← Back to Hooklift

Privacy Policy

Effective April 10, 2026

1. Introduction & Scope

This Privacy Policy (“Policy”) describes how SYNNETRA Corp, operating under the brand name Hooklift (“Hooklift,” “we,” “us,” or “our”), collects, uses, discloses, and protects your personal information when you visit our website at hooklift.tech (the “Site”), submit our audit request form, communicate with us, or otherwise interact with our services.

Hooklift is a done-for-you Meta ad creative agency that produces video ad creative for SaaS companies. This Policy applies to all personal information collected through our Site, our audit request process, email communications, and any other channels through which you may provide personal information to us.

By using our Site or submitting information to us, you acknowledge that you have read and understood this Policy. If you do not agree with our practices as described in this Policy, please do not use our Site or submit any personal information to us.

We are committed to protecting your privacy and handling your personal data with transparency. This Policy is designed to comply with applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), and other applicable privacy legislation.

2. Information We Collect

2.1 Information You Provide Directly

When you submit our audit request form, we collect the following personal information that you voluntarily provide:

  • Full name — to identify you and personalize our communications.
  • Work email address — to respond to your audit request, send you the completed audit, and communicate about our services.
  • Company URL — to review your current online presence and ad creative as part of our audit process.

You may also provide additional personal information when you contact us via email, respond to our communications, or otherwise interact with us. This may include your job title, company name, phone number, or other information you choose to share.

2.2 Information Collected Automatically

When you visit our Site, certain information is collected automatically through cookies, web beacons, and similar tracking technologies. This automatically collected information may include:

  • IP address — your Internet Protocol address, which may indicate your approximate geographic location.
  • Browser type and version — the type and version of the web browser you use to access our Site (e.g., Chrome, Firefox, Safari).
  • Device information — the type of device you use (desktop, tablet, mobile), operating system, screen resolution, and device identifiers.
  • Operating system — the operating system running on your device (e.g., Windows, macOS, iOS, Android).
  • Referral URLs — the website or source that referred you to our Site, including UTM parameters from advertising campaigns.
  • Pages visited — which pages of our Site you view, the order in which you view them, and the duration of each page visit.
  • Time on page — how long you spend on each page of our Site.
  • Click paths — the links, buttons, and interactive elements you click on while navigating our Site.
  • Date and time of visit — when you accessed our Site and the timestamps of your interactions.
  • Language preferences — the language settings configured in your browser.

2.3 Cookies and Tracking Technologies

We use the following third-party analytics and advertising services on our Site. Each service is loaded conditionally only when the corresponding environment variable is configured in our deployment:

PostHog (Product Analytics)

PostHog is a product analytics platform that helps us understand how visitors interact with our Site. PostHog collects data on page views, button clicks, form interactions, and user journeys. It may set cookies including ph_ prefixed cookies for session identification and distinct user tracking. PostHog data is used to improve our Site’s user experience and optimize conversion flows. Data collected by PostHog is retained according to our PostHog instance configuration settings, typically for 12 months.

Google Analytics 4 (GA4 — Website Traffic Analytics)

Google Analytics 4 is a web analytics service provided by Google LLC. GA4 collects data about website traffic, user demographics (in aggregate), traffic sources, and user behavior. It sets cookies including _ga (used to distinguish users, expires after 2 years), _ga_* (used to persist session state, expires after 2 years), and _gid (used to distinguish users, expires after 24 hours). Google may process this data on servers located in the United States. For more information, see Google’s privacy policy.

Meta Pixel (Ad Attribution & Conversion Measurement)

The Meta Pixel (formerly Facebook Pixel) is a snippet of code provided by Meta Platforms, Inc. that allows us to measure the effectiveness of our advertising campaigns on Facebook and Instagram. The Meta Pixel collects data on page views, form submissions (as conversion events), and browsing behavior. It sets cookies including _fbp (used to deliver advertising, expires after 3 months) and _fbc (stores click identifiers from Facebook ad clicks, expires after 2 years). This data may be used by Meta to deliver targeted advertising and is subject to Meta’s data policy.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Service delivery: To process and respond to your audit request, prepare your creative audit report, and deliver the completed analysis to you via email or Loom video.
  • Communication: To communicate with you about our services, respond to your inquiries, provide customer support, and send you updates related to your audit request or engagement.
  • Marketing communications: To send you information about our services, new offerings, or promotional materials that may be of interest to you. You may opt out of marketing communications at any time by contacting us or clicking the unsubscribe link in our emails.
  • Analytics and improvement: To analyze how visitors use our Site, identify trends, measure the effectiveness of our marketing campaigns, and improve the functionality, content, and user experience of our Site.
  • Advertising measurement: To measure the effectiveness of our advertising campaigns on Meta platforms (Facebook and Instagram) and optimize our ad targeting and creative.
  • Fraud prevention and security: To detect, prevent, and address fraud, unauthorized access, security issues, and other potentially prohibited or illegal activities.
  • Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to enforce our Terms of Service and protect our legal rights.

