Skip to main content
← Back to home

Privacy Policy

Last updated: February 2026

Overview

LooiQ provides QR-based restroom access management for businesses. We built the system around privacy from day one. We do not collect names, emails, or personal profiles. We use one-way SHA-256 hashing so that phone numbers cannot be recovered from our systems with the exception to deliver our services and notifications.

What we collect

  • Phone number hash. When a user scans a LooiQ QR code and enters their phone number, we immediately hash it using HMAC-SHA256. The original phone number is never stored in raw format.
  • Access events. Timestamp and location of each QR scan. This allows businesses to see usage patterns and peak hours.
  • Cleanliness scores. Anonymous ratings submitted after restroom use. These scores are tied to hashed identifiers, not real identities.
  • Business account information. Name, email, and billing details provided by business owners when they sign up for a LooiQ plan.

What we do NOT collect

  • Names or personal profiles of restroom users
  • Restroom type (e.g. gender identification)
  • Email addresses of restroom users
  • GPS or location tracking of individuals
  • Browsing history or device fingerprints
  • Raw phone numbers (only the hash is stored)

How we use your data

  • Access control. Verifying QR scans and delivering the current door code to authorized users.
  • Cleanliness accountability. Tracking anonymous cleanliness scores to identify and address misuse.
  • Network ban enforcement. When a user is banned at one location, the ban propagates across the LooiQ network using only hashed identifiers.
  • Business analytics. Providing usage stats, peak hours, and cleanliness trends to business dashboards.
  • Notification delivery. Standard communications related to the service.

Data sharing

We do not sell, rent, or trade personal data. Period.

When a ban is issued, the hashed identifier is stored on secured servers for verification across the LooiQ network so that other participating locations can enforce it. No real phone numbers, names, or other identifying information is included in this process.

Data retention

Access event logs are retained for up to 12 months and then automatically deleted. Hashed identifiers associated with active bans are retained for the duration of the ban up to indefinite periods. You may contact support@looiq.io and submit a request to remove a ban should you acquire a new phone number with a ban associated with it. Business account data is retained while the account is active and deleted within 30 days of account closure upon request.

Third-party service providers

We use the following third-party services to operate the LooiQ website. Each processes data only as necessary to provide their service:

  • Vercel, Inc. — Website hosting, analytics (page views, performance metrics). Data processed in the United States. Privacy policy
  • HubSpot, Inc. — Contact form processing. Collects name, email, company, and message submitted through our contact and enterprise inquiry forms. Data processed in the United States. Privacy policy

Cookies

The LooiQ website uses minimal, first-party cookies for basic analytics (page views, performance metrics) provided by Vercel. We do not use third-party ad cookies or cross-site tracking of any kind.

Analytics cookies are only set after you give consent via our cookie banner. You can manage your cookie preferences at any time by clicking “Cookie Preferences” in the website footer.

Your rights

Because we store only hashed identifiers for restroom users, there is no personal data to access, export, or delete. For business account holders, you can request data export or account deletion at any time by contacting us.

Contact

Questions about this policy? Reach us at hello@looiq.io.

Questions about removing a ban, updating your account, or switching your number? Contact support@looiq.io.