Summary: We collect only what we need to run the service. We do not sell your data. We do not share it with third parties for marketing. Your session content is used only to power your guided sessions and is not stored permanently unless you choose to save your history. You have full rights over your data under UK GDPR.
1. Who we are
Stop The Loop is operated by Dad-Link Technologies Limited, a company registered in England and Wales.
Company name: Dad-Link Technologies Limited
Website: stoptheloop.co.uk
Contact: privacy@stoptheloop.co.uk
Dad-Link Technologies Limited is the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
2. What data we collect
We collect only the data necessary to provide and improve the service. This falls into the following categories:
Account data
When you create an account, we collect your email address and a securely hashed password. We do not collect your full name unless you choose to provide it. We do not collect your date of birth, address, or telephone number unless required for billing purposes.
Usage and session data
When you use Stop The Loop, we collect data about how you interact with the app — which features you use, session duration, and in-app actions. This data is used to improve the service and personalise your experience.
If you use the AI-guided session features, your inputs during a session are sent to the AI model to generate a response. Session content is processed in real time and is not stored permanently on our servers beyond what is required to maintain your session history, which you can delete at any time from your account settings.
Mood and wellness data
If you use the mood timeline feature, we store the mood scores and any optional notes you provide. This data is classed as health data under UK GDPR and is treated with the highest level of protection. It is never shared with third parties. You can delete your mood history at any time from within the app.
Payment data
Payments are processed by Stripe. We do not store your card details. Stripe provides us with a transaction record and subscription status only. Stripe's privacy policy is available at stripe.com/gb/privacy.
Technical data
We automatically collect standard technical data when you visit the site or use the app — including your IP address, browser type, device type, operating system, and pages visited. This data is used for security, performance monitoring, and analytics.
Cookies
We use strictly necessary cookies to maintain your session and authentication state. We use analytics cookies to understand how the service is used. We do not use advertising or tracking cookies. You can manage cookie preferences through our cookie banner or your browser settings.
3. How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the service — account access, sessions, features | Account data, session data, mood data | Contract performance |
| Processing payments and managing subscriptions | Email, payment confirmation from Stripe | Contract performance |
| Personalising your guided sessions | Session inputs, mood history, onboarding answers | Legitimate interests / consent |
| Sending transactional emails (receipts, account notices) | Email address | Contract performance |
| Sending product updates and newsletters (optional) | Email address | Consent — opt in only, unsubscribe anytime |
| Improving the service through analytics | Anonymised usage data, technical data | Legitimate interests |
| Security and fraud prevention | Technical data, IP address | Legitimate interests / legal obligation |
| Complying with legal obligations | Any data required by law | Legal obligation |
4. AI processing and your session data
Stop The Loop uses the Anthropic Claude API to power AI-guided sessions. When you interact with a guided session, your inputs are sent to Anthropic's API to generate a response. This processing is governed by Anthropic's API data processing terms.
We do not use your session content to train AI models. We do not share personally identifiable session content with Anthropic beyond what is transmitted in the API request for the purpose of generating your response.
Session history is stored in our database to allow you to review past sessions. You can delete your session history at any time from your account settings. Deleting session history removes it from our systems within 30 days.
Important: Please do not enter sensitive personal information such as names, addresses, financial details, or information about third parties into session inputs beyond what is necessary for your session.
5. Health and wellness data
Mood scores, session notes, and any wellness-related data you provide are classed as health data under UK GDPR Article 9. We process this data on the basis of your explicit consent, which you provide when you first use these features.
This data is:
- Stored encrypted at rest
- Never shared with third parties for any purpose
- Never used for advertising or profiling
- Deletable at any time from within the app
- Retained only for as long as you have an active account, or until you delete it
6. Third parties we work with
We work with a small number of trusted third-party service providers to operate the service. Each is bound by appropriate data processing agreements.
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Email, billing information |
| Anthropic | AI-powered guided session responses | Session input text (in real time only) |
| Firebase / Google | Database, authentication, hosting | Account data, session data, mood data |
| SendGrid | Transactional email delivery | Email address, email content |
We do not sell your personal data to any third party. We do not share your data with advertisers, data brokers, or any third party for marketing purposes.
7. How long we keep your data
Account data is retained for the duration of your account and for up to 90 days after account deletion, to allow for account recovery and to comply with legal obligations.
Session history and mood data is retained until you delete it, or until your account is deleted. Deleted data is purged from our systems within 30 days.
Payment records are retained for 7 years in accordance with UK tax and accounting obligations.
Technical and analytics data is retained in anonymised form for up to 26 months.
8. Your rights under UK GDPR
Under UK GDPR you have the following rights in relation to your personal data:
- Right of access — you can request a copy of all personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate or incomplete data
- Right to erasure — you can ask us to delete your personal data
- Right to restrict processing — you can ask us to limit how we use your data
- Right to data portability — you can request your data in a portable, machine-readable format
- Right to object — you can object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, contact us at privacy@stoptheloop.co.uk. We will respond within 30 days. Most requests can be fulfilled directly from within your account settings.
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
9. Data security
We take the security of your data seriously. Our security measures include:
- All data transmitted between your device and our servers is encrypted using TLS
- Health and wellness data is encrypted at rest
- Passwords are hashed using industry-standard algorithms and are never stored in plain text
- Access to production data is restricted to authorised personnel only
- We conduct regular security reviews of our infrastructure
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected users without undue delay.
10. Children and under-18s
Stop The Loop is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at privacy@stoptheloop.co.uk and we will delete it promptly.
11. International data transfers
Some of our third-party service providers are based outside the UK, including in the United States. Where we transfer data outside the UK, we ensure appropriate safeguards are in place — including standard contractual clauses and adequacy decisions — in compliance with UK GDPR Chapter V.
12. Changes to this policy
We may update this privacy policy from time to time. When we make material changes, we will notify you by email and update the "last updated" date at the top of this page. Continued use of the service after notification constitutes acceptance of the updated policy.
13. Contact us
If you have any questions about this privacy policy or how we handle your data, please contact us:
Email: privacy@stoptheloop.co.uk
Company: Dad-Link Technologies Limited
Registered in: England and Wales