5. How We Share Your Information

We do not sell your personal information to third parties. We may share your personal data with the following categories of recipients, solely for the purposes described in this Policy:

5.1 Service Providers

We use the following third-party service providers who process personal data on our behalf:

  • Supabase — cloud-hosted PostgreSQL database service where audit request submissions (name, email, company URL, submission timestamp, referral source) are stored. Supabase encrypts data in transit and at rest.
  • Vercel — web hosting and deployment platform that hosts our Site and serves our API endpoints. Vercel processes requests through its global edge network and may log request metadata (IP addresses, user agents) for operational purposes.
  • PostHog — product analytics platform that receives anonymized and pseudonymized user interaction data to help us understand how visitors use our Site.
  • Google (Google Analytics 4) — web analytics service that receives browsing data and site usage statistics to help us measure and analyze web traffic.
  • Meta Platforms (Meta Pixel) — advertising platform that receives conversion events and browsing data to measure the effectiveness of our advertising campaigns on Facebook and Instagram.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our Site of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.

5.3 Legal Requirements

We may disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, court order, or legal process served on us; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with our services; (d) protect the personal safety of users of our Site or the public; or (e) protect against legal liability.

5.4 With Your Consent

We may share your personal information with third parties when you have given us explicit consent to do so for a specific purpose.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, as described in this Policy, or as required by applicable law. Specific retention periods include:

  • Audit request submissions: We retain your name, email address, company URL, and submission metadata in our Supabase database for as long as necessary to provide our services and maintain our business relationship with you. If you do not engage our services, we retain this data for up to 24 months from the date of submission, after which it is deleted.
  • PostHog analytics data: Event data collected by PostHog is retained for up to 12 months from the date of collection.
  • Google Analytics data: GA4 retains user-level and event-level data for 14 months by default. Aggregated reporting data may be retained indefinitely.
  • Meta Pixel data: Data collected by the Meta Pixel is subject to Meta’s data retention policies. Event data is typically retained by Meta for up to 2 years.
  • Email communications: Records of email communications are retained for as long as necessary to provide our services and comply with our legal obligations.

You may request deletion of your personal data at any time by contacting us at our privacy contact form. We will process your request within 30 days, subject to any legal obligations that require us to retain certain information.

7. Your Privacy Rights

7.1 GDPR Rights (EU/EEA/UK Residents)

If you are a resident of the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the GDPR with respect to your personal data:

  • Right of access (Article 15): You have the right to request a copy of the personal data we hold about you, together with information about how we process it.
  • Right to rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to erasure (Article 17): You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to data portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

7.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, please see Section 14 (“California Privacy Rights”) below for a detailed description of your rights under the CCPA and CPRA.

7.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at our privacy contact form. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request. If we need additional time to process your request, we will notify you of the extension and the reasons for the delay.

8. Cookie Policy

Cookies are small text files that are stored on your device when you visit a website. We use cookies and similar tracking technologies to provide functionality, analyze usage, and deliver advertising.

8.1 Types of Cookies We Use

Cookie NamePurposeDurationType
ph_*PostHog session identification and user distinction1 yearAnalytics
_gaGoogle Analytics — distinguishes unique users2 yearsAnalytics
_ga_*Google Analytics — persists session state2 yearsAnalytics
_gidGoogle Analytics — distinguishes users (short-lived)24 hoursAnalytics
_fbpMeta Pixel — delivers and measures ad campaigns3 monthsMarketing
_fbcMeta Pixel — stores click identifiers from ad clicks2 yearsMarketing

8.2 Managing Cookie Preferences

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Please note that disabling cookies may affect the functionality of our Site.

To manage cookies in common browsers:

  • Chrome: Settings > Privacy and security > Cookies and other site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Cookies and site permissions > Manage and delete cookies

You can also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. To opt out of Meta Pixel tracking, you can adjust your ad settings in your Facebook account.

