1. Scope, operator and our different roles
Loomfast is operated by Websynth Technologies LLP (“Loomfast”, “we”, “us” or “our”), with its India office at Level 2, Venture Arcade, Mavoor Road, above Croma, Thondayad, Kozhikode, Kerala, India.
This Policy applies when you visit loomfast.com, create or use a Loomfast account, use Loomfast Hub or the Loomfast Marketplace, make a booking or payment, contact support, or otherwise interact with us.
When Loomfast determines the purpose
We act as the data fiduciary/controller for data used to run accounts, subscriptions, Marketplace bookings, payments, security, support, communications, compliance and improvement of our own Services.
When a laundry Business determines the purpose
A Business using Loomfast Hub generally decides why and how to process information about its customers, employees, suppliers and operations. For that data, the Business is the data fiduciary/controller and Loomfast acts primarily as its processor/service provider. The Business’s own privacy notice also applies. Requests about such data should usually be directed to that Business; we will reasonably assist it.
This Policy is designed to address the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and to support the phased implementation of the Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025 as their relevant provisions take effect.
2. Personal data we collect
- Identity and account data: name, email, phone number, business name, role, account identifiers, login status, verification records and hashed passwords. We do not store your password in readable form.
- Business and tax data: branch/outlet details, business address and location coordinates, country/state/city, logo, GSTIN, PAN, place of supply, tax regime, invoice settings, licences or verification information.
- Customer and marketplace data: contact details, addresses, saved addresses, booking and order history, garment/service details, preferences, notes, loyalty points, pickup and delivery instructions, complaints, reviews and communications.
- Order media: photographs of garments, care issues or order evidence uploaded by a Business or user. Such images may incidentally contain people, locations or other personal information.
- Employee and HR data: name, work contact details, role, permissions, branch/outlet assignments, attendance, leave, salary and payroll records entered by a Business.
- Supplier and finance data: supplier contacts, purchase and expense records, invoices, ledgers, taxes, payment method/status and transaction records.
- Payment data: amount, currency, status, coupon, gateway order/payment identifiers, refund and settlement information. Card, UPI or bank credentials entered into a payment gateway are handled by that gateway; Loomfast does not intend to store full card details or payment authentication credentials.
- Device and usage data: IP address, browser and device type, timestamps, pages/features used, session and authentication events, error logs, security signals and approximate location inferred from IP.
- Communications: support requests, product feedback, survey responses, email delivery status, and messages you send through the Services.
Please do not provide Aadhaar numbers, health data, biometric data, financial credentials or other highly sensitive information unless we specifically request it through an approved, lawful feature. Avoid including unnecessary personal information in free-text fields or images.
3. Where the data comes from
We receive data directly from you; from the Business that creates or manages your record; from authorised account administrators and users; from Marketplace parties involved in a booking; automatically from devices and servers; and from payment, email, storage, maps/geocoding, security and other service providers. We may also receive lawful public business information and information required to prevent fraud or comply with law.
4. How we use personal data
- create, verify, authenticate and administer accounts and access permissions;
- provide Hub workflows for branches, CRM, orders, pickup/delivery, HR, accounting, reports and settings;
- publish Marketplace listings, find nearby Businesses, process bookings, track services, communicate status and support disputes;
- process subscriptions, commissions and marketplace payments; issue refunds; reconcile transactions; and maintain tax/accounting records;
- send service, verification, security, billing and support communications and, with any consent required by law, product or promotional communications;
- provide support, collect feedback, diagnose errors and improve usability, features, performance and reliability;
- protect users and the Services, enforce our Terms, prevent fraud and abuse, audit access, investigate incidents and maintain backups;
- comply with legal obligations, lawful requests, taxation, accounting, dispute resolution and enforcement; and
- create aggregated or de-identified insights that do not identify an individual or Business.
We will not use personal data for a new incompatible purpose without an appropriate notice and, where required, consent.
5. Consent and other lawful processing
Depending on the context and law in force, we process personal data with consent; to provide a service or take steps you request; for uses voluntarily provided for a specified purpose; to comply with law; to respond to emergencies, fraud and security risks; and for other legitimate uses permitted by applicable law.
Where we rely on consent, it is requested through the relevant interface or communication. You may withdraw it by the same or a comparably easy method or by contacting us. Withdrawal does not affect prior lawful processing and may prevent us from providing a feature that needs the data. We will explain material consequences where practical.
