Privacy Policy
What we collect, why, how long we keep it, and how we honor global privacy law.
1. Who We Are
This Privacy Policy is issued by HookPilot Caption Studio LLC ("HookPilot", "we", "us"), a Family Senci company. Our Data Protection Officer can be reached at dpo@hookpilot.co and our general privacy team at privacy@hookpilot.co.
2. Scope
This policy covers personal information processed through the HookPilot website, the HookPilot AI Workforce Operating System, our marketing channels and our APIs. Where we process personal information on behalf of a customer (for example, when one of our enterprise customers uses HookPilot to handle data about their own end users), we act as a processor and the customer is the controller; that processing is governed by a Data Processing Addendum (DPA) in addition to this policy.
3. What We Collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email, password hash, profile photo, role, workspace name, MFA factors | Provided by you |
| Billing data | Plan, subscription state, last 4 of card, billing address, tax ID, invoice history | You + payment processor (Stripe) |
| Customer Content | Briefs, prompts, scripts, captions, video, audio, images, transcripts, brand assets, AI outputs | Uploaded or generated by you |
| Workspace operational data | Agent activity logs, workflow state, memory entries, audit trail, dashboards | Generated by your use of the platform |
| Usage and telemetry | Pages visited, features used, click events, API calls, error logs, performance metrics | Generated automatically |
| Device and network | IP address, user agent, OS, browser, timezone, language, approximate location | Generated automatically |
| Communications | Support tickets, chat transcripts, sales call notes, marketing preferences | You + our staff |
| Cookies and similar | Session cookies, theme preference, analytics IDs, consent state | Browser |
4. Why We Collect It
We process the categories above to: create and run your account; deliver the AI departments and features you request; route requests to AI providers and apply our governance layer; remember preferences; bill you accurately; prevent fraud and abuse; meet legal, tax and accounting obligations; secure the platform and respond to incidents; communicate with you about the service; and, where you have opted in, send marketing or product updates.
5. Legal Bases (GDPR / UK GDPR)
Where GDPR or UK GDPR applies, we rely on: contract (to deliver the service you signed up for), legitimate interests (to secure the platform, prevent fraud, and improve features in privacy-respecting ways), legal obligation (tax, accounting, lawful requests), and consent (marketing communications, non-essential cookies, and any special-category processing). You may withdraw consent at any time.
6. AI Training Carve-Out
We do not use Customer Content to train HookPilot's own foundation models or to train shared third-party models. When we route a request to a third-party AI provider, we use accounts and contractual terms that opt out of training on Customer Content where available. The narrow exceptions are: (a) anonymized, aggregated metrics used to improve routing and quality; and (b) explicit, opt-in evaluation programs where a customer has agreed in writing to share specific samples.
7. How We Share Information
We share personal information with: sub-processors we have contracted with to operate the platform (see Section 8); your workspace teammates and authorized integrations per the access controls you configure; your account administrator, who controls the workspace and can see audit logs; professional advisors (auditors, lawyers) under confidentiality; authorities when we are required by law, court order or other valid legal process; and a successor entity in the event of a merger, acquisition or sale of substantially all assets, in which case we will notify affected customers. We do not sell personal information and we do not "share" it for cross-context behavioral advertising as defined under the CCPA.
8. Sub-Processors
HookPilot relies on a vetted set of sub-processors for hosting, AI inference, payments, email, analytics, error monitoring and customer support. A current list is available at hookpilot.co/legal/subprocessors (Enterprise customers can subscribe to advance change notifications by emailing dpo@hookpilot.co).
9. International Transfers
HookPilot operates from the United States and our sub-processors operate from multiple jurisdictions. Where we transfer personal information from the EEA, the UK or Switzerland to a country that has not been deemed adequate, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), together with supplementary technical and organizational measures.
10. Retention
We retain personal information only as long as needed for the purposes described above. As a guide: account and billing records are retained while your account is active and for up to seven (7) years after closure for tax and accounting; Customer Content is retained until you delete it or close your workspace, plus a thirty (30) day soft-delete window for recovery; audit logs and security logs are retained for up to two (2) years for forensic and compliance purposes; backups are rotated on a defined schedule and overwritten within ninety (90) days of deletion. Full retention details by data category are in the Data Deletion Policy.
11. Your Rights
Subject to applicable law, you have the right to: access the personal information we hold about you; correct inaccurate information; request deletion of your information; restrict or object to certain processing; receive a portable copy of your data; withdraw consent where we rely on it; and lodge a complaint with your local data protection authority. To exercise these rights, email privacy@hookpilot.co or use the in-product DSAR portal. We will respond within thirty (30) days, or sooner where required by your jurisdiction.
12. Children
HookPilot is a business service intended for adults. We do not knowingly collect personal information from children under sixteen (16). If you believe a child has provided personal information to HookPilot, contact privacy@hookpilot.co and we will delete the data.
13. Security
We implement administrative, technical and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure and destruction. These controls are described in detail in the Cybersecurity Policy. No system is perfectly secure; we ask that you use strong, unique credentials and enable multi-factor authentication.
14. Cookies and Similar Technologies
HookPilot uses a small number of essential cookies (authentication, security, theme preference) and, where permitted, analytics cookies to understand how the product is used. Where required by law, we present a consent banner that lets you accept or reject non-essential cookies before they are set. You can also manage cookies through your browser settings.
15. Changes to This Policy
We may update this policy from time to time. Material changes will be announced through the product or by email at least thirty (30) days before they take effect for Enterprise customers, and prior versions will be archived. If you continue to use HookPilot after the effective date, you accept the updated policy.
16. Contact
HookPilot Caption Studio LLC
Privacy team: privacy@hookpilot.co
Data Protection Officer: dpo@hookpilot.co
Postal mail and EU/UK representative addresses are available on request.