Skip to main content
Loopura

Privacy Policy

Last updated: April 20, 2026

This policy explains what personal data we process when you visit loopura.com or contact us through this website, the legal basis for that processing, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. Data Controller

The controller responsible for processing your personal data on this website is:

CarbonTech GmbH
Invalidenstraße 65
10557 Berlin
Germany

Managing Director: Philip Michaelides
Commercial Register: Amtsgericht Berlin Charlottenburg, HRB 279628
VAT ID: DE459679010
Email: info@loopura.com

2. Data Protection Officer

CarbonTech GmbH is not required to appoint a Data Protection Officer under Art. 37(1) GDPR or § 38(1) BDSG. For any data-protection inquiries, please contact us at info@loopura.com.

3. General Information on Data Processing

We process your personal data only insofar as necessary to provide a functional website and our services, and only where the processing is permitted by law. Depending on the processing activity, we rely on one or more of the following legal bases:

  • Art. 6(1)(a) GDPR: your consent, where we ask for it explicitly.
  • Art. 6(1)(b) GDPR: processing necessary for the performance of a contract with you or for pre-contractual measures at your request.
  • Art. 6(1)(c) GDPR: processing necessary to comply with a legal obligation to which we are subject.
  • Art. 6(1)(f) GDPR: processing necessary for the purposes of our legitimate interests, where those interests are not overridden by your rights and freedoms.

We do not rely on Art. 6(1)(d) (vital interests) or Art. 6(1)(e) (public interest) on this site.

Deletion and retention: We delete personal data as soon as the purpose for which it was collected has ceased, unless a longer retention period is required by law (in particular §§ 147 AO and 257 HGB for commercial and tax records, typically 6 or 10 years).

No automated decision-making: We do not use automated decision-making within the meaning of Art. 22 GDPR on this website.

4. Overview of Data We Process

We process the following categories of personal data:

  • Contact form submissions: name, email address, and the content of your message.
  • Server log data: IP address, user-agent string, HTTP referrer, timestamp, and requested URL (processed by our hosting provider, Cloudflare).

We do not set any cookies, use advertising pixels, or track visitors across sites. We use a privacy-friendly, cookie-free analytics service (see §13).

5. Hosting (Cloudflare Pages)

This website is hosted on Cloudflare Pages, operated by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA.

When you visit loopura.com, Cloudflare automatically processes standard server log data to deliver the site and protect it against abuse. This includes your IP address, browser type, referrer, and timestamp. Log data is retained by Cloudflare in accordance with its published retention policy.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable website delivery).

International transfer: Cloudflare, Inc. is certified under the EU-US Data Privacy Framework (DPF), which the European Commission has recognized as providing an adequate level of protection pursuant to Art. 45 GDPR. We have a Data Processing Agreement with Cloudflare under Art. 28 GDPR. Should the DPF adequacy decision be invalidated, the transfer will instead be based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, supplemented by additional safeguards where necessary.

More information: cloudflare.com/privacypolicy

6. Contact Form

When you submit the contact form on loopura.com/contact, we process your name, email address, and message content so we can respond to your inquiry.

Legal basis:

  • Art. 6(1)(b) GDPR (pre-contractual measures) where your inquiry relates to our products or services.
  • Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries) in all other cases.

Processing steps:

  1. Your submission is sent to a Cloudflare Worker for validation.
  2. Cloudflare Turnstile validates that the submitter is a human (see §7).
  3. The validated submission is forwarded to a private Discord channel for our team to review (see §8).

Retention: Contact form submissions are retained until your inquiry is resolved and for up to 12 months thereafter for follow-up purposes, unless a longer retention period is required by law (e.g., commercial or tax records under §§ 147 AO and 257 HGB).

7. Bot Protection (Cloudflare Turnstile)

We use Cloudflare Turnstile to protect the contact form from automated abuse. Turnstile is a cookie-free CAPTCHA alternative operated by Cloudflare, Inc.

When you submit the form, Turnstile processes:

  • Your IP address
  • Your user-agent string
  • Browser characteristics (JavaScript runtime data)
  • User-interaction signals (e.g., mouse and keyboard patterns)

Turnstile does not set cookies, does not fingerprint users for advertising, and does not share data with third-party ad networks.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in preventing spam and automated abuse).

More information: cloudflare.com/products/turnstile

8. Contact Form Recipient (Discord)

Validated contact form submissions are forwarded via webhook to a private channel operated on Discord by Discord Inc., 444 De Haro Street, Suite 200, San Francisco, CA 94107, USA. Our team uses this channel to review and respond to inquiries.

