Privacy Policy

Last updated: March 10, 2026

1. Information We Collect

Account Information: When you register, we collect your name, email address, and password (hashed). If you use Google OAuth, we receive your name, email, and profile picture.

Lead Data: When visitors submit forms on your lead magnet pages, we collect the information you configure (email, name, company, etc.) on your behalf. You are the data controller for this information.

Usage Data: We collect page views, time spent, click events, IP addresses, and browser user agents to provide analytics and lead scoring features.

Payment Data: AppSumo codes are processed through AppSumo. We do not store credit card information.

2. How We Use Your Data

  • To provide and operate the Service (content hosting, email delivery, analytics)
  • To send transactional emails (access links, welcome emails, account notifications)
  • To calculate lead engagement scores and provide analytics
  • To process A/B test variants and deliver personalized experiences
  • To improve the Service and fix bugs

3. Data Sharing

We do not sell your data. We share data only with:

  • Resend — for email delivery
  • Cloudflare R2 — for file storage
  • Your configured integrations — Slack webhooks, HubSpot, Zapier, etc., only when you explicitly connect them

4. Cookies

We use essential cookies for authentication (session tokens). We do not use advertising or tracking cookies. Our analytics are privacy-friendly and do not require a cookie banner.

5. Data Retention

Account data is retained as long as your account is active. Lead data is retained until you delete it or delete your account. Upon account deletion, all data is permanently removed within 30 days.

6. Your Rights (GDPR / CCPA)

Depending on your location, you may have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data
  • Portability — Export your data (CSV export is available in the dashboard)
  • Objection — Object to data processing
  • Opt-out of sale — We do not sell personal information

To exercise these rights, email privacy@hooklead.io.

7. CAN-SPAM Compliance

All marketing emails sent through HookLead include a working unsubscribe link. We process unsubscribe requests immediately. Email senders using HookLead are responsible for complying with CAN-SPAM and other applicable email regulations.

8. Security

We use industry-standard security measures including encrypted data at rest (AES-256-GCM), HTTPS for all connections, hashed passwords (bcrypt), and rate limiting on API endpoints.

9. Children

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes

We may update this policy from time to time. We will notify you of material changes via email. The “last updated” date at the top reflects the most recent revision.

11. Contact

For privacy questions, contact us at privacy@hooklead.io.