Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, and password when you create an account
• Profile Information: Optional information such as profile picture, business name, or creator niche
• Payment Information: Billing address and payment method details (processed securely through Stripe; we do not store full card numbers)
• Content Data: Topics, scripts, hooks, personas, and other content you create or input into the Service
• Communications: Information in messages you send to us, including support requests and feedback

1.2 Information Collected Automatically

When you access or use our Service, we automatically collect:

• Device Information: Device type, operating system, unique device identifiers, and browser type
• Log Data: IP address, access times, pages viewed, referring URL, and actions taken on the Service
• Usage Data: Features used, content generated, and interaction patterns
• Location Data: General geographic location based on IP address (not precise GPS location)
• Cookies and Similar Technologies: Information collected through cookies, pixels, and similar tracking technologies (see Section 6)

1.3 Information from Third Parties

We may receive information from third parties:

• Authentication Providers: If you sign in using Google or other OAuth providers, we receive your name and email
• Payment Processors: Transaction status and billing information from Stripe
• Analytics Partners: Aggregated usage data from analytics services

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Provide, operate, and maintain the Service
• Process transactions and manage your subscription
• Generate AI-powered content based on your inputs
• Store and display your content history

2.2 Service Improvement

• Analyze usage patterns to improve features and user experience
• Train and improve our AI models using anonymized, aggregated data
• Develop new products, services, and features
• Conduct research and analytics

2.3 Communications

• Send transactional emails (account verification, password reset, receipts)
• Provide customer support and respond to inquiries
• Send service-related announcements and updates
• Send marketing communications (with your consent, where required)

2.4 Security and Legal

• Detect, prevent, and address fraud, abuse, and security issues
• Enforce our Terms of Service and other policies
• Comply with legal obligations and respond to legal requests
• Protect our rights, privacy, safety, or property

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Service)
• Legitimate Interests: Processing necessary for our legitimate interests (improving the Service, fraud prevention, analytics) where not overridden by your rights
• Consent: Where you have given explicit consent (marketing emails, optional cookies)
• Legal Obligation: Processing necessary to comply with legal requirements

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Cloud Hosting: Vercel, AWS (data storage and infrastructure)
• Payment Processing: Stripe (payment transactions)
• Email Services: For transactional and marketing emails
• Analytics: For usage analysis and improvement
• AI Services: Anthropic (for AI-powered content generation)

These providers are contractually bound to use your information only for the purposes we specify and to maintain appropriate security measures.

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to: (a) comply with applicable law; (b) protect our rights or property; (c) prevent fraud or abuse; or (d) protect the safety of users or others.

4.3 Business Transfers

In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on the Service of any such change.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specifically:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Content Data: Retained while your account is active; deleted upon account deletion
• Transaction Records: Retained for 7 years for tax and accounting compliance
• Log Data: Retained for up to 12 months for security and analytics purposes
• Anonymized Data: May be retained indefinitely for analytics and AI improvement

6. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information and improve the Service:

6.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, preferences). Cannot be disabled.
• Analytics Cookies: Help us understand how visitors use the Service. Can be disabled.
• Functional Cookies: Remember your preferences and settings. Can be disabled.

6.2 Managing Cookies

Most browsers allow you to control cookies through settings. Note that disabling certain cookies may affect functionality. You can also opt out of analytics tracking by using browser extensions like Google Analytics Opt-Out.

6.3 Do Not Track

We do not currently respond to "Do Not Track" browser signals as there is no industry standard for compliance.

7. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Role-based access to personal data on a need-to-know basis
• Secure Infrastructure: Hosted on SOC 2 compliant cloud infrastructure
• Password Security: Passwords are hashed using bcrypt with salting
• Regular Audits: Periodic security assessments and vulnerability testing

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Privacy Rights

8.1 Rights for All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Export your data in a portable format
• Opt out of marketing communications

8.2 Additional Rights for EEA/UK Residents (GDPR)

If you are in the EEA or UK, you also have the right to:

• Restrict processing of your personal data
• Object to processing based on legitimate interests
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with a supervisory authority
• Not be subject to solely automated decision-making

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Opt-Out: We do not sell personal information, so this right does not apply
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit use of sensitive personal information (we do not collect sensitive PI as defined by CPRA)

To exercise these rights, contact us at info@hookmafia.io. We will respond within 45 days.

8.4 How to Exercise Your Rights

To exercise any of your privacy rights, you may:

• Email us at info@hookmafia.io
• Use the account settings in your dashboard
• Use the unsubscribe link in marketing emails

We may need to verify your identity before processing your request. We will respond to valid requests within 30 days (or as required by applicable law).

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

When we transfer data from the EEA, UK, or Switzerland to other countries, we use appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Contractual protections with our service providers

10. Children's Privacy

The Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

Users between 13 and 18 years of age (or the age of majority in their jurisdiction) may use the Service only with the verifiable consent and supervision of a parent or legal guardian who agrees to be bound by our Terms of Service.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, or if you have concerns about your teenage child's use of the Service, please contact us at info@hookmafia.io.

11. Third-Party Links

The Service may contain links to third-party websites, plugins, or applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Sending an email notification for material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

For EEA residents, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.