This transfers your submission (name, email, message) to the United States.

International transfer: Discord Inc. is certified under the EU-US Data Privacy Framework (DPF), recognized by the European Commission as providing an adequate level of protection pursuant to Art. 45 GDPR. Should the DPF adequacy decision be invalidated, the transfer will instead be based on EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, supplemented by additional safeguards where necessary.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in efficient inquiry handling).

More information: discord.com/privacy

9. Email Communication

If you contact us directly by email (for example at info@loopura.com) outside of the contact form, the personal data you include in your message (typically your email address, your name, and the content of your message) will be processed by us so we can respond to your inquiry.

Legal basis:

  • Art. 6(1)(b) GDPR where your inquiry relates to a contract or pre-contractual measures.
  • Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries) in all other cases.

Retention: Email correspondence is retained until the inquiry is resolved and for up to 12 months thereafter for follow-up purposes, unless a longer retention period is required by law.

You can object to this processing at any time by emailing us. In that case the conversation cannot continue and any related data will be deleted.

10. Cookies

Loopura does not set any first-party cookies. Our analytics (see §13) is cookie-free. There is no advertising or cross-site tracking infrastructure on this site.

Cloudflare may set a short-lived technical cookie (__cf_bm) on form submission for bot-management purposes. This cookie is strictly necessary under § 25(2) TTDSG and is not used to track users across sites.

11. Data Security

We apply appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access (Art. 32 GDPR):

  • All traffic to and from loopura.com is transmitted over TLS (HTTPS).
  • The contact-form webhook that forwards submissions to Discord is authenticated with a secret held only by our Cloudflare Worker; the endpoint URL is not published.
  • Access to the private Discord channel receiving contact submissions is restricted to authorized team members.
  • Infrastructure secrets are managed via Cloudflare's encrypted secret store and are not committed to source control.

12. Fonts

We self-host the Inter font locally as part of the site build. No font files are loaded from Google Fonts or any other third-party CDN, and no font-related data leaves our infrastructure.

13. Web Analytics (Cloudflare Web Analytics)

We use Cloudflare Web Analytics to understand which pages are visited and how visitors move through the site, so we can improve its content and structure.

Cloudflare Web Analytics is a privacy-friendly service: it does not set cookies, does not fingerprint visitors, and does not track individuals across sessions or websites. No profiles of individual visitors are built.

The following data is processed for analytics purposes:

  • Requested URL and referrer (if any)
  • Browser and operating system (via the user-agent string)
  • Approximate country (derived transiently from IP, then discarded)
  • Viewport size

IP addresses are processed transiently for country derivation and not stored. No data is shared with third-party advertising networks.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding and improving site performance). Because no cookies or persistent identifiers are used, no consent under § 25 TTDSG is required.

More information: cloudflare.com/web-analytics

14. Your Rights

Under the GDPR you have the following rights regarding your personal data:

  • Access (Art. 15): You may request confirmation of whether we process your data and receive a copy.
  • Rectification (Art. 16): You may request correction of inaccurate data.
  • Erasure (Art. 17): You may request deletion of your data.
  • Restriction (Art. 18): You may request that we restrict processing.
  • Notification to recipients (Art. 19): Where you exercise your rights to rectification, erasure, or restriction, we will communicate the action to each recipient to whom your data has been disclosed, unless this proves impossible or involves disproportionate effort.
  • Portability (Art. 20): You may receive your data in a structured, machine-readable format.
  • Objection (Art. 21): You may object to processing based on legitimate interest at any time.
  • Withdraw consent (Art. 7): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Automated decision-making (Art. 22): As noted in §3, we do not subject you to decisions based solely on automated processing that produce legal or similarly significant effects. Should this change, you will have the right not to be subject to such a decision except under the exceptions in Art. 22(2) GDPR.

To exercise any of these rights, email info@loopura.com. We will respond within one month.

15. Minors

This website is not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you become aware that a minor has provided us with personal data without verifiable parental consent, please contact us at info@loopura.com and we will delete the data.

16. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for CarbonTech GmbH is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Email: mailbox@datenschutz-berlin.de

17. Changes to this Policy

We may update this policy to reflect changes in our services or legal requirements. The current version is always available at loopura.com/privacy. The "Last updated" date at the top of this page reflects the most recent change.