Privacy Policy

Last updated: 28 April 2026

1. Introduction

Hook Creative Studio Pty Ltd (ABN 66 670 923 958) ("Company", "we", "us", or "our") operates the HOOKiQ platform at hook-iq.com ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. Information We Collect

Account Information

When you register for an account, we collect:

  • Name
  • Email address
  • Password (stored as a bcrypt hash; we never store plaintext passwords)

Uploaded Content

When you use the Service, we process:

  • Documents you upload (PDF, Word, text files)
  • Simulation configurations and persona attributes you select
  • Simulation results, reports, and chat interactions

Usage Data

We automatically collect:

  • IP address and browser type
  • Pages visited and features used
  • Timestamps and session duration
  • Error logs for debugging and service improvement

Analytics

We use Google Analytics (Google Tag Manager) to understand how users interact with the Service. Google Analytics collects anonymised usage data including page views, session duration, and device information. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your uploaded documents and generate AI simulations and reports
  • Authenticate your identity and secure your account
  • Monitor usage to enforce rate limits and prevent abuse
  • Diagnose technical issues and maintain error logs
  • Communicate with you about your account or service updates
  • Comply with legal obligations

4. Third-Party Services

We share data with the following third-party services as necessary to operate the Service:

  • OpenRouter / LLM Providers: Your uploaded document content and simulation prompts are sent to AI model providers (OpenAI, Google, Anthropic) via OpenRouter to generate personas, simulations, and reports. These providers process data according to their own privacy policies.
  • DigitalOcean: Our hosting provider. Your data is stored on servers located in their data centres.
  • Stripe: Our payment processor for paid subscriptions. When you upgrade, Stripe receives your name, email, billing address, and payment card details to process the transaction. Your card details are sent directly from your browser to Stripe and are never stored on our servers. Stripe processes this data in accordance with its own privacy policy and PCI-DSS Level 1 compliance.
  • Resend: Our transactional email provider. We send your email address to Resend in order to deliver account-related emails (verification, password reset, subscription notifications).
  • Google Workspace: Email hosted on Google for incoming customer support correspondence to addresses such as hello@hook-iq.com.
  • Google Analytics: Anonymised usage analytics as described above.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Data Storage and Security

Your data is stored on secure servers hosted by DigitalOcean. We implement industry-standard security measures including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Bcrypt password hashing
  • Per-user data isolation: users cannot access other users' data
  • Rate limiting to prevent abuse
  • Input sanitisation to prevent injection attacks
  • Regular database backups

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure.

6. Data Retention

We retain your account information and uploaded content for as long as your account is active. Simulation data, reports, and associated files are retained until you delete them or close your account. Error and audit logs are retained for up to 90 days for debugging and security purposes.

Upon account deletion, we will delete or de-identify your personal information within 30 days, except where retention is required by law.

7. Your Rights

Under the Australian Privacy Act, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your privacy has been breached

To exercise any of these rights, contact us at hello@hook-iq.com.

8. Cookies

The Service uses essential cookies for authentication (session tokens). These are strictly necessary for the Service to function and cannot be disabled. We also use Google Analytics cookies for usage analytics, which you can opt out of as described in Section 2.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information.

10. International Data Transfers

Your data may be processed by third-party AI providers located outside Australia (including in the United States). By using the Service, you consent to the transfer of your data to these providers. We take reasonable steps to ensure that overseas recipients handle your information in accordance with the Australian Privacy Principles.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

For questions or concerns about this Privacy Policy or our data practices, contact us at: hello@hook-iq.com

Hook Creative Studio Pty Ltd
Melbourne, Victoria, Australia