Legal

Privacy Policy

Last updated: June 2026  ·  Effective: June 2026

1. Who We Are

Loomaris is an AI-powered application generation platform operated by Avnish Kumar ("we", "us", or "our"), an individual developer based in Pune, India.

This Privacy Policy explains what personal data we collect when you use loomaris.xyz and app.loomaris.xyz (the "Service"), why we collect it, how it is used, and your rights in relation to it.

Our registered business address is:

Avnish Kumar — Loomaris
A 209, Nivasa Elevia, Ramashetty Rd
Keshav Nagar, Mundhwa
Pune, Maharashtra 411036
India

For any privacy-related queries, contact us at avnish.kumar@loomaris.xyz.

2. Data We Collect

2.1 Account Information (via Google OAuth)

When you sign in with Google, we receive and store:

  • Your Google account email address
  • Your display name
  • Your profile picture URL
  • A unique Google identifier ("sub" claim) — never your Google password
  • An OAuth refresh token (stored encrypted) to maintain your session

2.2 Anthropic API Key

If you choose to provide your Anthropic API key, it is stored encrypted at rest using Fernet symmetric encryption. It is never stored in plaintext, never logged, and never transmitted to any third party other than Anthropic's API servers when you initiate a generation request.

2.3 Usage Data

We store the content of your chat sessions with the AI, including:

  • Your prompts and messages
  • The generated code and responses
  • Timestamps and token usage counts

This data is associated with your account and stored in our database.

2.4 Technical Data

Our servers and CDN provider may automatically log your IP address, browser type, and pages visited as part of standard server access logs. These logs are retained for up to 30 days for security and debugging purposes.

3. How We Use Your Data

  • Authentication: To verify your identity and maintain a secure session
  • Service delivery: To execute AI generation requests on your behalf using your Claude API key
  • Session history: To display your past conversations and generated code
  • Security: To detect and prevent abuse or unauthorised access
  • Communication: To send you important service-related notices (no marketing emails without your explicit opt-in)

We do not sell your personal data. We do not use your data to train AI models.

4. Third-Party Services

We share data with the following third parties only to the extent necessary to operate the Service:

Google LLC (OAuth Authentication)

We use Google OAuth 2.0 to authenticate users. When you sign in, Google shares your profile information with us under Google's Privacy Policy.

Anthropic PBC (AI Generation)

Your prompts and the generated responses pass through Anthropic's Claude API. Your API key and conversation content are subject to Anthropic's Privacy Policy. We use your own API key, so API usage appears in your Anthropic account.

Netlify Inc. (Website Hosting)

This marketing website (loomaris.xyz) is hosted on Netlify. Standard CDN access logs may include your IP address. See Netlify's Privacy Policy.

Infrastructure (Cloud Hosting)

The application and its database run on cloud infrastructure (VPS). Your data is stored within the cloud provider's data centres. We apply encryption at rest and in transit (TLS 1.2+) for all data.

5. Data Storage & Security

  • All data is transmitted over encrypted HTTPS connections (TLS 1.2+)
  • OAuth tokens and API keys are encrypted at rest using Fernet (AES-128-CBC)
  • Database access is restricted to the application server; no public database port
  • We apply the principle of least privilege to all internal service access

Despite these measures, no system is 100% secure. If you become aware of a security issue, please disclose it responsibly to avnish.kumar@loomaris.xyz.

6. Data Retention

We retain your account data and session history for as long as your account remains active. If you request deletion of your account, we will permanently delete all associated personal data within 30 days of receiving the request, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing activities

To exercise any of these rights, email avnish.kumar@loomaris.xyz with the subject line "Privacy Request". We will respond within 30 days.

8. Cookies

This marketing website (loomaris.xyz) does not use tracking cookies or analytics. The application (app.loomaris.xyz) uses a single session-bound JWT stored in browser localStorage — it is not a cookie and is not accessible to third parties. It contains only your user ID and is used solely for authentication.

9. Children's Privacy

The Service is not directed at children under 13 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act). Users in the European Economic Area may also have rights under the GDPR, which we honour on request.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account at least 14 days before they take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

12. Contact

For any questions, requests, or concerns regarding this Privacy Policy:

Avnish Kumar
Email: avnish.kumar@loomaris.xyz
Address: A 209, Nivasa Elevia, Ramashetty Rd, Keshav Nagar,
Mundhwa, Pune, Maharashtra 411036, India