Privacy Policy

This Privacy Policy applies to all individuals who interact with Looot, including:

• Website Visitors — individuals who browse or interact with our official website.
• Platform Users — individuals or organizational representatives who register for an account on our platform, subscribe to our services, or otherwise consume our datasets.
• Contributors — individuals who choose to share video content with us, whether by uploading existing footage from their own libraries or by recording new footage in the Looot mobile app.

For the purposes of the GDPR, Looot is the data controller for personal information collected from website visitors, platform users, and contributors. We determine the purposes and means by which your personal data is processed, and we are responsible for the anonymized datasets we curate, version, and distribute through our platform.

For any question, request, or concern related to the way your personal data is handled, you can reach our privacy team at privacy@looot.xyz.

We collect information to provide and improve our services. The categories below describe what we collect and how we obtain it.

Information you provide directly

• Account registration data: when you create an account, we collect your name, email address, a password, and, where relevant, your company name and job title.
• Contributor profile data: contributors provide details such as country, city, language preference, and a profile picture.
• Subscription and billing data: paid plans require billing information, which is securely processed by our third-party payment providers. We do not store your full payment card on our servers; we may keep limited details such as the last four digits of the card and its expiration date for verification and administrative purposes.
• Communications data: when you contact us via email, contact forms, or in-app support, we collect the information you choose to share, such as your name, email address, and the content of your message.

Information collected automatically

As you navigate our website and platform, we automatically collect certain information about your device and how you use the service.

• Log and device information: IP address, browser type, operating system, unique device identifiers, the pages you visited, and access timestamps.
• Usage analytics: which features you use, the pages you view, the time you spend on them, and other interaction signals. This helps us understand how the platform is used and how to improve it.
• Cookies and similar technologies: small text files used to operate the site and personalize your experience. We use them for essential functions such as keeping you signed in and, with your consent, for performance and analytics. Where we use third-party analytics, we configure them to anonymize IP addresses where possible. You can manage non-essential cookies through your browser settings.

We are committed to the principle of purpose limitation: we use your personal data only for specified, explicit, and legitimate purposes, including:

• Providing, maintaining, and improving the Looot platform and services.
• Personalizing your experience on the platform.
• Providing customer support and responding to your inquiries.
• Communicating with you about your account, your contributions, and updates to our services.
• Performing analytics and quality improvements.
• Detecting and preventing fraud, abuse, or security incidents.
• Complying with our legal and regulatory obligations.

Every processing activity we undertake is grounded in a valid legal basis as required by the GDPR.

• Performance of a contract (Article 6(1)(b)) — when processing is necessary to deliver the services you have signed up for, including handling contributor payouts.
• Legitimate interests (Article 6(1)(f)) — for example, securing our platform, preventing fraud, and improving the quality of our services, after carefully balancing our interests against your rights.
• Consent (Article 6(1)(a)) — where you have given us specific and informed consent, such as enabling non-essential cookies or sharing optional information.
• Legal obligation (Article 6(1)(c)) — where we are required by law to retain or disclose certain information.

You may withdraw any consent you have given at any time, without affecting the lawfulness of processing carried out before your withdrawal.

A core part of what we do at Looot is curating large, diverse video datasets that help train the next generation of physical AI and world models. Unlike many data collection programs, Looot is intentionally source-agnostic: we are interested in real footage of the real world, regardless of the device or context that produced it.

What you can submit

You may submit video content from virtually any source you legitimately own or have the right to share, including without limitation:

• Dashcam recordings.
• Footage from home or business surveillance cameras.
• Action camera and wearable camera recordings.
• Smartphone or tablet recordings, including videos already saved in your device library or cloud photo gallery.
• Drone, sports, and other handheld camera footage.
• Video recorded directly inside the Looot mobile app while completing a Mission. A “Mission” is an optional, scoped task we offer to contributors who would like a brief to record against — it is one capture path among many, not the default.

What we receive with your submission

Depending on the source, the data we receive in connection with your submission may include the video itself, the audio track, timestamps, and any metadata embedded in the file by the source device. Examples of such metadata include EXIF tags, GPS coordinates baked into dashcam files, and motion sensor streams (for example gyroscope or accelerometer readings) when video is recorded inside the Looot mobile app on devices that expose them.

