HooktikHooktik

Privacy Policy

Last updated: May 29, 2026

1. Introduction

This Privacy Policy (the "Policy") describes how GGG games - FZCO, a company organized under the laws of the United Arab Emirates, with offices at IFZA Business Park, Dubai Silicon Oasis, Dubai, UAE ("Hooktik", "we", "us"), collects, uses, stores, shares, and protects personal data when you access or use the Hooktik website, services, and applications (the "Service").

This Policy applies to all Users worldwide and should be read together with our Terms and Conditions. If you do not agree with our practices, please do not use the Service.

2. Data Controller

Hooktik is the Data Controller responsible for the personal data described in this Policy. For any questions or requests, contact us at:

GGG games - FZCO, IFZA Business Park, Dubai Silicon Oasis, Dubai, UAE.

Email: support@hooktik.com.

We are not required by applicable law to appoint a Data Protection Officer; all privacy inquiries are handled by our designated team via the contact above.

3. Personal Data We Collect

3.1 Information You Provide at Registration

Authentication to the Service is provided exclusively through a third-party authentication provider ("Sign in with Google"). When you register, we receive from this provider your email address, your name, your profile picture, and a unique account identifier. We do not receive your password. We do not currently offer email-and-password registration.

Your name and profile picture are initially imported from your authentication provider and can be edited through your Account settings. We also store records of the version of our Terms and Privacy Policy you accepted, and the date and time of acceptance.

3.2 Information You Provide Through Use of the Service

As you use the Service, we collect:

  • User Content: the videos you upload for analysis, along with the content category and video format you select for each video;
  • Video frames: still frames extracted from your uploaded videos and used by AI to analyze visual composition;
  • Video metadata: technical metadata associated with uploaded videos, such as duration, file size, original filename, a cryptographic hash of the file (used for deduplication and integrity checks), and time of upload;
  • AI Output: the analysis results generated for your User Content, including a viral score, fix plan, verbatim transcript of audio, scene description and timeline, suggested target audience, and any other recommendations produced by the Service;
  • Voluntary information: we may from time to time invite you to provide additional information about your content preferences, goals, or experience through onboarding surveys or in-app questionnaires. Providing such information is voluntary unless explicitly indicated;
  • Communications: messages you send to our support team.

3.3 Payment Information

We do not collect or store your full payment card details. All payment information is collected and processed directly by our third-party payment processor through their secure, PCI-DSS-compliant infrastructure. From the payment processor we receive only limited information necessary to provide and manage your Subscription, including a unique customer identifier, identifiers and status of your active Subscription, your selected plan and billing interval, the renewal date and any pending cancellation, the periodic Credit allocation associated with your plan, identifiers used to deduplicate billing events, and transaction amounts, currencies, and timestamps. You may manage your saved payment methods at any time through the payment processor's hosted Customer Portal accessible from your Account.

3.4 Information Collected Automatically

When you access the Service, we automatically collect: device and browser information (device type, operating system, browser type and version, language); network information (IP address, used for security, fraud prevention, country detection, and analytics); usage data (pages visited, features used, actions taken, timestamps, session duration, referring URLs, and error logs); and the video metadata described above.

3.5 Cookies and Similar Technologies

We and our service providers use cookies, local storage, and similar technologies to operate the Service, analyze usage, and (where applicable) deliver advertising. Section 9 of this Policy describes the categories of cookies we use and how you can manage your preferences.

3.6 What We Do Not Collect

We do not knowingly collect biometric data or biometric templates; special category data within the meaning of GDPR Article 9 (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or data concerning sexual orientation); government-issued identification numbers; or information about persons under 18. While User Content you upload may inadvertently contain such data, we do not actively process or analyze that data as a special category.

4. How We Use Your Personal Data

We process personal data to: (a) create and maintain your Account, authenticate you, and secure the Service; (b) process your uploaded videos through AI systems and deliver analysis results; (c) cache analysis results to improve performance; (d) process payments, manage automatic renewals, and handle refunds and chargebacks; (e) comply with tax, accounting, and anti-money-laundering obligations; (f) send transactional emails (account-related notices, payment receipts, renewal notices, deletion confirmations); (g) send marketing and promotional emails about the Service, which you can opt out of at any time using the unsubscribe link; (h) respond to support inquiries; (i) analyze usage and improve the Service, including A/B testing and aggregated analytics; (j) detect and prevent security threats, fraud, and abuse; (k) enforce our Terms and protect our legal rights; and (l) comply with legal obligations, court orders, and lawful requests from authorities.

