Terms & Conditions

Key points

• Loot is a financial management tool for Canadian freelancers. You own your data.
• Your data is stored on servers in the United States (Supabase, Vercel, Stripe). We do not claim Canadian data residency.
• We do not sell your personal information. We do not serve ads.
• You can delete your account and all associated data at any time through your account settings.
• Loot includes gamification features (Streaks, Drops, Haul). These are part of the core service. There is no separate fee or subscription for them.

1. Agreement to terms

By creating a Loot account, you agree to these Terms & Conditions in their entirety, including the Privacy Policy in Section 11. If you do not agree, do not create an account.

You must be at least 18 years old to use Loot. By creating an account, you confirm that you meet this requirement.

2. What Loot is

Loot is a software-as-a-service (SaaS) tool that helps Canadian freelancers track invoices, payments, and client relationships. It includes a gamification layer (Streaks, Drops, and Haul) designed to encourage consistent financial habits.

Loot is not an accounting firm, tax advisor, or financial institution. The information provided in Loot does not constitute financial, legal, or tax advice. You are responsible for your own financial decisions, tax filings, and compliance with applicable laws.

3. Your account

You are responsible for maintaining the security of your account credentials. Do not share your login information with anyone.

You agree to provide accurate information when creating your account and to keep it up to date.

We reserve the right to suspend or terminate accounts that violate these terms, engage in fraudulent activity, or are used in ways that could harm other users or the service.

4. Subscription and billing

Loot offers both free and paid plans. Paid subscriptions are billed monthly through Stripe.

By subscribing to a paid plan, you authorize us to charge the payment method on file through Stripe on a recurring monthly basis until you cancel.

You can manage your subscription (including upgrading, downgrading, or cancelling) through the customer portal accessible from your account settings. Cancellation takes effect at the end of your current billing period.

Pricing is listed in Canadian dollars (CA$). We reserve the right to change pricing with 30 days' notice. Price changes do not apply retroactively to the current billing period.

Refund requests are handled on a case-by-case basis. Contact us at privacy@getloot.ca.

5. Your data and content

You retain ownership of all data you enter into Loot, including client information, invoices, payment records, and quotes.

We do not claim any intellectual property rights over your content. We access your data only to provide the service, improve the product based on aggregated and anonymized patterns, and comply with legal requirements.

You are responsible for the accuracy of the data you enter. Loot does not verify invoice amounts, client details, or payment records.

6. Gamification features

Loot's gamification features (Streaks, Drops, and Haul) are part of the core service. They track your invoicing activity and financial milestones to help build consistent habits. These features are included at every plan tier; there is no separate fee or subscription for them.

Gamification data (streak length, earned drops, monthly haul totals) is derived from your actual usage. It is not editable or transferable.

Streaks reset when a full calendar day passes without a qualifying activity (sending an invoice, sending a quote, or logging a payment). There are no grace periods.

Drops are earned achievements that unlock when you cross specific thresholds. Once earned, drops are permanent and remain in your collection even if your streak resets.

7. Acceptable use

You agree not to:

• Use Loot for any unlawful purpose
• Attempt to access other users' accounts or data
• Reverse-engineer, decompile, or attempt to extract the source code of Loot
• Use automated tools to scrape, crawl, or otherwise extract data from Loot
• Interfere with or disrupt the service or its infrastructure
• Misrepresent your identity or affiliation

8. Service availability

We aim to keep Loot available and reliable, but we do not guarantee uninterrupted service. Downtime may occur for maintenance, infrastructure updates, or circumstances beyond our control.

We are not liable for any loss of data, revenue, or business opportunity arising from service interruptions.

9. Limitation of liability

To the fullest extent permitted by Canadian law, Loot's total liability for any claim arising from your use of the service is limited to the amount you paid for Loot in the 12 months preceding the claim.

Loot is not liable for indirect, incidental, consequential, or punitive damages, including loss of profits, data, or business opportunities.

Loot is a financial tracking tool. It is not a financial institution and does not provide financial, tax, or legal advice. We are not liable for decisions you make based on information displayed in Loot, including invoice amounts, payment calculations, tax figures, or haul summaries.

10. Changes to these terms

We may update these terms from time to time. If we make changes, we will notify you by email or through the Loot application before the changes take effect.

