Privacy Policy

privacy.section1Body

We use the collected data to: (a) identify and authenticate accounts, (b) distinguish reviewer sessions (detect the same device returning), (c) filter bots and scrapers, (d) compute the review signals (page dwell, outcomes) we surface back to senders, and (e) respond to security incidents.

Under GDPR Recital 26, anonymized reviewer data (cookie ID + fingerprint hash + subnet hash) is treated as re-identification-resistant statistical data. We do not sell data to third parties for marketing without explicit consent.

HookDoc may use Microsoft Clarity (with Consent API v2) for product improvement — session replay and page-level heatmaps. A cookie consent banner is shown on first visit, and Clarity is only activated when you choose "Accept all."

With "Essential only" or no selection, Clarity stays fully dormant and sends nothing. Under no circumstance does comment body, raw email, raw IP, or session tokens ever reach Clarity.

Uploaded PDFs, page images, thumbnails, and annotated PDF derivatives live in Cloudflare R2 (Seoul region). Database records (users, document metadata, comments, event log) live in Supabase Postgres (ap-northeast-2, Seoul).

Your original PDFs are never used to train third-party AI, and no one other than the HookDoc operator has access to the buckets.

Documents deleted via the Danger Zone are hard-deleted from R2 immediately (not recoverable). Database rows are soft-deleted for 30 days for audit, then background cleanup fully removes them.

Account deletion applies the same policy to every document and workspace you own. The event log (`document_events`) is the basis of review outcome evidence and is removed together with the document's hard delete.

You have the right to access, correct, delete, restrict, and object to processing of your data. The fastest path is the "Permanently delete account" button in `/app/settings`.

For anything not supported by self-service — a data copy request (Right to Access), correcting specific fields, or deleting reviewer sessions for a specific document — email us and we will reply within 7 business days with the outcome.

privacy.section7Body

Paid plan billing goes through Polar.sh as Merchant of Record (MoR). HookDoc does not store card numbers or payment details — Polar.sh handles them in a PCI DSS compliant environment.

Polar.sh handles global VAT/Sales Tax filing, so jurisdiction-specific tax information may be forwarded to Polar.sh. See Polar.sh's privacy policy for details.

The Service does not permit users under 14. Accounts suspected of belonging to a user under 14 will be removed after prior notice.

We notify you at least 7 days in advance by email or in-service notice when this policy changes. Material changes (new collection categories, third-party recipients) trigger a 30-day notice period and re-consent.