5. Legal Bases for Processing

If you are in the EEA, the UK, or another jurisdiction with similar laws, we rely on the following legal bases under GDPR Article 6:

  • Performance of a contract: to provide the Service, manage your Account, and process payments;
  • Legitimate interests: to improve and secure the Service, prevent fraud and abuse, conduct analytics, send direct marketing about our own services, and protect our legal rights, balanced against your privacy rights;
  • Consent: for non-essential cookies, identified case studies, AI model training (if introduced in the future), and other activities where consent is required by law. You may withdraw your consent at any time;
  • Legal obligation: to comply with tax, accounting, anti-money-laundering, and law-enforcement requirements.

6. Service Providers and Data Sharing

To deliver the Service, we engage carefully selected third-party service providers ("Service Providers") who are bound by contractual obligations consistent with this Policy and applicable data-protection laws. Our Service Providers fall into the following categories: cloud infrastructure and hosting; database and storage; artificial intelligence model providers (which receive your uploaded videos, extracted frames, the content category and format you select, and our proprietary system instructions to generate AI Output); authentication providers; payment processors; email and communication service providers; analytics and product measurement providers; and feature management and experimentation providers.

Most of our Service Providers are located in the United States. By using the Service, you consent to the transfer and processing of your personal data by these Service Providers, including transfers to the United States and other countries outside your country of residence. A current list of our Service Providers by name is available on request to support@hooktik.com.

We may also disclose personal data when we believe in good faith that disclosure is necessary to comply with legal obligations or lawful requests; to protect the rights, property, or safety of Hooktik, our Users, or others; or to investigate or prevent fraud, security incidents, or violations of our Terms. If Hooktik is involved in a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity; we will notify you in advance of any material change. We do not sell your personal data and do not share it with third parties for their independent marketing purposes.

7. International Data Transfers

Our infrastructure and several of our Service Providers are located in the United States, which may not provide the same level of data protection as your country of residence. For transfers from the EEA, UK, UAE, or other jurisdictions with cross-border restrictions to countries that have not been deemed adequate, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, equivalent safeguards under UAE PDPL, and (where applicable) the EU-U.S. Data Privacy Framework. You may request a copy of the safeguards by contacting us at support@hooktik.com.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes set out in this Policy, unless a longer retention period is required or permitted by law.

8.1 User Content

Uploaded videos, extracted video frames, transcripts, scene descriptions, viral scores, fix plans, and all other analysis results (collectively, "User Content and Analysis") are retained according to the following schedule, based on your active plan at the time of upload:

  • Free and Creator plans: thirty (30) days from the time of upload, after which the User Content and Analysis are automatically deleted from our active systems;
  • Pro plan: ninety (90) days from the time of upload, after which the User Content and Analysis are automatically deleted from our active systems;
  • Content found to violate our Terms: deleted promptly after detection by our automated content-moderation systems.

If you upgrade from the Creator plan to the Pro plan, the retention period applicable to videos already uploaded under the Creator plan does not change and remains 30 days. Videos uploaded after the upgrade are retained for 90 days. Top-Up Credits do not affect the retention period; the period that applies is the one associated with your active Subscription plan at the time of upload.

You may delete any video, together with its associated frames and analysis results, at any time through your Account settings. Upon such deletion, the User Content and Analysis are permanently removed from our active systems and cannot be recovered.

