. Contact privacy@signalloomai.com. We respond to all legitimate requests within 30 days.
11. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated via email to active subscribers and posted on this page with an updated effective date.
12. Contact
AIM Elemental Health Solutions, Inc.
Email: privacy@signalloomai.com
Website: signalloomai.com