Hookzo

→ Legal

Privacy Policy

Last updated: June 4, 2026

1. The short version

Hookzo collects the minimum needed to run your account and generate scripts. The posts you capture from Instagram and TikTok are processed to create scripts — we don't build a profile of you or sell your data. This policy explains the details.

2. What we collect

  • Account info: your email address and, if you use Google sign-in, the basic profile (name, email) Google returns.
  • Usage & quota: how many generations you've used, your plan, and timestamps — so we can enforce limits and show your dashboard.
  • Anti-abuse signals: a random per-install device ID and a hashed (non-reversible) version of your IP address, used only to prevent multi-account abuse of the free tier.
  • Generation inputs: the post captions/metrics you send when you click "Generate" — and, for posts without a caption, the post's cover image — which are passed to our AI provider to produce scripts (the cover image is used only to read its on-screen text). These are processed to generate your scripts and are not stored after.
  • Payment info: handled entirely by Polar. We receive your plan status and a subscription ID — never your full card details.
  • Support messages: if you use the contact form on our site, the email address and message you submit (delivered to our inbox via Resend) so we can reply.

3. What we do NOT collect

We do not collect your general browsing history, the sites you visit outside Instagram and TikTok, your social account credentials, or your private messages. We don't build an advertising profile of you, and we never sell your data. On Instagram and TikTok, Hookzo reads the public posts and engagement numbers already visible on the page — only to rank them for you.

4. What stays in your browser

Captured posts are ranked and displayed locally inside the extension. Your voice profile, style settings, and a per-install device ID live in your browser's local storage. We only receive data when you explicitly trigger an action (like "Generate") that needs our servers.

5. Chrome extension permissions

Hookzo requests the minimum permissions needed to work, and uses each only for its stated purpose:

  • Storage — saves your settings, voice profile, and sign-in session locally in your browser.
  • Access to instagram.com & tiktok.com — lets the extension read the public posts and engagement metrics shown on the page so it can rank them. This reading happens inside your browser. Hookzo does not modify these pages and never automates your account (no liking, following, posting, or messaging).
  • Access to hookzo.app — lets the extension sync your sign-in status from your account.

Hookzo does not read or run on any other websites, and does not track your activity elsewhere.

6. How we use it

To authenticate you, run and enforce your plan, generate scripts, prevent abuse, process payments, respond to support, and improve the Service. We do not sell your personal data or use it for third-party advertising.

7. Third parties we rely on

  • Supabase — authentication and database (your account, plan, usage).
  • Anthropic — AI processing of your generation inputs (post captions/metrics, and cover images for posts without captions, to read their on-screen text) to produce scripts.
  • Polar — payments, billing, and tax as merchant of record.
  • Cloudflare — bot protection (Turnstile) at sign-in and email routing for hi@hookzo.app.
  • Resend — delivery of transactional emails (sign-in links) and contact-form messages.
  • Vercel — hosting of the website.

Each processes data under its own terms and only as needed to provide its part of the Service. Google sign-in is used only to authenticate you (we receive your name and email) — Hookzo requests no other Google access.

International transfers: these providers process data in the United States and other countries. If you're in the EEA, UK, or Switzerland, your personal data may be transferred outside your country; where required, such transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses).

8. Cookies & local storage

We use local storage and essential cookies to keep you signed in and remember your settings. We do not use Google Analytics, advertising cookies, or third-party behavioral tracking scripts.

9. Data retention

We keep account and usage data while your account is active. The post data you send when you click "Generate" is passed to our AI provider to create your scripts; we do not store your generation inputs or outputs as a long-term profile on our servers — only an anonymous usage count. When you delete your account, we delete or anonymize associated personal data, except where we must keep records (e.g., payment/tax records held by Polar).

10. Your rights

You can access, correct, export, or delete your personal data. Email hi@hookzo.app and we'll action your request. Depending on where you live (e.g., EEA/UK/California), you may have additional rights under GDPR or CCPA, including the right to object or complain to a regulator.

11. Security

We use reputable providers and standard safeguards (encryption in transit, access controls, hashed identifiers). No system is perfectly secure, but we work to protect your data and limit what we collect.

12. Children

Hookzo is not intended for anyone under 18, and we don't knowingly collect data from children.

13. Data controller

The data controller responsible for your personal data is Hookzo, a Data Runner product. For privacy matters, contact hi@hookzo.app.

14. Changes

We may update this policy. Material changes will be reflected in the date above and, where appropriate, communicated to you.

15. Contact

Privacy questions or requests: hi@hookzo.app.

© Hookzo 2026 · Terms of Service