8.2 Account and Other Data

  • Account information: retained while your Account remains active. If your Account is inactive for eighteen (18) consecutive months, we will delete it (with prior email notifications) in accordance with our Terms and Conditions.
  • Videos transmitted to AI Service Providers: deleted from the AI Service Provider's systems promptly after the analysis is complete. AI Service Providers do not retain inputs or outputs beyond short retention periods established by their commercial terms.
  • Payment and billing records: retained by our payment processor in accordance with applicable financial, tax, and anti-money-laundering laws (generally up to seven (7) years).
  • Security and access logs: retained for up to 12 months for security, fraud-prevention, and audit purposes.
  • Support communications: retained for up to twenty-four (24) months after the resolution of your inquiry.
  • Consent records: retained for the duration of your Account and for up to three (3) years thereafter, to demonstrate compliance.
  • Marketing data: retained until you opt out, after which we retain only a record of your opt-out as needed to honor it.

8.3 Account Deletion

Upon deletion of your Account — whether at your request, by automatic deletion of an inactive Account, or by us in accordance with our Terms — all User Content, video frames, and Analysis associated with your Account are permanently removed from our active systems, without possibility of recovery. Certain residual data may remain in encrypted backups for a limited period before being overwritten in the ordinary course of our backup rotation, and certain data may be retained where required by law or to enforce our legal rights.

9. Cookies

We use cookies and similar technologies in the following categories: strictly necessary cookies (required to operate the Service, including authentication, security, load balancing, and temporary storage of an uploaded video while you complete registration); functional cookies (to remember your preferences); analytics cookies (to understand how Users interact with the Service); marketing and advertising cookies (to measure the effectiveness of campaigns and deliver relevant advertisements); and fraud-prevention cookies (set by our payment processor to detect and prevent fraudulent payments).

Strictly necessary cookies are essential to provide the Service that you have requested and are therefore set without requiring your consent. Where required by law (including in the EEA and the UK), we obtain your consent before setting non-essential cookies. You can accept all cookies, reject all non-essential cookies, or customize your preferences through our cookie banner, and you can change your preferences at any time. You can also manage cookies through your browser settings.

10. Your Rights

Subject to applicable law, you have the right to: access your personal data and request a copy; request rectification of inaccurate data (you can update most Account information directly in your settings); request erasure of your personal data, subject to legal exceptions (you can delete your Account at any time in your settings — deletion is permanent and irreversible); restrict our processing in certain circumstances; receive your personal data in a structured, machine-readable format and transmit it to another controller where technically feasible; object to processing based on legitimate interests, including direct marketing; withdraw consent at any time where processing is based on consent; and not be subject to decisions based solely on automated processing that produce legal effects concerning you (as explained in Section 12, our AI Output does not produce such effects).

To exercise any of these rights, contact us at support@hooktik.com. We will respond within thirty (30) days unless an extension is permitted by law. We may need to verify your identity before processing your request.

If you are in the EEA or UK, you have the right to lodge a complaint with a data protection supervisory authority. If you are in the UAE, you may lodge a complaint with the UAE Data Office. We encourage you to contact us first.

11. Regional Rights

11.1 California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA, the "CCPA") provides additional rights. In the preceding 12 months, we have collected the categories of personal data described in Section 3 (identifiers; commercial information; internet and network activity; audio, electronic, visual, or similar information; and inferences). We collect these from you directly, automatically through your use of the Service, and from third parties (such as authentication providers and our payment processor). The purposes of collection are described in Section 4.

As a California resident, you have the right to know what personal data we collect, use, disclose, and sell; to access and request a copy of your personal data; to request deletion or correction; to opt out of the sale or sharing of your personal data; to limit the use and disclosure of sensitive personal data; and not to be discriminated against for exercising your rights. We do not sell personal data for monetary consideration. However, certain analytics and advertising technologies may constitute "sharing" under the CCPA, which you can opt out of via our cookie banner. To exercise CCPA rights, contact us at support@hooktik.com; we will respond within 45 days (with a possible 45-day extension where permitted). You may designate an authorized agent, subject to verification.

11.2 United Kingdom

If you are in the UK, your personal data is processed in accordance with the UK GDPR and the Data Protection Act 2018. The rights described in Section 10 apply, and you may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

11.3 United Arab Emirates

If you are in the UAE, your personal data is processed in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and its Executive Regulations. As a data subject under the PDPL, you have the right to be informed of how your data is processed; to access and request a copy in a clear manner; to request correction; to request deletion, subject to exceptions; to restrict or object to processing; to request transfer where technically feasible; to object to automated decision-making that produces legal effects; to withdraw consent; and to lodge a complaint with the UAE Data Office. To exercise any of these rights, contact us at support@hooktik.com.

