Hooks Privacy Policy

1. Data We Collect

When you use Hooks CRM, we collect and store the following:

• CRM user account information (email address, display name, role)
• X OAuth tokens (access token, refresh token, expiry)
• X profile data (username, X user ID)
• DM metadata and message content generated or sent through Hooks

2. How We Use Your Data

Data is used solely to enable DM outreach and reply tracking within your organisation. Specifically:

• X tokens are used to send DMs on your behalf when you click "Send DM"
• X profile data is used to display your connected account in Settings
• DM content is stored to provide draft history and audit trail

We never send DMs automatically. Every send requires explicit user action.

3. Data Storage

All data is stored in a PostgreSQL database hosted within RealOpen's infrastructure. OAuth tokens are stored in the database. (Encryption at rest for token values is planned — see internal TODO.)

4. Data Retention

Data is retained while your account is active. Disconnecting your X account deletes the stored OAuth tokens immediately. Account deletion removes all associated data.

5. Third-Party Services

Hooks CRM integrates with the following third-party services:

• X (Twitter) API — used per your explicit authorisation to send DMs and read profile data. Governed by X's Privacy Policy.
• Auth0 — used for authentication. Governed by Auth0's Privacy Policy.

We do not sell or share your data with any other third parties.

6. Your Rights

You may disconnect your X account at any time from Settings. For data deletion requests or other privacy inquiries, contact us at the address below.

7. Contact

Privacy inquiries: support@realopen.com