Cookie Policy

What cookies hookpilot.co sets, why, and how you control them.

Version 1.0.0Effective May 30, 2026Last reviewed May 30, 2026
Plain-English summary. The HookPilot website and product use a small number of essential cookies to keep you signed in, remember your theme, and keep the workspace safe. Where law requires it, we ask before setting non-essential cookies. We do not run advertising or cross-context behavioral tracking cookies.

1. What Cookies Are

Cookies are small text files that hookpilot.co (operated by HookPilot Caption Studio LLC) and a limited set of vetted sub-processors store on your device when you visit our website or use the HookPilot AI Workforce Operating System. We also use comparable technologies — localStorage, sessionStorage, and HTTP-only secure tokens — and we treat all of them under this policy.

2. Categories We Use

  • Strictly necessary. Authentication session, CSRF protection, workspace tenant routing, MFA challenge, dark/light theme preference, language. These cannot be turned off because HookPilot will not function without them.
  • Functional. Remembering which department dashboard you last opened, sidebar collapse state, last-used Caption Studio template, agent-tier filter.
  • Analytics. Anonymized page views, feature-usage events, and performance metrics so the HookPilot product team can prioritise improvements. Loaded only after consent in regions where consent is required.
  • Security. Bot and abuse signals consumed by the HookPilot Internal Security department (-HPS) to detect credential-stuffing and scraping attempts on hookpilot.co.

3. Specific Cookies HookPilot Sets

  • hp_session — HTTP-only, Secure, SameSite=Lax. Signed-in session token. Lifetime: session or up to 30 days with "remember me".
  • hp_csrf — CSRF double-submit token. Lifetime: session.
  • hp_tenant — Active workspace identifier when you belong to more than one. Lifetime: 30 days.
  • theme — Dark / light mode preference, stored in localStorage. Lifetime: until cleared.
  • hp_consent — Records your cookie consent choice. Lifetime: 12 months.
  • hp_analytics_id — Pseudonymised analytics identifier (loaded only after consent). Lifetime: 12 months.

4. Third-Party Tags

HookPilot keeps third-party tags to the minimum required to operate the product. Today that list includes: Stripe (billing — set only on checkout and customer-portal pages), Cloudflare (security and performance — strictly necessary), and a single privacy-respecting product analytics provider (loaded only after consent). We do not run Google Ads, Meta Pixel, TikTok Pixel or other ad-network pixels on hookpilot.co.

5. Consent and Rejection

In jurisdictions that require it (the EEA, UK, Switzerland, Brazil, California for sale/share categories, and others), the HookPilot consent banner is shown on first visit. You can accept all, reject non-essential, or open preferences and toggle categories individually. You can change your mind at any time from the "Cookie preferences" link in the website footer or from Workspace Settings → Privacy inside the product. Rejecting non-essential cookies does not affect access to the product.

6. Do Not Track and Global Privacy Control

HookPilot honors Global Privacy Control (GPC) signals as a valid opt-out where applicable law treats them as such (e.g., California). Because the standards around legacy Do Not Track headers are inconsistent, we rely on the consent banner and GPC instead.

7. Changes

If we add or remove cookie categories — for example, when we onboard a new sub-processor — we update this page, bump the version in manifest.json, and where required by law, re-prompt for consent. Material changes are announced in-product.

8. Contact

Cookie and privacy questions: privacy@hookpilot.co. Full data-protection details are in the Privacy Policy.