12. Security, Breaches, and AI

12.1 Data Security

We implement appropriate technical and organizational measures to protect personal data, including: encryption at rest using AES-256 for User Content stored in cloud storage and for our database; encryption in transit using TLS 1.2 or higher for all communications with the Service and for all transmissions to our Service Providers (including AI providers, the payment processor, and authentication providers); access controls limiting access on a need-to-know basis; secure third-party authentication; ongoing monitoring for security incidents; and contractual security obligations imposed on our Service Providers. We do not store passwords because authentication is performed exclusively through a third-party authentication provider. Despite our measures, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account at the authentication provider and notifying us of any suspected unauthorized access.

12.2 Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected Users without undue delay and within the timeframes required by applicable law (including within 72 hours where required by GDPR). Notifications to affected Users will describe the nature of the breach, the categories of data affected, likely consequences, and the measures taken to address it.

12.3 Children's Privacy

The Service is not intended for, and we do not knowingly collect personal data from, individuals under 18. By using the Service, you confirm that you are at least 18 years old. If we become aware that we have collected personal data from a person under 18, we will promptly delete the data and terminate the associated Account. If you believe that a person under 18 has provided us with personal data, contact us at support@hooktik.com.

12.4 AI and Automated Decision-Making

The Service uses artificial intelligence systems provided by third-party Service Providers to analyze User Content and generate viral scores, fix plans, and other recommendations. These providers process the uploaded video, extracted frames, transcript, the content category and format you selected, and our proprietary system instructions. The Service uses AI to analyze visual composition, including the presence of faces, framing, expressions, and visual elements; it does not perform biometric identification of individuals, does not create biometric templates or facial-recognition profiles, and does not attempt to identify the real-world identity of any person appearing in your video.

Our AI Output is informational and advisory only. It does not produce legal effects concerning you and does not significantly affect you in a similar manner. You retain full discretion over whether and how to act on it. We do not use your User Content to train our own AI models. Our AI Service Providers, under their commercial terms applicable to API customers, do not use your User Content to train their general-purpose models.

13. Third-Party Links, Changes, and Contact

13.1 Third-Party Links and Services

The Service may contain links to third-party websites or services (such as payment processor portals and authentication provider pages). This Policy does not apply to those third parties, and we are not responsible for their privacy practices. Please review their privacy policies before providing them with your personal data.

13.2 Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, the Service, or applicable laws. If we make material changes, we will notify you by email or by a prominent notice on the Service at least thirty (30) days before they take effect, unless a shorter period is required by law. The "Last Updated" date at the top shows when this Policy was most recently revised. Your continued use of the Service after the effective date constitutes acknowledgment of the revised Policy.

13.3 Contact

For any questions or requests, contact us at GGG games - FZCO, IFZA Business Park, Dubai Silicon Oasis, Dubai, United Arab Emirates. Email: support@hooktik.com. Website: www.hooktik.com.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.

TikTok Data

When you choose to connect your TikTok account to Hooktik, and only after you authorize access through TikTok's official login, we access the following information through TikTok's APIs:

  • Profile information — your avatar, display name, username, bio, and account verification status.
  • Account statistics — your follower count, following count, total likes, and video count.
  • Public videos — the title, cover image, share URL, duration, creation time, and public engagement metrics (views, likes, comments, and shares) of your public videos.

We use this information solely to analyze your content and give you personalized feedback and growth recommendations inside Hooktik. We do not sell your TikTok data, and we do not share it with third parties except service providers that operate the product on our behalf (such as our AI analysis provider) or where required by law.

Revoking access and deletion. You can revoke Hooktik's access to your TikTok account at any time. Deleting your Hooktik account revokes Hooktik's TikTok access token and stops any further access to your TikTok data. You may also request deletion of the TikTok-derived data we hold by emailing support@hooktik.com, and we will delete it within 30 days. Our handling of TikTok data complies with the TikTok Developer Terms and the TikTok Developer Guidelines.