Privacy Policy
This Policy explains what information Lootrunners collects, how we use and share it, and the choices and rights you have. We aim to collect only what we need to run the Service, and to be transparent about the rest.
Who we are
Lootrunners (“Lootrunners,” “we,” “us”) provides an agency contractor-payment operations platform for customer-controlled stablecoin pay cycles, contractor payment requests, wallet verification, payment evidence, and reconciliation. This Policy applies to information we process through our website and the Service.
For most data about contractors and clients, the Customer (the organization using the Service) is the controller and Lootrunners acts as a processor on its behalf. For our website, account administration, and billing, Lootrunners is the controller.
Information we collect
We collect the following categories of information:
- Account data — names, work email, role, organization details, and authentication data for users who create or manage a workspace.
- Contractor & recipient data — legal or business name, country, address, tax residency, engagement type, tax forms, and payout preferences, submitted by contractors or by the Customer.
- Engagement & financial records — clients, projects, budgets, milestones, invoices, approvals, payout instructions, fees, and reconciliation records.
- Payment-related data — wallet addresses, supported networks, payment destinations, wallet verification events, transaction hashes, test-payment records, settlement status, receipts, fees, and reconciliation records. Lootrunners does not collect or store customer private keys.
- Usage & device data — log data, IP address, device and browser information, and product interactions, collected to operate and secure the Service.
- Integration data — information exchanged with accounting and payment tools you connect, such as QuickBooks Online, Xero, or Stripe.
How we use information
We use information to operate contractor payment requests, wallet verification, test payments, pay-run preparation, settlement monitoring, receipts, audit logs, compliance checks, support, and accounting exports. We do not sell personal information.
We may use aggregated or de-identified data, which does not identify any individual, for analytics and product development.
Legal bases
Where the GDPR or similar laws apply, we process personal data on the basis of: performance of a contract; compliance with legal obligations (including AML and sanctions requirements); our legitimate interests in operating and securing the Service; and consent where required. Where we act as a processor, we process data under our agreement with the Customer.
How we share
We share information only as needed to run the Service:
- Blockchain networks & infrastructure — public blockchain networks and the wallet-connection, node, and RPC providers used to prepare, broadcast, and confirm the payments a Customer signs and funds from its own wallet. Lootrunners does not custody, convert, or transmit funds.
- Service providers — vendors that host infrastructure, process data, or provide support under contractual confidentiality and security obligations.
- Integrations you authorize — accounting and payment systems you connect to your workspace.
- Legal & safety — authorities or parties where required by law, to enforce our terms, or to protect rights, safety, and the integrity of the Service. In a merger or acquisition, data may transfer as part of the transaction.
International transfers
We operate globally and may transfer and process information in countries other than where it was collected, including the United States. Where required, we use appropriate safeguards for cross-border transfers, such as the European Commission’s Standard Contractual Clauses or another lawful transfer mechanism.
Retention
We retain information for as long as needed to provide the Service and for legitimate business and legal purposes, including tax, accounting, audit, and compliance obligations, which may require retaining certain financial and transaction records for several years. When information is no longer needed, we delete or de-identify it.
Security
We use technical and organizational measures designed to protect information, including encryption in transit and at rest, least-privilege access controls, multi-factor authentication, payment-destination controls and holds, signed webhook validation, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. Residents of California and certain other states may have rights to know, delete, correct, and opt out of the “sale” or “sharing” of personal information; we do not sell personal information.
If a Customer controls your data (for example, your agency or the agency that engaged you), please direct requests to that organization; we will assist them as a processor. Otherwise, you can contact us using the details below. We will not discriminate against you for exercising your rights.
Cookies & analytics
We use necessary cookies to operate the Service and may use limited analytics to understand usage and improve the product. You can control cookies through your browser settings; disabling some cookies may affect functionality. Where required, we request consent for non-essential cookies.
Contractor data
When a Customer invites a contractor or vendor, that individual provides information to be paid through the Service. The Customer determines how that information is used within its workspace. We process it to deliver the Service, prepare and record the payments the Customer signs and funds from its own wallet, and meet compliance obligations, and we make payment-history and document records available to the contractor through their portal.
Children’s privacy
The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will take appropriate steps to delete it.
Changes
We may update this Policy from time to time. If we make material changes, we will provide notice by posting the updated Policy with a new effective date or by notifying you in the Service. Your continued use after changes take effect constitutes acceptance.
Contact
For privacy questions or to exercise your rights, contact our privacy team.
Lootrunners · Chicago, IL · [email protected]