Політика приватності

Останнє оновлення: May 29, 2026

This Privacy Policy explains how Hooh Inc.( "Hooh", "we", "us", "our") collects, uses, discloses, and protects information about you when you use our websites, web and mobile applications, browser extensions, APIs, SDKs, and related services that help you store, process, search, and understand documents using AI capabilities (collectively, the "Services").

This Privacy Policy is intended to provide notice about our privacy practices. Our Terms of Service governs your use of the Services. Where we rely on your consent to process personal data, we will request that consent separately where required by law or platform rules.

1. Who we are and how to contact us

Controller: Hooh Inc., a Delaware corporation.
Address: 3500 S Dupont HWY, Dover, DE, 19901, USA
Email: privacy@hooh.ai
Data Protection Contact: privacy@hooh.ai

For questions or to exercise your privacy rights, email privacy@hooh.ai.

2. Scope

This Policy applies to personal data we process about:

End users of the Services;
Admins and users of organizational accounts;
Website visitors and individuals who interact with us (e.g., support, sales, marketing).

This Policy does not apply to third-party services you connect to the Services. Their practices are governed by their own policies.

Organizational accounts

If you use the Services through an organization, such as your employer, school, or team, that organization may control your account and may be able to access, export, restrict, or delete information associated with your workspace according to its own policies and agreements with us.

For organizational accounts, Hooh may process User Content on behalf of the organization as a processor, service provider, or contractor, as applicable under data protection laws. In those cases, our processing of User Content is governed by the organization's agreement with us, including any applicable Data Processing Addendum. Hooh may act as an independent controller for certain account, billing, security, analytics, communications, and legal compliance data.

3. Information we collect

We may collect information in the following categories:

3.1 Account & Contact Data

Name, email address, authentication credentials such as password hashes or single sign-on identifiers, profile photo, role, organization or workspace, billing contact information, postal address, phone number, account settings, and subscription status.

3.2 Payment & Transaction Data

Payment method details (tokenized by our processor), invoices, subscription plan, transaction history, tax IDs. We do not store full credit card numbers.

3.3 Content & Metadata ("User Content")

Files you upload or connect, prompts/instructions, annotations, tags, extracted fields, document structure, Outputs (as defined in Section 5), and related metadata.

3.4 Usage & Technical Data

Log files (IP address, timestamps, request/response metadata), device and browser, language, OS, crash reports, performance metrics, feature interactions, referral URLs.

3.5 Cookies & Mobile Advertising IDs

Cookies, local storage, SDK identifiers, device identifiers, mobile advertising identifiers such as Apple's Identifier for Advertisers (IDFA), and similar technologies used for authentication, security, fraud prevention, remembering preferences, product analytics, performance measurement, crash reporting, diagnostics, advertising attribution, and, where permitted, advertising or cross-context measurement. Where required by law or platform rules, we obtain consent before using non-essential cookies or mobile advertising identifiers.

3.6 Support & Communications

Content of messages to support or sales, meeting recordings (with notice), feedback, survey responses.

3.7 Third-Party Sources

If you connect third-party services, such as cloud storage, email, calendar, productivity, messaging, or similar accounts, we receive the information you authorize us to access from those services. Depending on the integration and permissions you grant, this may include account profile information, files, folders, document content, email content, calendar events, message content, metadata, permissions, timestamps, sharing settings, and source identifiers.

We use connected-service data to provide the features you request, such as importing, indexing, organizing, searching, summarizing, extracting information from, answering questions about, editing, or creating workflows based on connected content. You can disconnect a third-party service through the Services or the third-party provider's settings. Disconnecting stops future collection from that service, but previously imported content may remain in your account until you delete it or your account is deleted, unless we are required or permitted to retain it for legal, security, backup, or compliance purposes.

Sensitive information

The Services allow you to upload, create, import, or connect documents and other content that may contain sensitive information, including health information, financial information, government identifiers, tax information, employment information, education records, legal information, biometric information, precise location information, communications content, or other confidential information. You control what you choose to upload or connect.

