Analytics preference

Help us improve SecondLoop with optional analytics. Session replay only runs on public and sign-in entry pages after you accept, and declining will not affect your access.

Privacy policy

SecondLoop

Run free Revenue Scan

Legal

Public service policies and purchase disclosure

These pages explain how SecondLoop handles access, billing, personal data, and statutory disclosure for the public self-serve service.

Privacy policy

Privacy posture for the public self-serve service

This policy explains how SecondLoop handles personal data for the public service.

Analytics preference

Optional PostHog analytics and replay

Current status: Not set. PostHog analytics and Session Replay run only after you accept. You can decline or change this setting without losing access to SecondLoop.

Data we collect

We collect account and authentication data, workspace setup details, Stripe connection metadata, billing state, webhook and recovery event data, support and disclosure correspondence, limited product analytics events, and technical logs needed to secure and operate the service.

Why we use data

We use personal data to provide access, operate billing recovery workflows, respond to support and disclosure requests, secure the product, prevent abuse, and comply with legal obligations.

Infrastructure and subprocessors

SecondLoop uses infrastructure and service providers such as Vercel for application hosting, Postgres for application data storage, Stripe for billing and billing-linked data, Resend for transactional email delivery, and PostHog for optional product analytics only after consent when configured.

Product analytics

SecondLoop records first-party product events such as page views, CTA clicks, signup and onboarding progress, Revenue Scan views, billing actions, and recovery actions in its own product_events table as a business KPI ledger. These first-party events continue without PostHog consent and use pseudonymous visitor, session, user, and workspace hashes to deduplicate traffic where possible. They are designed not to store raw IP addresses, raw user agents, email addresses, Stripe customer IDs, invoice IDs, subscription IDs, payment details, tokens, or secrets.

Optional PostHog analytics

PostHog browser analytics, server-side PostHog capture, and Session Replay run only after you accept optional analytics. Declining or withdrawing consent does not affect your ability to use SecondLoop.

Session replay boundary

PostHog Session Replay is limited to the public and auth entry pages: homepage, pricing, signup, login, contact, FAQ, and security. Inputs are masked. Onboarding, case detail, billing, customers, Revenue Proof, settings, MFA and device screens, API routes, recovery links, open pixels, and embedded customer widget routes are excluded from replay.

Retention

We keep account, billing, recovery, and operational records only for as long as needed to operate the service, support customers, resolve disputes, enforce terms, and satisfy legal requirements. First-party product analytics events are deleted after 180 days. Other data may be deleted or anonymized when it is no longer needed for those purposes.

Disclosure handling

Requests for Specified Commercial Transactions Act disclosure and privacy-related inquiries are logged so we can respond promptly and keep a durable record of how the request was handled.

Your requests

You may contact us to request access, correction, deletion, or other handling of personal data where applicable under Japanese law. We may need to verify your identity before acting on a request.

Contact window

Privacy and data handling requests can be sent to support@secondloop.dev. Specified Commercial Transactions Act disclosure requests can be sent through the disclosure request flow or by emailing legal@secondloop.dev.

Related product pages

See the security page for product boundaries and the contact page if you need to ask about product-specific data handling.