9. International Data Transfers

SYNNETRA Corp is based in Toronto, Ontario, Canada. Your personal data may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our service providers (Supabase, Vercel, Google, Meta, PostHog) may maintain servers and processing facilities.

These countries may have data protection laws that differ from the laws of your country. When we transfer personal data outside of the EEA, UK, or Switzerland, we rely on the following safeguards:

  • EU-U.S. Data Privacy Framework (DPF): Where applicable, we rely on service providers that have self-certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy Framework as a legal mechanism for data transfers.
  • Standard Contractual Clauses (SCCs): Where the DPF does not apply, we rely on the European Commission’s Standard Contractual Clauses to provide adequate protection for personal data transferred outside the EEA.
  • Adequacy decisions: Canada has been recognized by the European Commission as providing an adequate level of data protection under GDPR Article 45.

If you have questions about the safeguards in place for international transfers of your data, please contact us at our privacy contact form.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS/SSL) protocols. Our Site is served exclusively over HTTPS.
  • Encryption at rest: Audit request data stored in our Supabase database is encrypted at rest using industry-standard AES-256 encryption.
  • Access controls: Access to personal data is restricted to authorized personnel who need to access it for legitimate business purposes. We use role-based access controls and require strong authentication for administrative access.
  • Infrastructure security: Our hosting infrastructure (Vercel) and database provider (Supabase) maintain SOC 2 Type II compliance and implement comprehensive security programs.
  • Regular review: We periodically review our security practices and update them as necessary to address evolving threats and maintain the integrity and confidentiality of your data.

While we take reasonable precautions to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee the absolute security of your data.

11. Children's Privacy

Our Site and services are designed for business professionals and are not directed at children under the age of 16. We do not knowingly collect, use, or disclose personal information from children under 16 years of age. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as promptly as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at our privacy contact form so that we can take appropriate action.

12. Third-Party Links

Our Site may contain links to third-party websites, services, or resources that are not owned or controlled by Hooklift. This includes, but is not limited to, links to social media profiles, client websites, and external tools or platforms.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit, as their data collection and use practices may differ from ours. The inclusion of a link on our Site does not imply endorsement of the linked website or service.

Your interactions with third-party websites are governed by those websites’ own terms and privacy policies, and we accept no responsibility or liability for these interactions.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Policy, we will:

  • Update the “Effective” date at the top of this page.
  • Post the revised Policy on our Site.
  • Where required by applicable law, notify you via email or through a prominent notice on our Site prior to the changes taking effect.

We encourage you to review this Policy periodically to stay informed about how we protect your personal information. Your continued use of our Site and services after the posting of changes constitutes your acceptance of the revised Policy.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”), provides you with specific rights regarding your personal information. This section describes those rights and how to exercise them.

14.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email address, IP address, unique personal identifiers, online identifiers.
  • Internet or electronic network activity: Browsing history, search history, information regarding interactions with our Site.
  • Professional or employment-related information: Company URL (as a proxy for business affiliation).
  • Inferences: Inferences drawn from the above to create a profile reflecting preferences, behavior, and attitudes.

14.2 Your California Privacy Rights

As a California resident, you have the following rights:

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request the deletion of your personal information that we have collected, subject to certain exceptions provided by law.
  • Right to correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
  • Right to opt-out of sale or sharing: You have the right to opt out of the “sale” or “sharing” (for cross-context behavioral advertising) of your personal information. We do not sell personal information. Our use of analytics and advertising cookies (Google Analytics, Meta Pixel) may constitute “sharing” under the CCPA. You may opt out by adjusting your cookie preferences as described in Section 8.2.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level or quality of service.

14.3 California Shine the Light Law

Under California Civil Code Section 1798.83 (“Shine the Light” law), California residents who provide personal information to a business for the business’s own marketing purposes may request information about the personal data shared with third parties for their own direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

14.4 How to Exercise Your California Rights

To exercise your rights under the CCPA, please contact us at our privacy contact form. We will verify your identity before processing your request, which may require you to provide additional information. You may also designate an authorized agent to submit a request on your behalf. We will respond to verified consumer requests within 45 days, as required by law. If we need additional time, we will inform you of the reason and extension period in writing.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

SYNNETRA Corp (d/b/a Hooklift)

Toronto, Ontario, Canada

Contact: privacy contact form

For general inquiries about our services, please use our contact form.

If you are not satisfied with our response to your privacy inquiry, you have the right to lodge a complaint with your local data protection authority.