Continued use of Loot after changes take effect constitutes acceptance of the updated terms. If you do not agree with the changes, you may delete your account.

11. Privacy Policy

The following privacy policy is part of these Terms & Conditions. By agreeing to these terms, you also consent to the collection, use, and disclosure of your personal information as described below.

11.1 Who we are

Loot (“we,” “us,” “our”) is a financial management tool for Canadian freelancers. We help you track invoices, payments, and client relationships.

Contact for privacy inquiries: privacy@getloot.ca

Mailing address:14 Eastaff St., St. John's, NL A1E 2J4

11.2 What we collect

We collect personal information necessary to provide you with Loot's services:

Account information: Your name, email address, login credentials, and (if you subscribe to a paid plan) a display name used as the sender identity on invoice and quote emails sent on your behalf.

Financial data: Invoice details, payment records, client names and contact information that you enter into Loot.

Usage data: how you interact with Loot: features used, session duration, and gamification activity (Streaks, Drops, Haul data). This helps us improve the product.

Payment information (your own subscription): If you subscribe to a paid Loot plan, Stripe processes your payment to Loot. We do not store your credit card number. Stripe's privacy practices for your subscription payment are governed by their own privacy policy.

Payment account connection: If you choose to accept client payments through Loot, you can connect your own Stripe account through our service. We store your Stripe account identifier so that Payment Links generated for your invoices route through your connected account. We do not store your Stripe login credentials, your bank account details, or any client payment card data. All payment processing happens directly between your client and Stripe; the funds settle into your Stripe balance and pay out to your bank account on Stripe's schedule.

Expense records: If you use the Spending Journal feature, we collect the amount, category, date, and optional description of business expenses you log. This information is stored in association with your account and is used to display monthly spending summaries and to qualify your habit streak.

Technical data: Browser type, device information, IP address, and similar technical identifiers collected automatically when you use Loot.

11.3 How we use your information

We use your personal information to:

• Provide and maintain Loot's core services (invoicing, payment tracking, client management)
• Calculate and display your gamification data (Streaks, Drops, Haul summaries)
• Process your subscription payments through Stripe
• Generate Stripe Payment Links on invoices you create, routed through your connected Stripe account. When you connect your Stripe account through Loot, we use that connection to issue Payment Links so your clients can pay you directly. Your clients' payment card data is collected and processed by Stripe on your connected account. We receive confirmation of a successful payment and mark the corresponding invoice in Loot. We do not handle, store, or have access to your clients' payment card information, and we do not hold or transfer the funds at any point
• Send you service-related communications (such as subscription confirmations and account notifications)
• Send invoice and quote notification emails to your clients on your behalf when you mark an invoice or quote as sent. These emails include your display name, the invoice or quote amount, and use your email address as the Reply-To address so your client can respond to you directly
• Send automated payment reminder emails to your clients on your behalf when an invoice is past due. Payment reminders are triggered automatically based on the invoice due date and reference only the specific invoice the client has already received. Like invoice notifications, these reminders include your display name, the invoice amount, and your email address as the Reply-To header. Payment reminders are a feature of paid plans.
• Track business expenses you log through the Spending Journal feature and display monthly spending summaries on your dashboard
• Improve Loot based on aggregated, anonymized usage patterns
• Comply with Canadian tax and legal requirements

We do not use your data to serve ads. We do not sell your personal information to third parties.

11.4 Where your data is stored

Loot uses third-party infrastructure providers to deliver the service:

Supabase (database): Hosted on Amazon Web Services (AWS) in the United States.

Vercel (application hosting): Servers located in the United States.

Stripe (payment processing): Headquartered in the United States.

This means your data is transferred to and stored in the United States. While Loot is built for Canadian freelancers and designed around Canadian financial workflows, our infrastructure providers operate US-based servers. We do not claim Canadian data residency.

These providers maintain their own security certifications and compliance programs. We have chosen providers with strong security track records, but we are transparent: your data crosses the border.

11.5 Your rights under PIPEDA

As a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA):

Access: You can request a copy of the personal information we hold about you.

Correction: You can ask us to correct inaccurate or incomplete personal information.

Withdrawal of consent: You can withdraw your consent to our collection, use, or disclosure of your personal information. Note that withdrawing consent may limit your ability to use Loot's services.

Deletion: You can request that we delete your personal information, subject to legal retention requirements. You can also delete your account directly through your account settings.

