← Back to login

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Dualoop SRL ("Dualoop", "we", "us"), as data controller, collects, uses, and protects your personal data when you use the dualoop.coach platform ("Service"), in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Belgian Data Protection Act of 30 July 2018.

1. Data Controller

Dualoop SRL, Brussels, Belgium.
Contact: coaching@dualoop.com

2. Data We Collect

  • Account data: Name, email address, authentication credentials
  • Conversation data: Messages you send and AI-generated responses
  • Uploaded files: Documents submitted for audit analysis
  • Usage data: Session timestamps, feature usage, API costs
  • Technical data: IP address, browser type (via Supabase authentication logs)

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the Service
  • Consent (Art. 6(1)(a) GDPR): For AI processing of your conversation data
  • Legitimate interest (Art. 6(1)(f) GDPR): Service improvement, security, cost monitoring

4. AI Processing

Your messages are processed by Anthropic's Claude AI models (hosted in the US and EU). Anthropic acts as a data processor under a Data Processing Agreement. Conversation data is sent to Anthropic's API for processing and is not used by Anthropic to train their models (per Anthropic's commercial API terms).

5. Data Storage and Transfers

Data is stored on Supabase (hosted in EU region where available) and Vercel (Edge network with EU presence). Where data is transferred outside the EEA, appropriate safeguards are in place (Standard Contractual Clauses per Art. 46(2)(c) GDPR).

6. Data Retention

Conversation data is retained for the duration of your account. Upon account deletion, your data is permanently deleted within 30 days. Cost and audit logs may be retained for up to 7 years for accounting purposes under Belgian law.

7. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data ("right to be forgotten") (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))

To exercise these rights, contact coaching@dualoop.com.

8. Supervisory Authority

You have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit):
Rue de la Presse 35, 1000 Brussels
www.autoriteprotectiondonnees.be

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or in-app notification.