Anything you do with other people. A coffee, a run, a walk, a picnic, a pub night, a book club. If it's a real-world plan, it's a Happening.

How does LetsLoop know what to show me?

Your Home feed mixes Happenings from communities you've joined, interests you've picked, and people you've previously looped with. Your Map view shows whatever's nearby right now.

Is LetsLoop actually free?

Yes, forever. No subscription, no premium tier, no paywall. Future revenue comes from ads, event sponsorships, and optional in-app extras — none of which gate the core product.

Where does LetsLoop work?

London first, then expanding. We seed each new area with real, recurring Happenings before launching so the feed isn't empty when you arrive.

Identity is real, not anonymous. You see hosts' history and attendance before joining. Privacy zones hide your home and work. You can mute, block, and report in one tap. Per-Happening filters (e.g. women-only) are organiser-set.

Can I post my own Happening?

Yes. Three taps to create. No event-management overhead. People you'd want there see it; people you wouldn't, don't.

Last updated: 2026-05-25 · Version 2.0

Privacy Policy

Last updated: 2026-05-25

Version: 2.0

1. Introduction

This Privacy Policy explains how LetsLoop Ltd ("LetsLoop", "we", "us", "our") collects, uses, shares, and protects your personal data when you use our flatmate-matching mobile and web application, our website at letsloop.app, and any related services (together, the "Service"). We are committed to handling your personal data transparently and in line with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

By using LetsLoop you acknowledge the practices described in this Policy. If you disagree with any part of it, please do not use the Service.

2. Data Controller

The data controller for personal data processed through LetsLoop is:

LetsLoop Ltd Company number: 17178512 (registered in England and Wales) Registered office: 71-75 Shelton Street, London WC2H 9JQ, United Kingdom

We process personal data for purposes that require notification to the UK Information Commissioner's Office (ICO) and pay the data protection fee as required. Our ICO registration reference will be published here once issued; in the meantime our payment to the ICO is current.

Contact for all privacy matters: privacy@letsloop.app

3. What Data We Collect

We collect personal data in five broad categories.

3.1 Account data

Email address
First name (and optionally surname)
Date of birth — used to confirm you are 18 or over (see Section 9). We do not store more granular age data than necessary.
Authentication credentials — passwords are stored as salted, irreversible hashes; we never see your plaintext password. If you sign in with a third-party identity provider, we receive the basic profile data you authorise.

3.2 Profile data

Profile photos and any additional images you upload
A short bio / description you write about yourself
Flatshare preferences (budget range, move-in date, area or neighbourhood, household size, etc.)
Compatibility-quiz answers covering lifestyle dimensions (cleanliness, sleep schedule, social rhythm, conflict-resolution style, noise tolerance, fairness expectations, smoking preference)
Approximate location at city or neighbourhood level. We do not collect precise GPS coordinates.
Optional links you choose to add (e.g. Instagram handle, LinkedIn URL)

3.3 Communications data

Messages you send to and receive from other users within the Service (one-to-one chat and group chat)
Voice and video calls placed through the Service (routed via LiveKit; we do not record the audio/video stream itself but we do log call metadata — start/end times, participants, duration)
Support requests and any correspondence with us
Reports you submit about other users and any moderation actions we take

3.4 Usage data

Profiles, listings, and other content you view, like, pass on, match with, or block
Features you use and pages you visit
Aggregate session information (time of day, screen flow, duration)

3.5 Technical data

Device identifiers (e.g. install ID, advertising ID — only where you have given any required consent), operating system, app version, browser type and version
IP address — used for security, abuse prevention, and approximate geolocation; we truncate or hash it where practical
Log data (timestamps, error and crash reports)
Push notification tokens (Apple Push Notification service for iOS; Firebase Cloud Messaging for Android — see Section 5)

We do not currently process payments and do not collect card or other payment-instrument data. If we introduce paid features in future, this Policy will be updated and you will be notified at least 14 days before any change takes effect.

4. Why We Use Your Data (Legal Bases)

Under UK GDPR we must have a lawful basis for each purpose. Ours are:

Purpose	Lawful basis under UK GDPR Article 6
Creating and maintaining your account	Contract — Art. 6(1)(b)
Matching you with compatible flatmates (the core service)	Contract
Sending service messages (match notifications, security alerts, transactional emails)	Contract
Detecting and preventing fraud, abuse, scams, and policy violations	Legitimate interests — Art. 6(1)(f)
Content moderation and trust-and-safety reviews	Legitimate interests / Legal obligation
Crash diagnostics and error monitoring (Sentry)	Legitimate interests
Product analytics, session replay, and feature flags (PostHog)	Consent where required — Art. 6(1)(a) — and otherwise legitimate interests for aggregated, non-identifying analytics
Marketing emails and community updates (the newsletter you can opt in to)	Consent
Responding to legal requests	Legal obligation — Art. 6(1)(c)
Age verification (confirming you are 18 or over)	Legal obligation / Legitimate interests

You can withdraw consent at any time — see Section 8 for how. Withdrawal does not affect processing carried out before withdrawal.

We do not engage in any automated decision-making that produces legal or similarly significant effects on you within the meaning of UK GDPR Article 22. Our matching algorithm influences the order of profiles you see but does not on its own deny you access to housing or any other service.

5. Who We Share Data With

We do not sell your personal data. We share it only with the categories of recipients listed below.

5.1 Other users of the Service

Your profile (photo, first name, age, approximate area, bio, and the compatibility-quiz outputs we surface) is visible to other LetsLoop users you appear as a potential match for or to people in any group you join. Messages are visible to the recipient(s). You control what you publish on your profile and can edit or remove it at any time.

