perfloopnotify me →

Privacy Policy

last updated · june 10, 2026

This Privacy Policy explains how Commonplane, Inc. ("Commonplane," "we," "us") collects, uses, and shares information in connection with the Perfloop website at perfloop.ai (the "Site") and the Perfloop product and services (the "Service"). Perfloop is a product of Commonplane, Inc.

Who we are

For the Site and for personal information about prospective customers and website visitors, Commonplane, Inc. is the data controller. For customer source code and telemetry that the Service processes on a customer's behalf, the customer is the controller and Commonplane is the processor; that processing is governed by the customer's agreement and Data Processing Addendum, and is described in detail on our Security & Data Access page.

Information we collect

Information you provide. When you request early access or contact us, we collect your email address and any information you choose to include, such as the workload or repository you describe. If you create a Perfloop account, we collect identifiers such as your name and email through our authentication provider.

Information collected automatically. When you visit the Site, our hosting infrastructure records standard technical data — IP address, referring URL, the pages you request, and browser and device type — in server logs. We also use Vercel Web Analytics, a privacy-focused, cookieless analytics service, to measure aggregate traffic such as page views, referrers, approximate location, and device and browser type. The Site does not use advertising or cross-site tracking cookies.

Customer data. When a customer connects a repository or telemetry source, the Service accesses and processes that data strictly as set out in the data-access contract on our Security page. We act as the customer's processor for that data; exactly what crosses the boundary, what we retain, and for how long are specified there.

How we use information

We use personal information to:

  • respond to your inquiries and provide access to the Service;
  • operate, maintain, secure, and improve the Site and Service;
  • authenticate users and protect against fraud, abuse, and security incidents;
  • communicate with you about early access and product updates;
  • comply with legal obligations and enforce our terms.

We do not sell your personal information. We do not use customer code or telemetry to train AI models, and neither do our model providers — inference runs under zero-data-retention terms, as described on the Security page.

Legal bases (EEA and UK)

Where the GDPR or UK GDPR applies, we rely on: your consent (for example, marketing emails); our legitimate interests in operating and securing the Site and Service and in responding to you; performance of a contract where you are a customer; and compliance with legal obligations. You may withdraw consent at any time.

How we share information

We share personal information only with service providers that process it on our behalf, under contract and only as needed to run the Site and Service:

  • Google Cloud Platform — hosting of the Service and AI inference via Vertex AI (United States).
  • WorkOS — user authentication and identity.
  • Axiom — our own operational telemetry, which excludes customer code and customer telemetry content.
  • Vercel — hosting and privacy-focused, cookieless web analytics for the Site.
  • Communications and business-operations tools — the systems we use to receive and respond to your inquiries, such as team messaging and email.

We may also disclose information where required by law or legal process, or to protect rights, safety, and security; and in connection with a merger, acquisition, or sale of assets, subject to this Policy. A current subprocessor list for the Service is available on request.

International transfers

We are based in the United States, and our providers, including Google Cloud, process data in the United States. Where we transfer personal information from the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the Standard Contractual Clauses.

Data retention

We retain personal information for as long as needed for the purposes described here — to maintain your account or respond to you — and as required by law. Marketing contacts are retained until you unsubscribe or ask us to delete them. Customer-data retention for the Service is specified in the data-access contract on the Security page.

Security

We protect information with the technical and organizational measures described on our Security page, including encryption in transit and at rest, least-privilege access, and a contained agent-execution architecture. No method of transmission or storage is completely secure.

Your rights

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to the processing of your personal information, and to withdraw consent.

  • EEA, UK, Switzerland: you may exercise the GDPR rights above and lodge a complaint with your supervisory authority.
  • California (CCPA/CPRA): you may request to know, access, correct, and delete personal information. We do not sell or "share" personal information for cross-context behavioral advertising, and we will not discriminate against you for exercising your rights.

To exercise any right, email privacy@perfloop.ai. We will verify your request and respond as required by law.

Cookies

The Site uses cookies that are strictly necessary for it to function. Our analytics provider, Vercel Web Analytics, is cookieless. We do not use advertising or cross-site tracking cookies.

Children

The Site and Service are not directed to children under 16, and we do not knowingly collect personal information from them.

Changes

We may update this Policy. We will post the updated version with a new "last updated" date and, where appropriate, provide additional notice.

Contact

Commonplane, Inc.
privacy@perfloop.ai