LootCRM

Business Management Simplified

Privacy Policy

Last updated: December 2025

1. Introduction

Perlicom Systems Ltd T/A LootCRM ("we", "us", or "our") operates LootCRM. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide
  • Account Information: Name, email address, password
  • Business Information: Company name, address, VAT number, contact details
  • Customer Data: Information about your customers that you enter into the Service
  • Financial Data: Sales records, invoices, payments (we do NOT store full payment card numbers)
  • Communications: Emails sent through the Service, support requests
2.2 Information Collected Automatically
  • Usage Data: Pages viewed, features used, actions taken
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, referring URLs
  • Cookies: Session cookies for authentication and preferences
2.3 Information from Third Parties
  • Google Sign-In: Name, email, profile picture (if you sign in with Google)
  • Payment Providers: Transaction status from Revolut (not full card details)

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Process your transactions and manage subscriptions
  • Send transactional emails (invoices, receipts, password resets)
  • Provide customer support
  • Improve and personalize the Service
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

We do NOT sell your personal data to third parties.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract: Processing necessary to provide the Service you subscribed to
  • Legitimate Interest: Improving our Service, fraud prevention, security
  • Legal Obligation: Tax records, legal compliance
  • Consent: Marketing communications (where applicable)

5. Data Sharing & Disclosure

We may share your information with:

  • Service Providers: Hosting, payment processing, email delivery
  • Payment Processors: Revolut (for subscription and invoice payments)
  • Legal Authorities: When required by law or to protect rights

All third-party providers are contractually bound to protect your data.

6. Data Retention

  • Active Accounts: Data retained while your account is active
  • After Cancellation: Data retained for 30 days, then deleted
  • Financial Records: Retained for 7 years (legal requirement)
  • Backup Data: Removed within 90 days of deletion

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, contact us at support@lootcrm.com.

8. Data Security

We implement industry-standard security measures:

  • SSL/TLS encryption for all data transmission
  • Encrypted password storage (bcrypt)
  • Encrypted storage of sensitive credentials (Fernet)
  • Regular security audits and updates
  • Access controls and authentication
  • Secure cloud infrastructure (MongoDB Atlas)

While we strive to protect your data, no method of transmission is 100% secure.

9. Cookies

We use cookies for:

  • Essential Cookies: Authentication, session management
  • Functional Cookies: Remember your preferences

We do NOT use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect functionality.

10. International Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice in the Service. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or to exercise your rights:

  • Email: support@lootcrm.com
  • Address: Dalgin, Milltown, Tuam, Co. Galway, Ireland

You also have the right to lodge a complaint with the Data Protection Commission (Ireland) or your local supervisory authority.

Back to Dashboard