Hooh Inc — Privacy Policy

Last updated: December 14, 2025

This Privacy Policy explains how Hooh Inc. ("Hooh", "we", "us", "our") collects, uses, discloses, and protects information about you when you use our websites, web and mobile applications, browser extensions, APIs, SDKs, and related services that help you store, process, search, and understand documents using AI capabilities (collectively, the "Services").

By using the Services, you agree to the collection and use of information under this Policy. If you disagree, do not use the Services.

1. Who we are and how to contact us

  • Controller: Hooh Inc., a Delaware corporation.
  • Address: 3500 S Dupont HWY, Dover, DE, 19901, USA
  • Email: privacy@hooh.com
  • Data Protection Contact: privacy@hooh.com

For questions or to exercise your privacy rights, email privacy@hooh.com.

2. Scope

This Policy applies to personal data we process about:

  • End users of the Services;
  • Admins and users of organizational accounts;
  • Website visitors and individuals who interact with us (e.g., support, sales, marketing).

This Policy does not apply to third-party services you connect to the Services. Their practices are governed by their own policies. For processing we perform on your behalf, our Data Processing Agreement (DPA) applies.

3. Information we collect

We collect information in the following categories:

  • 3.1 Account & Contact Data: Name, email, password, profile photo, role, organization, billing contact, postal address, phone number.
  • 3.2 Payment & Transaction Data: Payment method details (tokenized by our processor), invoices, subscription plan, transaction history, tax IDs. We do not store full credit card numbers.
  • 3.3 Content & Metadata (“User Content”): Files you upload or connect, prompts/instructions, annotations, tags, extracted fields, AI outputs, document structure, and related metadata.
  • 3.4 Usage & Technical Data: Log files (IP address, timestamps, request/response metadata), device and browser, language, OS, crash reports, performance metrics, feature interactions, referral URLs. 
  • 3.5 Cookies & Mobile Advertising IDs: Cookies, local storage, mobile advertising identifiers (such as Apple IDFA),and similar technologies for authentication, analytics, advertising attribution, and security. See Section 9.
  • 3.6 Support & Communications: Content of messages to support or sales, meeting recordings (with notice), feedback, survey responses.
  • 3.7 Third-Party Sources: If you connect third-party services (e.g., cloud storage, email, calendars), we receive information from those services as authorized by you.

We do not intentionally request special categories of data (e.g., health, biometric, precise geolocation). If you choose to upload such data, we process it to provide the Services and as described in this Policy; where required by law, we rely on your consent or another applicable legal basis.

4. How we use information (purposes & legal bases)

We use information to:

  • Provide and secure the Services (authentication, operations, incident response, fraud prevention).
  • Process User Content to deliver AI features (OCR, classification, search, summarization, extraction).
  • Improve and develop the Services (quality, safety, performance, UX) using de-identified or aggregated data.
    • Note: We will not use your User Content or Outputs to train models in a way that could identify you or your organization unless you opt-in or we have a separate written agreement.
  • Communicate with you (service notices, updates, security alerts).
  • Billing and account management (including free trials, promotions, and enforcing fair use limits).
  • Compliance with laws and enforcement of our Terms.

We process data based on contract necessity, legitimate interests (e.g., security, improvement), and consent where required. Where consent is the legal basis (e.g., certain cookies, marketing), you may withdraw consent at any time.

5. AI features and outputs

The Services may generate content ("Outputs"). Outputs are non-deterministic and may be inaccurate or biased. You are responsible for evaluating Outputs. Unless you opt-in or sign a separate agreement, we do not use your identifiable User Content or Outputs to train or fine-tune foundation models. We may use de-identified/aggregated telemetry to improve safety and performance.

6. Sharing of information

We share information with:

  • Service providers/subprocessors that host, store, process, or support the Services (cloud, compute, database, logging, email, payments). We require appropriate contracts and safeguards.
  • Organization administrators who manage your account (they may access, export, or delete data per their policies).
  • Professional advisors (lawyers, auditors) under confidentiality.
  • Legal and safety: When required by law or to protect rights, privacy, safety, or property.
  • Corporate transactions: In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising where prohibited without your consent.

7. International transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards, including Standard Contractual Clauses (SCCs) for transfers from the EEA/UK/Switzerland, plus relevant UK and Swiss addenda. We also implement technical and organizational measures such as encryption in transit and at rest.

8. Data retention

We retain personal data for as long as necessary to provide the Services and for legitimate business or legal purposes, including security, backups, and auditing. Typical retention periods:

  • Account data: For the life of the account and up to 24 months after closure, unless you request earlier deletion.
  • User Content: Until you delete it or your account ends; backups may persist up to 90 days.
  • Logs and telemetry: 12–24 months (shorter where feasible).

9. Cookies and similar technologies

We use strictly necessary, functional, and analytics cookies. Where required by law, we show a cookie banner to collect consent and allow you to manage preferences. Browser settings may also control cookies.

10. Security

We implement technical and organizational measures designed to protect personal data, which may include encryption in transit and at rest, access controls (least privilege, MFA for admins), network segmentation, vulnerability management, logging and monitoring, and employee training. No system is perfectly secure. If we discover a data breach, we will notify affected users as required by law.

11. Your rights

Depending on your location, you may have the right to request:

  • Access, correction, deletion, or portability of your personal data;
  • Restriction or objection to processing (including for direct marketing);
  • Withdrawal of consent where processing is based on consent.
  • EEA/UK/Swiss residents: Exercise rights under GDPR/UK GDPR by emailing privacy@hooh.com.
  • California and certain U.S. states: You may have rights to know/access, correct, delete, and opt out of "sale" or "sharing" (as defined by law). Hooh does not sell personal information. Submit requests to privacy@hooh.com.

12. Children’s privacy

The Services are not directed to children, and we do not knowingly collect personal data from individuals under 16. If you believe a child provided data, contact privacy@hooh.com to request deletion.

13. Third-party services

The Services may link to or integrate with third-party services. Their privacy practices are governed by their policies. We are not responsible for third-party practices.

14. Changes to this Policy

We may update this Policy from time to time. If changes are material, we will provide notice (e.g., email or in-product). Your continued use of the Services after the effective date constitutes acceptance.

© 2026 Hooh Inc
Twitter
LinkedIn
Instagram
Facebook
About
Contact Us
Terms of Service
Privacy Policy
Twitter
LinkedIn
Instagram
Facebook
About
Contact Us
Terms of Service
Privacy Policy
© 2026 Hooh Inc