Resin Logo
Resin

Privacy Policy

Last Updated: March 17, 2026

Company: LoopLess LLC, State of Illinois, United States

This Privacy Policy explains how Resin ("we," "us," "our," or "LoopLess LLC") collects, uses, and discloses your information when you use our web application, iOS application, Chrome browser extension, and related services (collectively, the "Services"). By using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Services.

1. Information We Collect

1.1 Account Information

When you create a Resin account, we collect your email address, authentication credentials, and basic profile information (name, timezone, avatar). This information is securely stored in our database via Supabase and is used to authenticate and identify you across all Resin platforms (web, iOS app, and Chrome extension).

1.2 Notes, Plans, and Personal Content

You can create notes, plans, and tasks within Resin. This content is stored on our servers in your user account and is encrypted in transit. We access this data only to:

  • Display your content across platforms (web, iOS, and extension)
  • Process AI-powered features (with your explicit consent)
  • Enable note sharing with friends
  • Generate mind maps and connections between notes
  • Maintain backups for data integrity

1.3 Focus and Blocking Data

The iOS app integrates with Apple's Screen Time framework to block apps and websites during focus sessions. The Chrome extension helps you stay focused by managing website access. We collect:

  • Focus session schedules and durations
  • Apps and websites you've configured for blocking (scheduling preferences only)
  • Session completion status and achievements
  • Focus automation preferences and recurring schedules

Important for iOS: The iOS app uses Apple's Screen Time framework for blocking. We do NOT have access to your device's screen time data, installed apps list, or browsing history. Apple handles all app/website blocking through its native APIs. We only store your blocking preferences and schedules in our database.

This data is used exclusively to manage your focus sessions and is not shared with third parties except Apple (for Screen Time API integration only).

1.4 Device and Push Notification Information

To send you notifications and enable cross-platform sync, we collect:

  • iOS: Apple Push Notification Service (APNS) tokens
  • Chrome Extension: Browser instance identifiers
  • Device platform (iOS, Web, Chrome), device type, and last active timestamp
  • Device model and OS version (for compatibility)

We use this information to deliver timely notifications and coordinate data synchronization between your devices.

1.5 Calendar Integration Data

When you authorize Resin to access your Google Calendar, we collect OAuth refresh tokens to enable:

  • Syncing your focus sessions and plans to your calendar
  • Reading calendar events to avoid scheduling conflicts
  • Creating calendar entries for focus blocks and amber sessions

You can revoke this access at any time in your account settings. We store your refresh token securely and only use it to sync calendar data on your behalf.

1.6 Usage and Analytics

We collect limited, aggregated usage information to understand how you use Resin and improve our Services:

  • Features you use most frequently
  • Focus session counts and total focus minutes (aggregated)
  • Streak data (consecutive days of focus activity)
  • Reward and achievement progress
  • Session completion rates and error reports

This data is aggregated and anonymized to protect your privacy. We do NOT track your individual browsing history, websites visited outside of blocking sessions, or personal app usage.

1.7 Social and Collaborative Data

You can optionally share notes with friends and build connections:

  • Friend connections and relationship data
  • Shared notes and collaborative plans
  • Mind map connections between your notes
  • Friend emails (only when you invite them)

Only notes and connections you explicitly choose to share are visible to other users. You maintain full control over what you share.

1.8 iOS-Specific Data (App Store Compliance)

The Resin iOS app requests the following permissions for legitimate purposes:

  • Screen Time API: To enable app and website blocking during focus sessions (via Apple's native framework)
  • Calendar Access: To sync focus sessions and plans to your calendar and check for scheduling conflicts
  • Notifications: To send push notifications for focus reminders and session updates

We do NOT request or collect: location data, contacts, photos library, microphone, camera, health data, or any other sensitive permissions beyond those listed above.

2. How We Use Your Information

  • Service Delivery: Provide, maintain, and improve the Services
  • Communication: Send notifications, updates, and responses to your inquiries
  • Personalization: Customize your experience across devices (focus presets, themes, schedules)
  • AI Features: Process your content through AI services (DeepSeek, Google Gemini) only with your explicit consent
  • Data Synchronization: Sync your data across web, iOS, and Chrome extension
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Comply with applicable laws and regulations
  • Service Improvement: Analyze aggregated usage patterns to improve features

Data Minimization: We collect only the minimum information necessary to provide our Services. We do NOT sell, share, or monetize your personal data in any way.