We process sensitive information only as necessary to provide, secure, support, maintain, and improve the Services as described in this Policy; to comply with law; to enforce our terms; or with your consent where required. We do not use sensitive information for advertising or to make eligibility, credit, employment, housing, insurance, healthcare, legal, or similarly significant decisions about you unless we provide separate notice and obtain any legally required consent.

4. How we use information (purposes & legal bases)

We use information to:

Provide and secure the Services (authentication, operations, incident response, fraud prevention).
Process User Content to deliver AI features (OCR, classification, search, summarization, extraction).
Improve, maintain, secure, and develop the Services, including quality, safety, performance, reliability, debugging, analytics, and user experience, using Usage & Technical Data, Support & Communications Data, Feedback, and aggregated or de-identified data.
Communicate with you (service notices, updates, security alerts).
Billing and account management (including free trials, promotions, and enforcing fair use limits).
Compliance with laws and enforcement of our Terms.

We do not use your User Content or Outputs to train or fine-tune AI models unless you expressly opt in or we have a separate written agreement with you or your organization. We may use aggregated or de-identified operational telemetry that does not include User Content or Outputs to improve safety, reliability, performance, and user experience.

Where applicable data protection laws require a legal basis, we rely on one or more of the following bases: performance of a contract, compliance with legal obligations, our legitimate interests, your consent, or another basis permitted by law. Our legitimate interests include providing, securing, maintaining, improving, and developing the Services; preventing fraud, abuse, and unauthorized access; responding to support requests; enforcing our Terms; protecting our rights and users; conducting business analytics; and managing corporate transactions. Where we rely on legitimate interests, we consider whether those interests are overridden by your rights and interests. Where we rely on consent, you may withdraw consent at any time.

Legal Bases for Processing

Purpose	Type of Data	Legal Basis
To create and administer your HOOH account	Account & Contact Data; Usage & Technical Data	Contract
To provide, maintain, and facilitate the Services, including document upload, storage, search, editing, AI assistant features, OCR, extraction, summarization, and document intelligence	Account & Contact Data; User Content; Outputs; Usage & Technical Data	Contract; consent where required by law or platform rules
To provide optional features that enhance the Services, such as profile settings, reminders, memory, support, feedback, and connected workflows	Account & Contact Data; User Content; Outputs; Support & Communications Data; Usage & Technical Data	Contract; consent where required; legitimate interests
To communicate with you about the Services	Account & Contact Data; Support & Communications Data; Usage & Technical Data	Contract for service messages; consent or legitimate interests for marketing where permitted
To process payments, subscriptions, invoices, usage limits, and account billing	Account & Contact Data; Payment & Transaction Data; Usage & Technical Data	Contract; legal obligation
To prevent fraud, abuse, unauthorized access, misuse of the Services, and violations of our Terms	Account & Contact Data; Payment & Transaction Data; User Content; Outputs; Usage & Technical Data	Legitimate interests; legal obligation
To investigate and resolve security issues, bugs, service errors, support requests, complaints, and disputes	Account & Contact Data; User Content where relevant; Outputs where relevant; Support & Communications Data; Usage & Technical Data	Legitimate interests; legal obligation where applicable
To improve, develop, and measure the performance of the Services	Usage & Technical Data; Support & Communications Data; Feedback; aggregated or de-identified data	Legitimate interests; consent where required for analytics or similar technologies
To comply with law, enforce our Terms, protect rights and safety, and respond to lawful requests	Account & Contact Data; Payment & Transaction Data; User Content; Outputs; Support & Communications Data; Usage & Technical Data	Legal obligation; legitimate interests; contract where applicable
To manage a merger, acquisition, financing, reorganization, or similar corporate transaction	Account & Contact Data; Payment & Transaction Data; Usage & Technical Data; relevant business records	Legitimate interests

Where we rely on contract, certain data is necessary to provide the relevant account, document, AI, billing, security, or support feature.