We encourage contributors to review the metadata associated with their files and to remove anything they do not wish to share before uploading. As part of our processing pipeline, we may strip, normalize, or coarse-grain certain metadata fields server-side, particularly when they are not necessary for the research purpose of the dataset.

Your warranties as a contributor

By submitting video content to Looot, you confirm that:

• You own the footage or otherwise hold the rights necessary to share it with us and to allow it to be processed and licensed for AI research.
• You have obtained any necessary consents from individuals who are identifiable in the footage and, where required, from the owners of property or premises that are clearly depicted.
• The submission complies with the applicable laws of your jurisdiction concerning recording, surveillance, image rights, and privacy.

If you become aware that a submission no longer satisfies these conditions — for example because someone identifiable in the footage withdraws their consent — please contact us at privacy@looot.xyz so that we can take appropriate action.

Anonymization, security, and our roadmap

Our long-term commitment is to ensure that the datasets we distribute do not contain identifiable personal data. We approach this through a combination of measures that exist today and capabilities we are actively building.

Today, raw footage you submit is uploaded over encrypted channels, stored in access-controlled object storage hosted in the European Union, and accessible only to a limited number of authorized Looot personnel for the strict purpose of curation, quality control, and dataset preparation. Contributors are guided to avoid recording identifiable third parties wherever practical, and we apply blurring and other de-identification techniques to dataset releases before they are shared with researchers or commercial subscribers.

Looking ahead, we are extending our pipeline with automated, source-agnostic anonymization — including face and license-plate blurring — with the goal of applying these protections as early in the lifecycle as possible, including on-device whenever the originating hardware permits. Once these transformations are applied and the resulting data is no longer reasonably re-identifiable, the resulting datasets are intended to fall outside the scope of personal data protection laws.

The reason we curate these datasets in the first place is to accelerate innovation in artificial intelligence and robotics. We follow a dual-tiered distribution model designed to support a vibrant research community while building a sustainable business:

• Community and open-source contributions. We periodically release portions of our anonymized data to the public research community to support reproducible science, education, and benchmarking.
• Commercial subscriptions. We license curated, versioned, and quality-controlled datasets to research labs and companies through paid subscriptions. These subscriptions help fund the continued operation of the platform and the compensation of our contributors.

We take the security of all the data under our control very seriously. We have implemented appropriate technical and organizational measures designed to protect personal data and to safeguard the proprietary anonymized datasets we maintain.

• Encryption — data is encrypted in transit and at rest using industry-standard protocols.
• Access control — strict role-based access controls limit who within Looot can view raw data, with all access subject to logging and review.
• Secure infrastructure — our services are hosted on Google Cloud Platform in the europe-west1 region, including managed compute, database, and object storage services.
• Monitoring and audits — we monitor our infrastructure for anomalous activity and conduct regular security reviews.
• Employee training — our team receives ongoing training on data protection, secure development, and incident response.

We retain personal data only for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. Anonymized datasets may be retained for long-term research purposes, but we periodically review them to confirm they remain free of identifiable personal data.

Our infrastructure is hosted in the European Union by default. Some of the third-party service providers we work with, however, may operate from or transfer data to countries outside the European Economic Area. When this happens, we ensure the transfer benefits from an appropriate safeguard recognized under the GDPR, such as an adequacy decision by the European Commission or the use of Standard Contractual Clauses (SCCs), accompanied where necessary by additional technical and organizational measures.

Subject to applicable law, you have the following rights in relation to the personal data we hold about you:

• The right to be informed about how your personal data is processed.
• The right to access the personal data we hold about you.
• The right to rectification of inaccurate or incomplete personal data.
• The right to erasure (the “right to be forgotten”) in certain circumstances.
• The right to restrict processing in certain circumstances.
• The right to data portability — to receive your data in a structured, commonly used, machine-readable format.
• The right to object to processing based on our legitimate interests.
• The right to withdraw consent at any time, where processing is based on consent.
• The right to lodge a complaint with a supervisory authority if you believe your data protection rights have been infringed.

To exercise any of these rights, please contact us at privacy@looot.xyz. We will respond without undue delay and within the statutory timelines.

If you have any questions, concerns, or requests about this Privacy Policy or our data protection practices, please get in touch:

Email: privacy@looot.xyz

We always appreciate the opportunity to address your concerns directly before you approach a supervisory authority.