FireLoop
Legal information

Privacy policy

Last update: February 15, 2026

Your privacy is important to us. This Privacy Policy explains how FireLoop ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our website, services, and platform. By accessing or using FireLoop, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

1. Data controller

FireLoop is the data controller responsible for the processing of your personal data. We are committed to handling your data in compliance with applicable data protection laws, including the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR) where applicable.

For any questions, concerns, or requests relating to your personal data, please contact us at contact@fireloop.space. We will respond to all requests within 30 days.

2. Data collected

We collect the following categories of personal data:

  • Account data: username, email address, and password hash collected during registration. If you sign in with Google, we receive your Google display name, email, and profile picture URL.
  • Profile data: optional information you provide such as biography, audio software preferences, and profile avatar.
  • Content data: samples and loops you upload, including associated metadata (title, BPM, musical key, genre, category, time signature, description).
  • Usage data: interactions with the platform such as samples liked, downloads performed, and pages visited.
  • Technical data: IP address, browser type and version, device type, operating system, referral URLs, session duration, and access timestamps collected automatically through server logs.
  • Cookie data: information stored via cookies and similar technologies — see Section 9 and our Cookie Policy for full details.

3. How we collect data

We collect personal data through the following methods:

  • Directly from you: when you create an account, fill in your profile, upload content, or contact us via email.
  • Automatically: through cookies, server logs, and analytics tools when you browse the platform.
  • From third parties: when you sign in through Google authentication, we receive basic profile information from Google.

4. Purposes of processing

We process your personal data for the following purposes, each based on a specific legal basis:

  • Service delivery: to create and manage your account, allow you to upload and download samples, and provide core platform features (legal basis: contract performance).
  • Communication: to send you service-related notifications, respond to your inquiries, and notify you of policy changes (legal basis: legitimate interest).
  • Improvement and analytics: to analyse aggregated usage patterns, improve the platform, and enhance user experience (legal basis: consent, where required).
  • Advertising: to display relevant advertisements through Google AdSense, only when you have given your consent (legal basis: consent).
  • Security: to detect, prevent, and address fraud, abuse, and security threats, and to enforce our Terms of Use (legal basis: legitimate interest).
  • Legal compliance: to comply with applicable legal obligations, such as responding to lawful requests from authorities (legal basis: legal obligation).

5. Data sharing and third parties

We do not sell your personal data to third parties. We may share your data with the following categories of service providers, solely for the purposes described above:

  • Firebase (Google): hosting, authentication, database (Cloud Firestore), and file storage (Cloud Storage). Data may be processed in the United States. Google complies with applicable data transfer mechanisms.
  • Google AdSense: advertising service that may use cookies and similar technologies to display personalised ads based on your browsing history. Ads are only served if you have given consent via our cookie banner.
  • Stripe: payment processing for premium subscriptions. Stripe collects and processes payment information (card details, billing address) directly and acts as an independent data controller for that data. We do not store your payment card information.

We require all third-party providers to process personal data only on our instructions and in compliance with applicable data protection laws. We do not allow them to use your data for their own marketing purposes except where you have given separate consent (e.g. Google personalised ads).

6. International data transfers

As we use Firebase and Google services, some of your personal data may be transferred to and processed in the United States or other countries outside Switzerland and the European Economic Area. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision, to protect your data in accordance with applicable laws.

7. Retention periods

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: retained for the duration of your active account. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law.
  • Uploaded content: retained as long as your account is active. Upon account deletion, your samples and associated metadata will be permanently removed from our servers.
  • Technical and log data: retained for up to 12 months for security and analytics purposes, then automatically deleted.
  • Cookie consent preferences: stored in your browser's local storage and retained until you reset your preferences or clear your browser data.

8. Your rights

Under applicable data protection laws (including the GDPR and FADP), you have the following rights regarding your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may ask us to correct any inaccurate or incomplete personal data. You can also update most of your information directly from your account settings.
  • Right to erasure: you may request that we delete your personal data, subject to any legal obligations requiring retention.
  • Right to restriction: you may ask us to restrict the processing of your data in certain circumstances (e.g. while we verify its accuracy).
  • Right to data portability: you may request that we provide your personal data in a structured, commonly used, machine-readable format.
  • Right to object: you may object to processing based on legitimate interests, including for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing. You can withdraw cookie consent at any time via our Cookie Policy page.

To exercise any of these rights, please contact us at contact@fireloop.space. We will respond to your request within 30 days.We may ask you to verify your identity before processing your request.

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence.

9. Cookies and tracking technologies

We use cookies and similar technologies on our platform. Cookies are small text files placed on your device that help us provide and improve our services. We use the following categories of cookies:

  • Essential cookies: necessary for the platform to function (e.g. authentication, session management). These cannot be disabled.
  • Analytics cookies: help us understand how visitors interact with our platform through aggregated data.
  • Advertising cookies: used by Google AdSense to serve relevant ads. These are only set if you give consent.

You can manage your cookie preferences at any time via the consent banner or the Cookie Policy page. For more detailed information about the cookies we use, please refer to our dedicated Cookie Policy.

10. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using HTTPS/TLS across all pages and API endpoints.
  • Secure authentication via Firebase Authentication, including hashed passwords and OAuth 2.0 for Google Sign-In.
  • Access control through Firebase Security Rules to ensure users can only access their own data.
  • Regular review of our security practices and third-party services.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any data breach in accordance with applicable laws.

11. Children's privacy

FireLoop is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child, please contact us immediately.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last update" date at the top of this page. We encourage you to review this policy periodically. Your continued use of FireLoop after any changes constitutes your acceptance of the updated policy.

13. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email:contact@fireloop.space

We will do our best to respond to all inquiries within 30 days.