5. AI features and outputs

The Services may generate, summarize, classify, extract, transform, or suggest content based on User Content and your prompts or instructions ("Outputs"). Outputs are generated by automated systems and may be inaccurate, incomplete, offensive, biased, or unsuitable for your use case. You are responsible for reviewing and evaluating Outputs before relying on them.

We do not use User Content or Outputs to train or fine-tune Hooh or third-party AI models unless you expressly opt in or we have a separate written agreement with you or your organization. We may use aggregated or de-identified operational telemetry that does not include User Content or Outputs to improve safety, reliability, performance, abuse prevention, and user experience.

5.1 AI providers and subprocessors

To provide AI features, we may send relevant User Content, Outputs, and related metadata to commercial AI providers, including Anthropic, OpenAI, and Google.

These providers process information on our behalf under contractual, security, and confidentiality safeguards. We do not permit them to use your User Content or Outputs to train or fine-tune their foundation models.

The AI provider used may vary by feature, account type, model selection, availability, region, performance, safety, or reliability needs. AI providers may temporarily retain content, prompts, Outputs, and related metadata for service operation, safety, security, abuse monitoring, debugging, legal compliance, or similar purposes, subject to our contracts and their applicable enterprise or API data-processing terms.

We may update the AI providers we use from time to time. If a change materially affects how User Content or Outputs are processed, we will update this Policy or provide additional notice where required.

5.2 Google API Services user data

If you connect a Google account, we access only the Google user data you authorize through the permissions you grant. Depending on the Google services and scopes you approve, this may include different Google user data shown to you during the authorization flow.

We use Google user data only to provide and improve user-facing features you request, such as importing, indexing, searching, organizing, summarizing, extracting information from, answering questions about, editing, or creating workflows based on your connected Google content.

We do not sell Google user data. We do not use Google user data for advertising. We do not use Google user data to train or fine-tune generalized AI or machine-learning models unless you expressly opt in and such use is permitted by applicable Google policies and law.

We may share Google user data with our service providers and subprocessors only as necessary to provide, secure, maintain, or improve the user-facing features you request; to prevent fraud or abuse; to comply with law; or as otherwise permitted by applicable Google API Services policies.

You can revoke Hooh's access to your Google account through your Google account permissions page or through the Services where available. If you revoke access, we will stop collecting new Google user data from that account. Previously imported Google content may remain in your Hooh account until you delete it or your account is deleted, unless retention is required or permitted for legal, security, backup, or compliance purposes.

6. Sharing of information

We share information with:

Service providers/subprocessors that host, store, process, or support the Services (cloud, compute, database, logging, email, payments). We require appropriate contracts and safeguards.
Organization administrators who manage your account (they may access, export, or delete data per their policies).
Professional advisors (lawyers, auditors) under confidentiality.
Legal and safety: When required by law or to protect rights, privacy, safety, or property.
Corporate transactions: In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising where prohibited without your consent.

7. International transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards, including Standard Contractual Clauses (SCCs) for transfers from the EEA/UK/Switzerland, plus relevant UK and Swiss addenda. We also implement technical and organizational measures such as encryption in transit and at rest.

8. Data retention

We retain personal data for as long as necessary to provide the Services and for legitimate business or legal purposes, including security, backups, and auditing. Typical retention periods:

Account data: For the life of the account and up to 24 months after closure, unless you request earlier deletion.
User Content: Until you delete it or your account ends; backups may persist up to 90 days.
Logs and telemetry: 12–24 months (shorter where feasible).