3. Third-Party Services and Data Sharing

Resin integrates with third-party services. We share only the necessary information:

  • Supabase: For authentication, database storage, and hosting (SOC 2 certified)
  • Apple APNS: For iOS push notifications (device tokens only, no personal data)
  • Apple Screen Time API: For managing app/website blocking (data remains on-device)
  • Google Calendar API: Your calendar OAuth tokens (encrypted, used only for sync)
  • DeepSeek & Google Gemini: Your notes and content (only when you explicitly request AI processing)

We do NOT:

  • Sell, rent, lease, or monetize your personal information to third parties
  • Share your data with advertisers or marketing companies
  • Use your data for behavioral advertising or targeting
  • Share your blocking preferences or focus data with any third party (except Apple's native APIs)
  • Track you across other websites or services

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (HTTPS/TLS 1.2+)
  • Encryption at rest for sensitive data
  • Secure password handling via Supabase Auth (bcrypt hashing)
  • Regular security audits and penetration testing
  • Limited access to personal data by authorized personnel only (principle of least privilege)
  • Database firewalls and DDoS protection
  • Secure OAuth implementation for third-party integrations

While we strive to protect your information, no security system is impenetrable. We are not liable for unauthorized access to your account due to your own negligence or compromised credentials.

5. Your Rights and Controls

You have the following rights regarding your information:

  • Access: View all your personal data stored in Resin via your account settings
  • Correction: Update or correct your account information
  • Deletion: Request deletion of your account and all associated data
  • Opt-Out: Disable notifications and data sharing features in settings
  • Portability: Request your data in a portable format (JSON/CSV)
  • Revoke Access: Revoke third-party integrations (Google Calendar, etc.) at any time

To exercise these rights, contact us at crew@looplessapp.com. We will respond to your request within 30 days.

6. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. If you delete your account:

  • Your personal data will be removed within 30 days
  • Shared notes may persist if other users have access (you can unshare them first)
  • Backup copies may persist for up to 90 days for disaster recovery
  • Aggregated, anonymized data may be retained for analytics
  • Data retention beyond 30 days may occur if required by law

7. Children's Privacy

Resin is not intended for children under 13 (COPPA). We do not knowingly collect information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information and terminate the child's account immediately. Parents or guardians who believe their child has provided us with information should contact us at crew@looplessapp.com.

8. International Users (GDPR, CCPA)

For EU Residents (GDPR): You have additional rights including the right to be forgotten, data portability, and to object to processing. We process your data based on legitimate interest and your explicit consent. You can contact our Data Protection Officer at crew@looplessapp.com.

For California Residents (CCPA): You have the right to know, delete, and opt-out of the sale of your personal information. We do not sell your personal information. You can submit a CCPA request at crew@looplessapp.com.

9. Cookies and Tracking

Our website uses cookies for:

  • Authentication (session management)
  • User preferences (theme, language)
  • Security (CSRF protection)

We do NOT use cookies for tracking, advertising, or analytics. You can control cookies in your browser settings.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have privacy concerns, please contact us:

LoopLess LLC

State of Illinois, United States

Email: crew@looplessapp.com

Response time: 30 days or less for privacy requests

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page, updating the "Last Updated" date above, and/or sending you an email notification. Your continued use of the Services following the posting of revised Privacy Policy means that you accept and agree to the changes. If you do not agree with the changes, you may delete your account.

12. Jurisdiction and Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Illinois, without regard to its conflict of law principles. Any legal action or proceeding related to this policy shall be brought exclusively in the courts located in Illinois. However, for disputes related to data protection (GDPR), EU residents may file complaints with their local data protection authority.

13. Data Processing Addendum

For enterprise customers or organizations processing large volumes of personal data through Resin, we can provide a Data Processing Addendum (DPA) that outlines our responsibilities as a data processor. Contact crew@looplessapp.com to request a DPA.