Businesses must independently establish an appropriate lawful basis and provide required notice for the personal data they put into Loomfast Hub.
7. Business-controlled records
If a Business entered your customer, employee or supplier information, contact that Business first to access, correct or erase it, object, withdraw consent, or complain. The Business may need to retain information for tax, employment, consumer or other legal obligations. We will act on the Business’s lawful instructions and may require it to verify your identity and request.
Business administrators can access workspace data and control other users’ access. If you use a work account, your employer or Business may view your account activity, change permissions, export records, suspend access or request deletion in accordance with its own policies and law.
8. Storage and transfers
We and our providers may process data in India and in other countries where infrastructure or support operates. Before transferring sensitive personal data outside India, we use contractual and organisational measures intended to provide a comparable level of protection and transfer only where necessary for the lawful contract or otherwise permitted. We will comply with any country restrictions notified under the Digital Personal Data Protection Act as they apply.
Internet and cloud processing necessarily involve transmission across networks, and no location provides absolute security.
9. How long we retain data
We retain personal data only as long as reasonably necessary for the purposes described, a Business’s lawful instructions, and legal, tax, accounting, security, backup and dispute requirements. Retention depends on the record:
- active account and operational records are generally kept while the account or Business relationship continues;
- transaction, invoice, tax, consent, security and dispute records may be kept for the applicable statutory limitation or record-keeping period;
- verification/reset tokens expire after short operational periods, while security logs and backups rotate under internal schedules; and
- after a valid deletion request or account closure, data is deleted, de-identified or isolated from active use, unless retention is necessary for law, fraud prevention, security, claims or another permitted purpose.
Deletion from backups may occur on the next scheduled rotation. De-identified information that can no longer identify a person may be retained.
10. Security practices
We use safeguards proportionate to the nature and risk of the data, including password hashing, encrypted network transport, access controls and permissions, tenant separation, environment and secret controls, logging, backups, provider reviews, and incident response practices. We require personnel and service providers to handle personal data only as authorised.
No system is completely secure. You are responsible for strong credentials, secure devices, appropriate user permissions and prompt removal of access that is no longer needed. Report suspected unauthorised access to security@loomfast.com. Where required, we will notify affected persons and authorities of a personal data breach in the prescribed manner.
12. Children’s data
The Services are not directed to persons under 18, and minors must not independently create accounts or make bookings. A parent or lawful guardian may arrange a household service. Businesses must not enter children’s personal data unless necessary, lawful and supported by required verifiable parental consent. We do not knowingly undertake tracking, behavioural monitoring or targeted advertising directed at children.
If you believe a child’s data was collected improperly, contact us so we can investigate and take appropriate action.
13. Your choices, rights and grievance process
Subject to applicable law, role and exemptions, you may ask us to:
- confirm whether we process your personal data and provide a summary or access information;
- correct, complete or update inaccurate data;
- erase personal data no longer needed for a lawful purpose;
- withdraw consent or opt out of promotional email;
- explain the identities or categories of recipients as required by law;
- address a grievance and, when the relevant DPDP provisions apply, nominate another person to exercise rights in case of death or incapacity.
Use available account settings or email privacy@loomfast.com. Describe your relationship with Loomfast, the relevant Business and the request. We may verify identity and authority, and will respond within the period required by applicable law. We may deny or limit a request where law permits, including to protect another person, confidential information, security, legal claims or required records, and will explain where required.
Grievance Officer: Privacy Grievance Officer, Loomfast
Email: grievance@loomfast.com
Address: Level 2, Venture Arcade, Mavoor Road, above Croma, Thondayad, Kozhikode, Kerala, India. We acknowledge and resolve grievances within applicable statutory timelines.
Please give us a reasonable opportunity to resolve the grievance. When the relevant provisions are in force and you remain dissatisfied after using our process, you may complain to the Data Protection Board of India. Other statutory consumer or judicial remedies remain available.
14. Changes to this Policy
We may update this Policy to reflect law, technology, providers or Services. We will post the revised Policy with its effective date and provide additional notice where a change is material or law requires it. Earlier versions may be requested from us.
15. Contact us
Loomfast / Websynth Technologies LLP
Level 2, Venture Arcade, Mavoor Road, above Croma,
Thondayad, Kozhikode, Kerala, India
Privacy: privacy@loomfast.com
General support: support@loomfast.com