9. Cookies and similar technologies

We may use cookies, local storage, SDKs, pixels, device identifiers, and similar technologies for the following purposes:

Category	Purpose	Required?
Strictly necessary	Authentication, account login, session management, security, fraud prevention, load balancing, and service availability	Yes
Functional	Remembering preferences, language, workspace settings, and user interface choices	No, unless necessary for a requested feature
Analytics and diagnostics	Understanding feature usage, measuring performance, debugging errors, crash reporting, and improving reliability	No, where consent is required
Marketing or attribution	Measuring referrals, campaigns, or conversions	No, where consent is required
Advertising or cross-context tracking	Personalized advertising or tracking across unaffiliated apps or websites	Used only if disclosed and permitted by law and platform rules

Where required by law, we ask for your consent before using non-essential cookies or similar technologies. You can manage cookie preferences through our cookie banner or preference center where available. You can also control cookies through your browser settings, although disabling certain cookies may affect Service functionality.

10. Security

We implement technical and organizational measures designed to protect personal data, which may include encryption in transit and at rest, access controls, least privilege permissions, multi-factor authentication for administrative access, network and environment segmentation, key management, vulnerability management, secure development practices, vendor security review, logging and monitoring, access auditing, backups, incident response procedures, and employee security training.

No system is perfectly secure, and we cannot guarantee that personal data will always remain secure. If we discover a security incident or data breach that requires notification, we will notify affected users, organizations, regulators, or other parties as required by law.

11. Your rights

Depending on your location and subject to applicable law, you may have the right to request that we:

provide access to personal data we process about you;
correct inaccurate personal data;
delete personal data;
provide a copy of personal data in a portable format;
restrict or object to certain processing;
withdraw consent where processing is based on consent;
opt out of direct marketing;
opt out of sale, sharing, targeted advertising, or certain profiling where applicable;
limit certain uses or disclosures of sensitive personal information where applicable; and
appeal our decision if we deny your privacy request, where applicable.

To exercise your rights, email privacy@hooh.ai. We may need to verify your identity or authority before fulfilling a request. If your account is controlled by an organization, we may direct you to that organization or coordinate with that organization to respond to your request.

Authorized agents may submit requests where permitted by law. We will not discriminate against you for exercising privacy rights.

EEA, UK, and Swiss residents may have rights under GDPR, UK GDPR, or similar laws, including the right to lodge a complaint with a local data protection supervisory authority.

California and certain U.S. state residents may have rights to know/access, correct, delete, obtain a copy of, opt out of certain processing of, and limit certain uses of personal information, subject to legal exceptions. Hooh does notsell personal information. If we engage in "sharing," targeted advertising, or other processing that requires an opt-out right, we will provide legally required notices and choices.

11.1 Automated decision-making

The Services may use automated systems, including AI systems, to generate Outputs, classify documents, extract information, summarize content, suggest edits, organize files, or provide search and assistant features.

We do not use personal data to make solely automated decisions that produce legal or similarly significant effects about you, unless we provide separate notice and comply with applicable legal requirements. You are responsible for reviewing Outputs before relying on them.

12. Children's privacy

The Services are not directed to children under 16, and we do not knowingly collect personal data from children under 16 without appropriate consent or authorization where required by law. If you believe a child has provided personal data to us, contact privacy@hooh.ai and we will take appropriate steps to delete the information or obtain required consent.

If an organization, school, or parent makes the Services available to a child, that organization, school, or parent is responsible for obtaining any required consent and providing any required notices.

13. Third-party services

The Services may link to, integrate with, or allow you to connect third-party services. Third-party services are governed by their own terms and privacy policies, and we are not responsible for their privacy, security, or data-processing practices.

When you choose to connect a third-party service, you authorize us to exchange information with that service as needed to provide the integration. You should review the third party's privacy settings and permissions before connecting the service.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice through the Services, by email, or by another reasonable method. The updated Policy will be effective as of the "Last Updated" date unless we state otherwise.

Where required by law, we will obtain your consent before applying material changes to how we process personal data.

Hooh Inc.

3500 S Dupont HWY, Dover, DE 19901, USA

Email: privacy@hooh.ai