What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR (EU) and UK GDPR for European users, CCPA and CPRA for California residents, Australia's Privacy Act 1988 for Australian users, and Brazil's LGPD for Brazilian users. The FTC holds general enforcement authority in the US context. Cross-border data transfers from the EU/EEA rely on Standard Contractual Clauses as the primary transfer mechanism; compliance teams should verify whether current SCCs have been updated to reflect the 2021 EU Commission…

How does Loom's Loom Privacy Policy affect users?

Loom users' video recordings, transcripts, and engagement metadata are subject to collection and use under Atlassian's stated purposes of product analytics, service improvement, and AI feature development. For enterprise customers, the organization's administrator controls certain data settings, and separate data processing agreements between the organization and Atlassian may establish additional terms governing individual user data. Individuals in EU and California jurisdictions may exercise …

How often is Loom's Loom Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Loom updates this document?

Yes. Monitor subscribers ($19/month) can add Loom to their watchlist and receive same-day email alerts whenever this document or any other Loom document changes.

CA-D-000565

Loom Privacy Policy

Loom

Last change detected May 5, 2026 Privacy policy

SHA-256: 065111cefdcb43fb98a… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Loom ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

6 Total

0 High severity

5 Medium severity

1 Low severity

Summary

This document is Atlassian's privacy policy covering Loom and other Atlassian products. The policy establishes that video recordings, transcripts, and viewing behavior generated on Loom are collected and may be used for product improvement, analytics, and AI feature development. The policy authorizes EU and California residents to submit requests for access, deletion, or restriction of personal data processing through Atlassian's privacy request portal.

Technical / Legal Breakdown

This document is Atlassian's global privacy policy, which governs data collection and processing across Atlassian's product suite including Loom, following Atlassian's 2023 acquisition of Loom. The policy states it covers information collected through Atlassian websites, products, and services, asserting legal bases including contractual necessity, legitimate interests, and consent for processing personal data. Notable provisions include the collection of video content and associated metadata through Loom, behavioral and usage analytics across the Atlassian platform, and data sharing with third-party service providers, resellers, and affiliated entities; the policy also reserves rights to process data for AI model improvement and product development purposes, which engages considerations beyond standard SaaS data processing disclosures. The policy engages GDPR for EU/EEA users, the UK GDPR post-Brexit, CCPA and CPRA for California residents, Australia's Privacy Act, and other regional frameworks; Atlassian designates itself as data controller for account and usage data while acting as data processor for customer-uploaded content in enterprise contexts, a dual-role structure that creates distinct compliance obligations depending on deployment type. Material compliance considerations include the adequacy of consent mechanisms for AI training on video content, the scope of cross-border data transfers under Standard Contractual Clauses, and the delineation of controller versus processor responsibilities in enterprise and reseller arrangements.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

Medium — 5 provisions

Collection of Video and Usage Data via Loom Compare →

When you use Loom, Atlassian collects the videos you record, associated transcripts, and behavioral data about how you and viewers interact with that content.

Added May 10, 2026 Standard Seen across 284 platforms
AI and Product Improvement Data Use Compare →

Atlassian's policy permits the use of data generated through its services, potentially including Loom recordings and transcripts, to improve its products and develop AI-powered features.

Added May 10, 2026 Standard Seen across 284 platforms
Third-Party Service Provider Data Sharing Compare →

Atlassian shares personal data with third-party vendors and service providers who help operate its products, including potentially cloud infrastructure, analytics, and AI service partners.

Added May 10, 2026 Standard Seen across 252 platforms
Controller vs. Processor Dual Role Compare →

Atlassian acts as the data controller for account and usage data but acts as a data processor for content that enterprise customers upload or generate, meaning your employer (not Atlassian) may be the party legally responsible for certain decisions about your data.

Added May 10, 2026 Standard Seen across 284 platforms
Cross-Border Data Transfers Compare →

Atlassian transfers personal data internationally, including from the EU/EEA to the United States and other countries, relying on mechanisms such as Standard Contractual Clauses to make those transfers lawful.

Added May 10, 2026 Standard Seen across 284 platforms

Low — 1 provision

User Rights: Access, Deletion, and Restriction Compare →

The policy states that users, particularly those in the EU, UK, and California, have rights to access, delete, correct, or restrict processing of their personal data, which they can exercise through Atlassian's privacy request mechanism.

Added May 10, 2026 Standard Seen across 284 platforms

Monitoring

Loom has updated this document before.

Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

Compliance Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Compliance free trial

Cross-platform context

See how other platforms handle Employer/Administrator Access to User Data and similar clauses.

Compare across platforms →