1. Who we are
This notice describes how KurtzLieb Technology LLC ("Hooksmith", "we", "us", or "our") processes personal data in connection with the Hooksmith service. For the purposes of applicable data protection laws (including the GDPR and UK GDPR), KurtzLieb Technology LLC is the data controller of the personal data described below.
2. What data we collect
- Account data — email address, display name, hashed password (or OAuth identifier if you sign in via a third-party provider), account creation timestamp.
- Content you submit — topics, platform selections, and any inputs you provide to the AI generator.
- Generated content — the AI-generated headlines, hooks, and ideas produced for your account, including which items you save.
- Usage and telemetry — basic logs of feature use (e.g. number of generations per month), error logs, and approximate device and browser information.
- Billing-related identifiers — the Paddle customer ID and subscription ID linked to your account, plan tier, status, and billing period dates. Payment card details are collected and stored by Paddle, not by us.
- Support communications — messages you send to us and our responses.
3. Why we use it and on what legal basis
- To provide the service (account creation, generating ideas, saving your library, gating Pro features) — performance of a contract.
- To process payments and manage subscriptions — performance of a contract, in cooperation with Paddle as Merchant of Record.
- To keep the service secure (fraud prevention, abuse detection, error monitoring) — legitimate interests in operating a safe service.
- To improve the service (aggregate usage analytics, debugging) — legitimate interests.
- To send service messages (billing receipts, security notices, material updates to these terms) — performance of a contract and legal obligation.
- To send marketing emails, where applicable — consent, which you can withdraw at any time.
- To comply with legal obligations — legal obligation.
4. Who we share it with
We share personal data only with the categories of recipients listed below:
- Paddle.com Market Ltd — our Merchant of Record. Paddle processes payments, manages subscriptions and renewals, handles tax compliance, issues invoices, and processes refunds. See Paddle's privacy notice at paddle.com/legal/privacy.
- Hosting and infrastructure providers — Lovable Cloud (which uses Supabase) for database, authentication, and file storage, and the underlying cloud hosts where the application runs.
- AI model providers — when you submit a topic, that topic is transmitted to large-language-model providers (such as Google and OpenAI) via the Lovable AI gateway in order to generate ideas. Do not submit confidential or personal data in your topics.
- Professional advisers — accountants, auditors, and lawyers, where reasonably required.
- Authorities — where required by law or to protect our rights.
We do not sell your personal data and we do not share it with advertising networks.
5. International transfers
Some of our service providers (including Paddle, our hosting providers, and AI model providers) may process data outside the country in which you live, including in the United States. Where required, transfers from the UK or EEA rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or adequacy decisions.
6. Data retention
We keep your account data and content for as long as your account is active. If you delete your account, we will delete or irreversibly anonymize your account data, topics, generated ideas, and saved library within 30 days, except where we are legally required to keep certain records (for example, tax records related to past purchases, which Paddle and we may need to retain for several years). Logs and aggregated analytics are kept for a limited period and then deleted or anonymized.
7. Your rights
Depending on where you live, you have rights over your personal data, including the right to:
- access the personal data we hold about you and receive a copy;
- request correction of inaccurate or incomplete data;
- request deletion of your data (the "right to be forgotten");
- restrict or object to certain processing, including for direct marketing;
- request portability of data you provided to us;
- withdraw consent at any time where processing is based on consent; and
- lodge a complaint with your local data protection authority. In the EEA this is your national supervisory authority; in the UK it is the Information Commissioner's Office (ICO).
To exercise any of these rights, contact us using the details below. We will respond within one month, as required by GDPR. You can also delete your account directly inside the app, which triggers deletion of your personal data as described in section 6.
8. Security
We use appropriate technical and organizational measures to protect personal data, including encryption in transit (HTTPS/TLS), encryption at rest for the database, row-level security policies that restrict each user's data to that user, hashed passwords, signed authentication tokens, and verified webhook signatures for payment events. No system is perfectly secure, however, and we cannot guarantee absolute security.
9. Cookies
We use only strictly-necessary cookies and equivalent local storage (such as your authentication session). We do not use advertising cookies or third-party trackers, so no cookie consent banner is required under EU/UK law.
10. Children
Hooksmith is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
11. Changes to this notice
We may update this Privacy Notice from time to time. If we make material changes we will notify you in-app or by email before the changes take effect.
12. Contact
To exercise your rights or ask questions about this notice, contact KurtzLieb Technology LLC through the support channel inside the app or via the email address listed on our website.