What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy engages GDPR (EU) and UK GDPR for European users, CCPA and CPRA for California residents, Australia's Privacy Act 1988 for Australian users, and Brazil's LGPD for Brazilian users. The FTC holds general enforcement authority in the US context. Cross-border data transfers from the EU/EEA rely on Standard Contractual Clauses as the primary transfer mechanism; compliance teams should verify whether current SCCs have been updated to reflect the 2021 EU Commission…

How does Loom's Loom Privacy Policy affect users?

Loom users' video recordings, transcripts, and engagement metadata fall under Atlassian's data collection framework, which permits use for product analytics, service improvement, and AI feature development. Enterprise customers using Loom through a business account should note that their organization's administrator controls certain data settings and may have separate data processing agreements with Atlassian that affect individual user rights. You can submit a data access, deletion, or restric…

How often is Loom's Loom Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Loom updates this document?

Yes. Watcher subscribers ($9.99/month) can add Loom to their watchlist and receive same-day email alerts whenever this document or any other Loom document changes.

CA-D-000565

Loom Privacy Policy

Loom

Last change detected May 5, 2026 Privacy policy

SHA-256: 065111cefdcb43fb98a… 1 version captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Loom ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

6 Total

0 High severity

5 Medium severity

1 Low severity

Summary

This is Atlassian's privacy policy, which covers Loom (the video messaging tool) alongside all other Atlassian products like Jira and Confluence. The most important thing for Loom users is that video recordings, transcripts, and viewing behavior you generate on Loom may be collected and used by Atlassian for product improvement, analytics, and potentially AI feature development. If you are an EU resident or California resident, you have specific rights to access, delete, or restrict processing of your personal data, and you can exercise those rights through Atlassian's privacy request portal.

Technical / Legal Breakdown

This document is Atlassian's global privacy policy, which governs data collection and processing across Atlassian's product suite including Loom, following Atlassian's 2023 acquisition of Loom. The policy states it covers information collected through Atlassian websites, products, and services, asserting legal bases including contractual necessity, legitimate interests, and consent for processing personal data. Notable provisions include the collection of video content and associated metadata through Loom, behavioral and usage analytics across the Atlassian platform, and data sharing with third-party service providers, resellers, and affiliated entities; the policy also reserves rights to process data for AI model improvement and product development purposes, which engages considerations beyond standard SaaS data processing disclosures. The policy engages GDPR for EU/EEA users, the UK GDPR post-Brexit, CCPA and CPRA for California residents, Australia's Privacy Act, and other regional frameworks; Atlassian designates itself as data controller for account and usage data while acting as data processor for customer-uploaded content in enterprise contexts, a dual-role structure that creates distinct compliance obligations depending on deployment type. Material compliance considerations include the adequacy of consent mechanisms for AI training on video content, the scope of cross-border data transfers under Standard Contractual Clauses, and the delineation of controller versus processor responsibilities in enterprise and reseller arrangements.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 5 provisions

Collection of Video and Usage Data via Loom

When you use Loom, Atlassian collects the videos you record, associated transcripts, and behavioral data about how you and viewers interact with that content.

Added May 10, 2026 Rare
AI and Product Improvement Data Use Compare →

Atlassian's policy permits the use of data generated through its services, potentially including Loom recordings and transcripts, to improve its products and develop AI-powered features.

Added May 10, 2026 Common Seen across 104 platforms
Third-Party Service Provider Data Sharing Compare →

Atlassian shares personal data with third-party vendors and service providers who help operate its products, including potentially cloud infrastructure, analytics, and AI service partners.

Added May 10, 2026 Standard Seen across 246 platforms
Controller vs. Processor Dual Role Compare →

Atlassian acts as the data controller for account and usage data but acts as a data processor for content that enterprise customers upload or generate, meaning your employer (not Atlassian) may be the party legally responsible for certain decisions about your data.

Added May 10, 2026 Standard Seen across 189 platforms
Cross-Border Data Transfers Compare →

Atlassian transfers personal data internationally, including from the EU/EEA to the United States and other countries, relying on mechanisms such as Standard Contractual Clauses to make those transfers lawful.

Added May 10, 2026 Standard Seen across 246 platforms

Low — 1 provision

User Rights: Access, Deletion, and Restriction Compare →

The policy states that users, particularly those in the EU, UK, and California, have rights to access, delete, correct, or restrict processing of their personal data, which they can exercise through Atlassian's privacy request mechanism.

Added May 10, 2026 Standard Seen across 223 platforms

Monitoring

Loom has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Employer/Administrator Access to User Data and similar clauses.

Compare across platforms →