5.2 Sub-processors

We use the following third-party service providers to operate the Service. Each is bound by a data-processing agreement and processes personal data only on our instructions. An up-to-date register including the country of processing and the specific category of personal data shared is available at letsloop.app/subprocessors.

Summary list (full detail on the sub-processors page):

Supabase Inc. (United States / EU regions) — database, authentication, file storage, and realtime messaging for both apps
Vercel Inc. (United States / global edge) — website and serverless API hosting
Resend, Inc. (United States, send infrastructure on Amazon SES EU-West-1 / Ireland) — transactional email (welcome emails, notifications)
PostHog, Inc. (EU Cloud — Frankfurt, Germany) — product analytics, session replay, and feature flags; loaded only after you grant analytics consent
Sentry / Functional Software, Inc. (United States) — error and crash reporting
LiveKit, Inc. (United States) — real-time voice and video calling infrastructure
Expo / 650 Industries, Inc. (United States) — mobile-app build and over-the-air-update service; push notification dispatch
Apple Inc. (United States, via Apple Push Notification service) — push notification delivery on iOS
Google LLC (United States, via Firebase Cloud Messaging) — push notification delivery on Android
Cloudflare, Inc. (United States / global) — DNS and DDoS protection for the letsloop.app domain
Vercel Analytics (operated by Vercel Inc.) — privacy-preserving website-traffic analytics (no cookies, no IP storage)

5.3 Professional advisers

Lawyers, accountants, auditors, and insurers — only where necessary and only under duties of confidence.

5.4 Authorities and legal disclosures

Law enforcement, regulators, or courts — only where we are legally compelled to disclose, where we must defend our legal rights, or where it is necessary to protect the vital interests of users or others.

5.5 Business transfers

If we are involved in a merger, acquisition, or sale of substantially all of our assets, your personal data may be transferred. We will notify you and, where applicable, seek your consent before any transfer that materially changes how your data is processed.

6. International Transfers

Several of our sub-processors are based outside the United Kingdom — primarily in the United States. Where we transfer personal data outside the UK we rely on safeguards approved under UK GDPR, including:

the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses;
adequacy regulations where they apply (for example the UK-US Data Bridge for US recipients certified under the UK extension to the EU-US Data Privacy Framework);
supplementary measures including encryption in transit (TLS 1.2+) and encryption at rest for stored media.

You may request a copy of the relevant transfer mechanism for any specific sub-processor by emailing privacy@letsloop.app.

7. Retention

Active accounts: we retain your personal data for as long as your account is active.
Deleted accounts: when you delete your account (or we delete it at your request), we purge your personal data from production systems within 30 days. Backups are overwritten on a rolling cycle not exceeding 90 days.
Messages: after you delete your account, your messages disappear from your view. Copies visible to your conversation partner remain in their view unless they also delete.
Moderation and safety records: where you have been banned, reported, or have a serious policy violation against your account, we may retain a limited record (typically email hash, date, reason) for up to 2 years to protect other users and to prevent re-registration of banned accounts.
Anonymised analytics: fully anonymised and aggregated statistics may be retained indefinitely for product, research, and reporting purposes.
Legal and financial records: where we are required by tax, accounting, or other law to retain records (e.g. invoices, contracts), we retain them for the period required by that law.

8. Your Rights

Under UK GDPR you have the following rights:

Access — request a copy of the personal data we hold about you (UK GDPR Art. 15).
Rectification — ask us to correct inaccurate or incomplete data (Art. 16).
Erasure — ask us to delete your data, subject to certain exceptions ("right to be forgotten", Art. 17).
Restriction — ask us to limit how we use your data (Art. 18).
Portability — receive your data in a structured, commonly used, machine-readable format, or have it transmitted to another controller (Art. 20).
Objection — object to processing based on legitimate interests or direct marketing (Art. 21).
Withdraw consent — where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Not be subject to automated decisions — we do not currently take such decisions about you (see Section 4).
Lodge a complaint — with the UK Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113. We would appreciate the chance to address your concerns first.

To exercise any right, email privacy@letsloop.app. We will respond within one calendar month. We may ask for proof of identity before acting on a request to make sure we are giving the data to the right person.

9. Children's Data

LetsLoop is strictly for users aged 18 or over. We do not knowingly collect personal data from anyone under 18. We apply an age gate at signup using your date of birth. If we learn that a user is under 18, we will suspend the account and delete the associated personal data as soon as reasonably practicable. If you believe a minor is using LetsLoop, please contact privacy@letsloop.app.

10. Security

We apply technical and organisational measures appropriate to the risks of processing, including:

TLS 1.2+ encryption for all data in transit
Encryption at rest for stored media and database content held by our sub-processors
Role-based access controls, audit logging, and least-privilege access for our staff
Vendor risk management — sub-processors are reviewed before onboarding
Bcrypt-style hashing for passwords; we never see your plaintext password

No system can be perfectly secure. You are responsible for keeping your password confidential and for promptly reporting any unauthorised use of your account to privacy@letsloop.app.

11. Cookies and Similar Technologies

We use cookies and equivalent technologies (local storage, SDK identifiers) for authentication, security, preferences, and (with your consent) analytics. See our separate Cookie Policy for details and to manage your preferences.

12. Changes to This Policy

We may update this Policy from time to time. When we make material changes — for example adding a new sub-processor, changing the legal bases we rely on, or expanding the categories of data we collect — we will notify you in-app or by email at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. Material historical versions are archived and available on request.

13. Contact

Questions, data-subject requests, and complaints: privacy@letsloop.app

LetsLoop Ltd 71-75 Shelton Street, London WC2H 9JQ, United Kingdom Company number 17178512 (registered in England and Wales)