Privacy Policy

1. Introduction

Hookline ("we", "us", "our", or "Hookline") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our creative intelligence platform ("Service").

By using Hookline, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Email address
• Name
• Company name
• Role/title
• Monthly ad spend (optional)
• Profile information you choose to provide

Authentication:

• Account credentials are managed by Clerk (our authentication provider)
• We do not store passwords directly

2.2 Information from Connected Accounts

Meta (Facebook/Instagram) Advertising Data:

• Ad account IDs and names
• Ad performance metrics (impressions, clicks, spend, conversions, CTR, CPA)
• Ad creative content (images, videos, primary text, headlines)
• Ad metadata (campaign names, ad set information)
• OAuth access tokens (stored securely, encrypted at rest)

TikTok Advertising Data:

• Ad account IDs and names
• Ad performance metrics (impressions, clicks, spend, conversions, CTR, CPA)
• Ad creative content (images, videos, captions)
• Ad metadata (campaign information)
• OAuth access tokens (stored securely, encrypted at rest)

Note: We only access read-only data from your advertising accounts. We do not modify, create, or delete ads.

2.3 Automatically Collected Information

Usage Data:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent
• Actions taken within the Service
• Date and time of access
• Referring website addresses

Technical Data:

• Cookies and similar tracking technologies
• Session information
• Error logs and diagnostic data

2.4 AI Processing Data

When we analyze your ads using AI services (OpenAI and Anthropic), we may send:

• Ad creative images and videos (to OpenAI GPT-4 Vision for visual analysis)
• Ad copy and text (to Anthropic Claude for text analysis)
• Performance metrics (for pattern analysis)

This data is processed by third-party AI providers according to their privacy policies.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• To provide and maintain the Service
• To authenticate your account and manage access
• To connect and sync your advertising accounts
• To analyze your ad performance data
• To generate AI-powered insights and scripts
• To detect ad fatigue and performance patterns
• To generate and deliver weekly intelligence reports
• To provide customer support

3.2 Service Improvement

• To understand how you use the Service
• To improve and optimize the Service
• To develop new features and functionality
• To fix bugs and technical issues
• To ensure security and prevent fraud

3.3 Communication

• To send you service-related notifications
• To send weekly intelligence reports via email
• To respond to your inquiries and support requests
• To send important updates about the Service
• To send marketing communications (with your consent, opt-out available)

3.4 Legal Compliance

• To comply with legal obligations
• To enforce our Terms of Service
• To protect our rights and the rights of users
• To respond to legal requests and court orders

4. Third-Party Services and Data Sharing

4.1 Service Providers

We use the following third-party services that may process your data:

4.2 Data Sharing Restrictions

We do NOT:

• Sell your personal information to third parties
• Share your data with advertisers or marketers
• Use your data to train AI models for other customers
• Share your data with competitors

We may share your information:

• With your explicit consent
• To comply with legal obligations
• To protect our rights and safety
• In connection with a business transfer (merger, acquisition)
• With service providers who are contractually bound to protect your data

5. Data Storage and Security

5.1 Data Storage

• Your data is stored in secure PostgreSQL databases
• Data is encrypted at rest using industry-standard encryption
• Data is transmitted over HTTPS (encrypted in transit)
• We retain your data for as long as your account is active or as needed to provide the Service

5.2 Security Measures

• Secure authentication via Clerk
• Encrypted OAuth tokens
• Regular security audits
• Access controls and authentication requirements
• Secure API endpoints
• Regular backups

5.3 Data Retention

• Account data: Retained while your account is active
• Deleted accounts: Data is deleted within 30 days of account deletion
• Legal requirements: Some data may be retained longer if required by law

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 Access and Portability

• Request a copy of your personal data
• Export your data in a machine-readable format

6.2 Correction and Deletion

• Correct inaccurate or incomplete data
• Request deletion of your personal data
• Delete your account and associated data

6.3 Opt-Out Rights

• Opt out of marketing communications
• Revoke access to connected advertising accounts
• Disable cookies (may affect Service functionality)

6.4 GDPR Rights (EU Users)

If you are in the European Economic Area (EEA), you have additional rights:

• Right to access your data
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

6.5 CCPA Rights (California Users)

If you are a California resident, you have the right to:

• Know what personal information is collected
• Know if your personal information is sold or disclosed
• Opt out of the sale of personal information (we do not sell your data)
• Access your personal information
• Request deletion of your personal information
• Non-discrimination for exercising your privacy rights

6.6 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@hookline.app
• We will respond within 30 days (or as required by applicable law)

7. Cookies and Tracking Technologies

7.1 Cookies We Use

• Essential cookies: Required for the Service to function (authentication, session management)
• Analytics cookies: Help us understand how you use the Service (optional)
• Preference cookies: Remember your settings and preferences

7.2 Managing Cookies

• You can control cookies through your browser settings
• Disabling cookies may affect Service functionality
• We do not use cookies for advertising or tracking across other websites

8. Children's Privacy

Hookline is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Adequate security measures
• Compliance with applicable data protection laws

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Sending you an email notification
• Displaying a notice in the Service

The "Last Updated" date at the top indicates when changes were last made. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

11. Data Processing Legal Basis (GDPR)

For users in the EEA, we process your data based on:

• Consent: When you provide explicit consent (e.g., marketing emails)
• Contractual necessity: To provide the Service you requested
• Legitimate interests: To improve the Service, ensure security, and prevent fraud
• Legal obligations: To comply with applicable laws

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer:

• Email: privacy@hookline.app
• Support: support@hookline.app

Data Protection Officer (if applicable):

• Email: dpo@hookline.app

We will respond to your inquiry within 30 days or as required by applicable law.

13. Additional Information

13.1 Do Not Track Signals

We do not currently respond to "Do Not Track" signals from browsers. We may implement this feature in the future.

13.2 Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change in ownership.