Complaint:You have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe your privacy rights have been violated. Quebec residents may also file a complaint with the Commission d'accès à l'information du Québec (CAI) under Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25).

• Office of the Privacy Commissioner of Canada: priv.gc.ca
• Commission d'accès à l'information du Québec: cai.gouv.qc.ca

To exercise any of these rights, contact us at privacy@getloot.ca. We will respond within 30 days.

11.6 How we protect your data

We take reasonable measures to protect your personal information:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Database-level encryption for data at rest (provided by Supabase)
• Authentication and access controls on all accounts
• Regular review of our security practices

No system is perfectly secure. We are honest about that. We take it seriously and we do our best.

11.7 Third-party services

Loot integrates with the following third-party services. Each has its own privacy policy:

• Supabase: Database and authentication infrastructure
• Vercel: Application hosting and deployment
• Stripe:Payment processing in two distinct contexts. First, Stripe processes your Loot subscription payments. Second, when you connect your own Stripe account to Loot, Stripe processes the payments your clients make on your invoices through Payment Links. In the second context, Stripe is your payment processor (you are the merchant), and Loot is the Connect platform that issues the Payment Links on your behalf. Funds from client payments settle directly into your Stripe balance and are paid out to your bank account on Stripe's schedule. Loot does not hold these funds. Stripe's privacy practices in both contexts are governed by their own privacy policy. Connecting your Stripe account through Loot is also subject to the Stripe Connected Account Agreement.
• Resend: Email delivery for invoice notifications, automated payment reminders, and service communications. When you send an invoice through Loot, Resend delivers the notification email to your client. When an invoice becomes past due, Resend delivers an automated reminder on your behalf. These emails include your display name, invoice amount, and your email address (as the Reply-To header) so your client can reach you directly.

We only share the minimum personal information necessary for each service to function. We do not share your financial data (invoice details, client information, payment records) with any third party except as required to provide the service or comply with law.

11.8 Cookies and tracking

Loot uses essential cookies to keep you logged in and maintain your session. We do not use advertising cookies or third-party tracking pixels.

If we introduce analytics tools in the future, we will update this policy and notify you.

11.9 Data retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required by law to retain it (for example, tax-related records may be retained for up to 6 years as required by the Canada Revenue Agency).

11.10 Children

Loot is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we learn that we have collected personal information from a minor, we will delete it promptly.

11.11 Security breaches and notification

If we experience a security breach that creates a real risk of significant harm to you (such as unauthorized access to your financial data, client information, or account credentials), we will:

Notify you directly by email at the address on your account within 72 hours of determining that a breach has occurred and creates a real risk of significant harm. Our notification will include what happened, what information was involved, what we are doing about it, and what you can do to protect yourself.

Report to regulators as required: the Office of the Privacy Commissioner of Canada under PIPEDA, and the Commission d'accès à l'information du Québec under Quebec Law 25 where applicable.

Maintain records of all privacy breaches internally, whether or not they trigger mandatory notification.

If you believe your Loot account has been compromised, contact us immediately at privacy@getloot.ca.

11.12 Payment processing through Stripe Connect

Loot uses Stripe Connect to enable you to accept client payments on invoices you generate. To use this feature, you must connect your own Stripe account to Loot through our service. When you do, Loot acts as a payment platform; you remain the merchant of record on every payment your clients make through a Payment Link issued from your Loot invoice. Your clients' payment card data is collected and processed by Stripe directly on your connected account. Loot does not collect, store, or transmit your clients' payment card information at any point. Loot does not hold or transfer client funds; client payments settle directly into your Stripe account on Stripe's standard schedule. Connecting your Stripe account through Loot is subject to the Stripe Connected Account Agreement, which governs the terms of your relationship with Stripe. You are responsible for compliance with applicable tax, regulatory, and reporting obligations on the payments you receive. Loot is not a financial institution and does not provide financial, tax, or legal advice.

12. Governing law

These terms are governed by the laws of the Province of Newfoundland and Labrador and the federal laws of Canada applicable therein.

13. Contact

Questions about these terms, your account, or your personal information?

Email: privacy@getloot.ca

Mailing address:14 Eastaff St., St. John's, NL A1E 2J4

You can also contact the Office of the Privacy Commissioner of Canada at priv.gc.ca. Quebec residents may contact the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.