Privacy Policy

1.1 Information You Provide

• Account Information: When you create an account, we collect your email address, password (stored in hashed form), and optionally your full name and profile image.
• Billing Information: If you subscribe to a paid plan, our payment processor (Stripe) collects and processes your payment card details. We do not store your full card number on our servers. We receive only a tokenized reference, card brand, last four digits, and expiration date for display purposes.
• Content Inputs: Video descriptions, topics, niches, and other parameters you enter to generate headlines and hooks.
• Saved Content: Headlines, hook scripts, A/B test data, and project information you choose to save within the Service.
• Communications: Information you provide when you contact our support team or respond to surveys.

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, generation counts, time spent on the platform, and interaction patterns.
• Device Information: Browser type and version, operating system, screen resolution, and device type.
• Log Data: IP address, access timestamps, referring URLs, and error logs.
• Cookies and Similar Technologies: We use essential cookies for authentication and session management. See Section 7 for details.

We use the information we collect for the following purposes:

We do not sell your personal information. We share your information only in the following limited circumstances:

• Service Providers: We work with trusted third-party companies that perform services on our behalf, including:
  • Supabase -- Database hosting and authentication
  • Stripe -- Payment processing
  • Analytics providers -- Usage analytics (anonymized data only)
  These providers are contractually obligated to use your data only for the services they provide to us and to maintain appropriate security measures.
• Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent: We may share your information for other purposes with your explicit consent.

• Account Data: We retain your account data for as long as your account is active. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.
• Generated Content: Headlines, hooks, and other content you save within the Service are retained until you delete them or close your account.
• Usage Logs: Automatically collected logs are retained for up to 90 days for security and debugging purposes, then anonymized or deleted.
• Billing Records: Transaction records are retained for up to 7 years as required for tax and legal compliance.

We implement industry-standard technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Password hashing using modern cryptographic algorithms
• Row Level Security (RLS) on all database tables to enforce access control
• Regular security reviews and updates
• Minimal data access policies for employees and contractors

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, contact us at support@hookgeniuspro.com. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

We use the following categories of cookies:

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly.

Our Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate.

Where required by applicable law (such as the GDPR), we ensure that appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses or other approved mechanisms.

The Service is not intended for individuals under the age of 18 (or the applicable age of majority). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@hookgeniuspro.com and we will promptly delete such information.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out: We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a clear opt-out mechanism.
• Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request, email support@hookgeniuspro.com with the subject line "California Privacy Request."

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• The legal bases for our processing of your personal data are described in Section 2.
• You have the right to lodge a complaint with your local data protection supervisory authority.
• For data transfer safeguards, see Section 8 on International Data Transfers.

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to them. However, you can manage tracking through your cookie and browser settings as described in Section 7.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Notify you via email or an in-app notification for significant changes
• Where required by law, obtain your consent before implementing material changes

We encourage you to review this Policy periodically to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: