Skip to main content

Privacy Policy

Effective Date: January 2025

Last Updated: January 2025

1. Introduction

HookedGrowth Pty Ltd (ACN 668 898 191) (“HookedGrowth”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the HookedGrowth platform, website, and related services (the “Service”).

By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

Our Contact Details:

HookedGrowth Pty Ltd
Suite 110 / Level 1
55 Collins Street
Melbourne, VIC 3000
Australia

Email: [email protected]

2. Definitions

In this Privacy Policy:

  1. “Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not. This has the meaning given in the Privacy Act 1988 (Cth).
  2. “Sensitive Information” means personal information about racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, criminal record, or biometric data.
  3. “Service” means the HookedGrowth platform, website, applications, and all related features.
  4. “Organisation” means a business entity or team using the Service.
  5. “User” means any individual who accesses or uses the Service.

3. Information We Collect

3.1 Account Information

When you create an account or use the Service, we collect:

  1. Identity Information: Name, email address, username, profile photo
  2. Professional Information: Job title, department/function, years of experience
  3. Contact Information: Email address, phone number (optional)
  4. Authentication Data: Login credentials (stored securely by our authentication provider)

3.2 Organisation Information

If you create or join an Organisation, we collect:

  1. Organisation name, logo, and branding assets
  2. Team member information and roles
  3. Business profile data you provide
  4. Other organisational information you provide

3.3 Usage Information

We automatically collect information about how you use the Service:

  1. Activity Data: Features used, actions taken, content created
  2. AI Interaction Data: Prompts submitted, outputs generated, feature usage
  3. Session Data: Login times, session duration, navigation patterns
  4. Performance Data: Error logs, load times, service performance metrics

3.4 Technical Information

We collect technical data from your devices:

  1. Device Information: Device type, operating system, browser type and version
  2. Network Information: IP address, approximate location (country/region)
  3. Identifiers: Device identifiers, session identifiers

3.5 Payment Information

If you subscribe to a paid plan, we collect:

  1. Billing name and address
  2. Payment method details (processed and stored securely by Stripe)

Note: We do not store credit card numbers on our servers. Payment processing is handled by Stripe.

3.6 Communications

We may collect information from your communications with us:

  1. Support requests and inquiries
  2. Feedback and survey responses
  3. Marketing preferences and consent

4. How We Collect Information

4.1 Information You Provide

We collect information that you directly provide when you:

  1. Create an account or update your profile
  2. Set up or manage an Organisation
  3. Use Service features and create content
  4. Make payments or manage subscriptions
  5. Contact us for support or inquiries
  6. Respond to surveys or provide feedback

4.2 Information Collected Automatically

We automatically collect certain information when you use the Service through:

  1. Cookies and Similar Technologies: See Section 9 for details
  2. Analytics Tools: Usage tracking and performance monitoring
  3. Server Logs: Technical data about your interactions with our servers

4.3 Information from Third Parties

We may receive information from:

  1. Authentication Providers: When you sign in using social login
  2. Payment Processors: Transaction and billing information from Stripe
  3. Marketing Partners: Information from referral or marketing sources (with your consent)

5. How We Use Your Information

5.1 Providing the Service

We use your information to:

  1. Create and manage your account
  2. Provide access to Service features
  3. Process AI requests and generate outputs
  4. Manage subscriptions and process payments
  5. Provide customer support
  6. Send service-related notifications

5.2 Improving the Service

We use your information to:

  1. Analyse usage patterns and trends
  2. Identify and fix bugs and issues
  3. Develop new features and improvements
  4. Conduct research and analytics
  5. Create anonymised, aggregated insights

5.3 Communications

We use your information to:

  1. Send important service updates and announcements
  2. Respond to your inquiries and support requests
  3. Send marketing communications (with your consent)
  4. Notify you of changes to our terms or policies

5.4 Security and Compliance

We use your information to:

  1. Protect against fraud, abuse, and security threats
  2. Verify identity and authenticate users
  3. Comply with legal obligations
  4. Enforce our Terms of Use

6. AI and Machine Learning

6.1 How We Use AI

The Service incorporates artificial intelligence to provide features such as:

  1. Growth Assistant for AI Chat
  2. Brand voice and content generation
  3. Image generation and recommendations
  4. Market analysis and insights
  5. Other features that require AI input

6.2 AI Service Providers

We use the following third-party AI providers to power our features:

ProviderPurpose
OpenAILanguage models for content and analysis
AnthropicLanguage models for content and analysis
Google AI (Gemini)Language models and multimodal AI
DeepSeekLanguage models for specialised tasks
xAI (Grok)Language models for analysis

6.3 Data Sent to AI Providers

When you use AI features, we may send to our AI providers:

  1. Your prompts and inputs
  2. Relevant context from your Organisation data
  3. Metadata necessary for processing

6.4 AI Training Policy

We do not use your data to train AI models.

Your data is only sent to AI providers for real-time processing to deliver the features you request. We do not contribute your data to training datasets for any AI models.

6.5 AI Provider Terms

Our AI providers have their own privacy policies and terms. While we select providers with strong privacy practices, please be aware that your data is processed according to their policies when using AI features.

7. Information Sharing and Disclosure

7.1 Service Providers

We share your information with trusted service providers who help us operate the Service:

Service ProviderPurposeData Shared
ClerkUser authenticationEmail, name, profile data
StripePayment processingBilling and payment information
ConvexDatabase hostingAll Service data (encrypted)
PostHogProduct analyticsUsage data, anonymised interactions
HubSpotCustomer relationship managementContact and organisation information
LoopsTransactional emailEmail address, name
AxiomSystem loggingAnonymised system logs
CloudflareCDN, security, AI gatewayRequest data, AI prompts
UnsplashImage librarySearch queries

Our service providers are contractually obligated to protect your information and use it only for the purposes we specify.

7.2 Within Your Organisation

If you are part of an Organisation:

  1. Organisation administrators can view and manage user accounts
  2. Content created within the Organisation is accessible to authorised members
  3. Usage and billing information may be visible to administrators

7.3 Legal Requirements

We may disclose your information if required to:

  1. Comply with applicable laws, regulations, or legal processes
  2. Respond to lawful requests from government authorities
  3. Protect our rights, privacy, safety, or property
  4. Investigate or prevent fraud, security issues, or violations

7.4 Business Transfers

If HookedGrowth is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

7.5 With Your Consent

We may share your information in other circumstances with your explicit consent.

7.6 No Sale of Personal Information

We do not sell your personal information to third parties.

8. Third-Party Services

8.1 Third-Party Integrations

The Service may integrate with third-party services that you choose to connect. When you connect a third-party service:

  1. You may be subject to that service’s terms and privacy policy
  2. We may receive information from that service
  3. We may share information with that service as necessary for the integration

8.2 Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies.

9. Cookies and Tracking Technologies

9.1 What We Use

We use the following technologies:

  1. Cookies: Small text files stored on your device
  2. Local Storage: Data stored in your browser
  3. Analytics Tools: Usage tracking and performance monitoring

9.2 Types of Cookies

TypePurposeDuration
EssentialAuthentication, security, basic functionalitySession/Persistent
FunctionalUser preferences, country detectionUp to 30 days
AnalyticsUsage patterns, performance metricsUp to 2 years

9.3 Session Recording

We use PostHog for product analytics, which may include session recording. Session recordings help us understand how users interact with the Service to improve the experience.

Privacy Protections:

  1. Input fields containing passwords, emails, and phone numbers are automatically masked
  2. Recordings are used only for product improvement
  3. Recordings are not shared with third parties except our analytics provider

9.4 Managing Cookies

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality.

10. Data Storage and Security

10.1 Where We Store Data

Your data is stored on secure servers provided by our infrastructure partners:

  1. Primary Database: Convex (cloud infrastructure)
  2. Authentication: Clerk (US-based)
  3. Payments: Stripe (US-based)
  4. Analytics: PostHog (cloud infrastructure)

10.2 Security Measures

We implement industry-standard security measures, including:

  1. Encryption of data in transit (TLS/SSL) and at rest
  2. Access controls and authentication requirements
  3. Regular security assessments and monitoring
  4. Employee access restrictions and training

10.3 Your Responsibilities

You are responsible for:

  1. Keeping your login credentials secure
  2. Logging out of shared devices
  3. Notifying us of any suspected security breaches

10.4 Security Incidents

If we become aware of a security incident affecting your personal information, we will notify you as required by applicable law.

11. International Data Transfers

11.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than Australia, including the United States, where our service providers are located.

11.2 Safeguards

When we transfer data internationally, we implement appropriate safeguards, including:

  1. Contractual protections with service providers
  2. Data processing agreements that ensure adequate protection
  3. Compliance with applicable data transfer requirements

11.3 Disclosure

By using the Service, you acknowledge that your information may be transferred to and processed in countries with different privacy laws than your country of residence.

12. Data Retention

12.1 Retention Periods

We retain your personal information for as long as:

  1. Your account remains active
  2. Necessary to provide the Service
  3. Required for our legitimate business purposes
  4. Required by law or regulation

12.2 After Account Closure

When your account is closed:

  1. We will delete or anonymise your personal information within a reasonable period
  2. Some information may be retained for legal, compliance, or legitimate business purposes
  3. Anonymised data may be retained indefinitely for analytics

12.3 Backup and Archives

Information in backups and archives may be retained for longer periods for disaster recovery and legal compliance purposes.

13. Your Rights

13.1 Access and Correction

You have the right to:

  1. Access the personal information we hold about you
  2. Request correction of inaccurate or incomplete information
  3. Receive a copy of your personal information

13.2 Deletion

You may request deletion of your personal information. We will comply with your request unless we have a legal obligation or legitimate reason to retain it.

13.3 Data Portability

Where technically feasible, you may request your data in a portable format.

13.4 Marketing Opt-Out

You can opt out of marketing communications at any time by:

  1. Clicking the unsubscribe link in our emails
  2. Updating your preferences in your account settings
  3. Contacting us at [email protected]

13.5 Account Deletion

You can request account deletion by contacting us. Upon deletion:

  1. Your account will be deactivated
  2. Your personal information will be deleted or anonymised
  3. Content within Organisations may be retained by the Organisation

13.6 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

14. Australian Privacy Principles

14.1 Our Commitment

We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

14.2 APP Compliance

In accordance with the APPs:

  1. APP 1 (Open and transparent management): We have this Privacy Policy describing our practices
  2. APP 2 (Anonymity and pseudonymity): Where practicable, you may deal with us anonymously
  3. APP 3 (Collection): We only collect personal information that is reasonably necessary
  4. APP 4 (Unsolicited information): We destroy or de-identify unsolicited information we cannot lawfully retain
  5. APP 5 (Notification): We notify you about collection at or before the time of collection
  6. APP 6 (Use and disclosure): We only use information for the purposes described in this policy
  7. APP 7 (Direct marketing): We only send marketing with your consent and provide opt-out options
  8. APP 8 (Cross-border disclosure): We ensure adequate protections for overseas transfers
  9. APP 9 (Government identifiers): We do not adopt government identifiers as our own
  10. APP 10 (Quality): We take reasonable steps to ensure information is accurate and up-to-date
  11. APP 11 (Security): We take reasonable steps to protect information from misuse and loss
  12. APP 12 (Access): You can access your personal information upon request
  13. APP 13 (Correction): You can request correction of your personal information

14.3 Sensitive Information

We do not intentionally collect sensitive information unless:

  1. You provide it voluntarily
  2. It is necessary for the Service
  3. We have your explicit consent

14.4 Complaints

If you believe we have breached the APPs, you may lodge a complaint with us. We will investigate and respond within a reasonable timeframe. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

15. GDPR Compliance (EU/UK Users)

15.1 Applicability

If you are located in the European Union (EU) or United Kingdom (UK), the General Data Protection Regulation (GDPR) or UK GDPR applies to our processing of your personal data.

15.2 Legal Basis for Processing

We process your personal data based on:

  1. Contract Performance: Processing necessary to provide the Service
  2. Legitimate Interests: Processing for our legitimate business interests (such as improving the Service)
  3. Consent: Processing based on your explicit consent (such as marketing)
  4. Legal Obligation: Processing required by law

15.3 Your GDPR Rights

In addition to the rights in Section 13, EU/UK users have the right to:

  1. Restrict Processing: Request restriction of processing in certain circumstances
  2. Object to Processing: Object to processing based on legitimate interests
  3. Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
  4. Lodge a Complaint: Lodge a complaint with a supervisory authority

15.4 Data Protection Authority

You may lodge a complaint with your local data protection authority:

  1. EU: Your national data protection authority
  2. UK: The Information Commissioner’s Office (ICO)

15.5 Data Transfers

When we transfer your data outside the EU/UK, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

16. Children’s Privacy

16.1 Age Restriction

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

16.2 Parental Notice

If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

16.3 Reporting

If you believe we have collected information from a child under 18, please contact us immediately at [email protected].

17. Changes to This Policy

17.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

17.2 Notification

We will notify you of material changes by:

  1. Posting the updated policy on the Service
  2. Sending notice to your registered email address
  3. Displaying a prominent notice within the Service

17.3 Review

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

17.4 Version History

The “Last Updated” date at the top of this policy indicates when it was last revised.

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

HookedGrowth Pty Ltd
Suite 110 / Level 1
55 Collins Street
Melbourne, VIC 3000
Australia

Email: [email protected]
Website: https://www.hookedgrowth.com

We will respond to your inquiry within a reasonable timeframe.

This Privacy Policy was last updated in January 2025.