HOOKIN

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (name, email address, password)
  • Profile information and preferences
  • Content you create using our services (playable ads, videos, assets)
  • Communications with us (support requests, feedback)
  • Payment and billing information (processed securely by LemonSqueezy)
  • Usage data and analytics (features used, session duration, interactions)

We automatically collect certain information when you use our services:

  • Device information (browser type, operating system, device identifiers)
  • Log data (IP address, access times, pages viewed)
  • Location data (country, region based on IP address)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and manage your subscription
  • Send technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Analyze usage patterns to improve user experience
  • Generate AI-powered content based on your inputs
  • Detect, prevent, and address technical issues or fraud
  • Comply with legal obligations

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: Processing for our legitimate business interests (improving services, fraud prevention, marketing)
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: Processing required to comply with applicable laws

4. Third-Party Service Providers

We share your information with the following third-party service providers who assist us in operating our platform:

Google Firebase

Authentication, database (Firestore), cloud storage, and hosting services. Data may be stored in Google Cloud data centers.

Google AI (Gemini)

AI-powered content generation. Your prompts and inputs are processed to generate playable ads and creative content.

Google Analytics

Website and application analytics (only with your consent). We use Google Analytics 4 with IP anonymization enabled to understand usage patterns. No data is collected until you accept analytics cookies.

LemonSqueezy

Payment processing, subscription management, and billing. LemonSqueezy processes your payment information directly and is PCI-DSS compliant.

These providers are contractually obligated to protect your information and may only use it to provide services on our behalf.

5. AI Data Processing

Our platform uses artificial intelligence (Google Gemini) to generate playable ads and creative content. When you use our AI features:

  • Your text prompts and inputs are sent to Google's AI services for processing
  • Generated content is stored in your account and associated with your projects
  • We do not use your content to train our own AI models without explicit consent
  • AI-generated outputs may be subject to Google's AI terms and policies

Please do not include sensitive personal information, confidential business data, or proprietary content in your AI prompts.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our service providers (Google, LemonSqueezy) maintain servers.

For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Certification mechanisms (e.g., EU-U.S. Data Privacy Framework)

7. Information Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

  • With service providers who assist in operating our platform (as described above)
  • To comply with legal obligations, court orders, or government requests
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice to you)
  • With your consent or at your direction

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication mechanisms (Firebase Authentication)
  • Regular security assessments and monitoring
  • Access controls and employee training

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach (as required by GDPR) via email and/or prominent notice on our platform. We will also notify relevant supervisory authorities as required by applicable law.

10. Cookies and Tracking Technologies

We use cookies to ensure our platform functions properly and to understand how our services are used. We only activate analytics cookies after you provide your consent through our cookie banner.

Cookies we use:

  • Essential Cookies (Required): These cookies are necessary for the platform to function and cannot be disabled. They include:
    • Firebase Authentication cookies for secure login sessions
    • Cookie consent preference storage
  • Analytics Cookies (Consent Required): We use Google Analytics 4 to understand how visitors interact with our website and application. These cookies are only activated after you accept analytics cookies through our consent banner. Data collected includes:
    • Pages visited and time spent on each page
    • Features and tools used within the platform
    • Anonymized IP addresses (IP anonymization is enabled)
    • Browser type, device type, and operating system
    • Referral sources (how you found our website)

Cookies we do NOT use:

  • Advertising Cookies: We do not use advertising or retargeting cookies
  • Third-party Tracking: We do not allow third parties to place tracking cookies on our platform beyond the analytics services described above

You can control cookies through your browser settings or by using our cookie consent banner. You can withdraw your analytics consent at any time by clearing your browser's local storage for our domain. Disabling essential cookies may prevent you from using certain features of our platform, such as logging in.

11. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limited processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent at any time

To exercise these rights, contact us at privacy@hookin.io. We will respond within 30 days.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit: Limit the use of sensitive personal information

We do not sell your personal information. To exercise your California privacy rights, contact us at privacy@hookin.io.

13. Children's Privacy

Our services are not intended for children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@hookin.io. We will take steps to delete such information from our systems.

14. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (e.g., tax records, transaction history)
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law. Some data may persist in backups for up to 90 days.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (sent to the address associated with your account) and/or by posting a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@hookin.io

General Support: support@hookin.io

For EEA residents, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.