When you use Loophole's AI-powered features - some prompts are sent to third-party AI providers (like OpenAI, Anthropic, Google, Perplexity, etc) to generate responses. Here's what you should know about how that data is handled.
Does Loophole sell my data?
No. Loophole does not sell your data. Not your prompts, not your AI responses, not your account information. Period.
Does Loophole use my data to train AI models?
No. Loophole uses API-tier access with every AI provider we work with. Under standard API terms, your prompts and responses are not used to train or improve AI models. This applies to every Loophole account - Personal, Business, and Enterprise.
What happens to my prompts?
When you submit a prompt through any Loophole AI feature, it's sent securely over encrypted connections to be processed. Depending on the task, your prompt may be handled differently:
Some AI tasks - like summarizing conversations, generating image overviews, or analyzing uploaded documents - are processed entirely on-platform using Loophole's own AI infrastructure. These requests are never sent to third-party providers like OpenAI, Anthropic, Google, Perplexity, etc. Your data goes in, the result is generated, and nothing is stored.
Other AI tasks are processed by third-party AI providers (like OpenAI, Anthropic, Google, Perplexity, etc). Under standard API terms, these providers may retain inputs and outputs for up to 30 days for safety and abuse monitoring purposes. This is standard practice across the industry - it's how providers detect and prevent misuse of their platforms. After that window, the data is deleted. This retention does not involve using your data for model training, and it is not reviewed by humans under normal circumstances.
Loophole also maintains its own internal logs for things like usage tracking, billing, service quality, and abuse prevention, as outlined in our Terms & Conditions.
What is Zero Data Retention (ZDR)?
Zero Data Retention is an optional feature available exclusively to Enterprise accounts. When ZDR is enabled, your AI requests are routed through a specialized pipeline that instructs the AI providers not to retain any of your prompt or response data - not even temporarily for abuse monitoring. The data is processed, the response is generated, and nothing is stored on the provider's side.
ZDR is designed for Enterprise clients handling highly sensitive information who want the maximum level of control over how third-party AI providers interact with their data.
Is my data safe without ZDR?
Yes. The standard setup that every Loophole account uses is the same level of protection that major companies rely on when building with these AI platforms. Your data is encrypted in transit, never used for AI training, and subject to strict provider-level data policies with limited retention windows.
ZDR doesn't make standard handling unsafe by comparison - it simply eliminates the short-term provider-side retention window for clients whose use cases demand it.
โ ๏ธ Note: This article is a simplified summary. For the most accurate and complete terms, please review our Terms and Conditions and Privacy Policy.