Privacy Policy

1. Summary

Hooky is a local-first developer tool. Most of your data — chats, pairing tokens, file contents, terminal output — stays on the devices you control: your computer running the IDE and your phone running the Hooky app. We collect personal data only where it is necessary to provide the Services or where you actively give it to us (for example, when you sign in with GitHub or join our launch waitlist).

2. Who is the controller of your data?

The controller for personal data processed through the Services is the operator of Hooky (the “Operator”). You can contact us about this policy or any privacy matter by writing to privacy@hooky-ai.com.

3. Information we collect

3.1 Information you provide directly

• GitHub account information. When you sign in to the mobile app with GitHub, we receive the public profile fields that GitHub returns (such as your GitHub user ID, username, display name, avatar URL, and the email address associated with your GitHub account if you have set it to be shared). We use this to authenticate you and to associate your saved chats, sessions, and messages with your account.
• Waitlist email.If you submit your email address on the “Coming soon” page or any other signup form on hooky-ai.com, we store that email address solely to notify you when Hooky becomes available and to send occasional launch-related updates.
• Content you send to the Services. Chat messages, file content you choose to upload, screenshots, prompts for the AI agent, and similar inputs that you submit through the app or extension.
• Support and feedback. If you contact us, we keep the contents of your message and our reply.

3.2 Information collected automatically

• Connection metadata. Pairing codes, session tokens, device identifiers generated by the app, IP address of the connecting device, timestamps, and basic diagnostic information (operating system version, app version). This information is used to establish and maintain the encrypted WebSocket link between your phone and your IDE.
• Push notification tokens.If you allow the app to send notifications, your device’s push token (from Apple Push Notification service or Firebase Cloud Messaging) is sent to our relay backend so that we can deliver a notification when your AI agent needs your attention.
• Server logs. Our servers automatically record standard request information (IP address, request path, response code, timestamp, user agent) for security, abuse prevention, and diagnostic purposes.

3.3 Information we do not collect

We do not use third-party analytics, advertising trackers, or behavioural profiling cookies on the website. We do not request access to your contacts, calendar, microphone, or location. The mobile app only requests permissions (camera, photos, files, notifications) at the moment you use a feature that needs them.

4. How your content is stored and transmitted

• Local mode (LAN). When your phone and IDE are on the same network, they connect directly over a WebSocket. Your content does not pass through any Hooky server in this mode.
• Relay mode.When you connect from outside the IDE machine’s local network, traffic is routed through our encrypted relay server (over TLS / WSS). The relay forwards messages between your two devices; we do not intentionally read, log, or persist the contents of those messages beyond what is necessary to deliver them. Limited operational logs may incidentally include message identifiers and routing metadata.
• Account data. Your GitHub profile, saved chat list, sessions, and chat messages (if you choose to sync them) are stored on our backend in a JSON-based store so that the same account can be used across devices. This data is associated with your GitHub user ID.
• On-device data.Chat history, drafts, pairing tokens, and editor state are also stored on your phone and inside your IDE’s user storage directory. Uninstalling the app or the extension removes that local copy.

5. How we use information

We process personal data for the following purposes and on the following legal bases (in jurisdictions where this terminology applies, such as the EU/EEA and the United Kingdom):

• To provide the Services. Authenticating you, pairing your devices, routing messages between them, persisting your chats, sending push notifications you have opted into. (Legal basis: performance of a contract.)
• To keep the Services secure. Detecting and preventing abuse, brute-force attacks, and unauthorised access. (Legal basis: legitimate interests.)
• To improve the Services. Aggregated, non-personal diagnostics about errors and reliability. (Legal basis: legitimate interests.)
• To notify you of launch and updates. If you joined the waitlist or subscribed to launch updates. (Legal basis: consent. You can withdraw it at any time.)
• To comply with law. Where we are required to retain or disclose information to comply with a legal obligation. (Legal basis: legal obligation.)

We do not sell your personal information, and we do not use your content to train artificial intelligence models.

6. Third-party processors

Hooky relies on a small number of carefully selected providers to operate the Services. Each operates under its own privacy policy and processes data only on our instructions where applicable:

• GitHub, Inc.— used for authentication (OAuth) and, if you enable it, GitHub Copilot integration in the IDE. See GitHub’s Privacy Statement.
• Anthropic, PBC.— used to translate casual mobile messages into developer-friendly prompts when you enable AI translation, and to power Claude Code where you choose to use it. See Anthropic’s Privacy Policy. When this feature is enabled, the text of the affected messages is sent to Anthropic for processing.
• Apple Inc. (Apple Push Notification service) and Google LLC(Firebase Cloud Messaging) — used to deliver push notifications to your device, if enabled.
• Hosting providers. Our relay server and waitlist backend run on third-party infrastructure providers in the regions we operate. They process data on our behalf under data processing agreements where required.

We do not share your personal data with third parties for their own marketing purposes.

7. International transfers

Our infrastructure providers may process data in regions outside of your country of residence, including the European Union and the United States. Where personal data is transferred outside of the European Economic Area or the United Kingdom, we rely on appropriate safeguards (such as Standard Contractual Clauses) recognised under applicable data protection law.

8. Retention

• Account data is kept for as long as your account is active. If you delete your account, your profile and synced chat history are removed from our active systems within a reasonable period and from backups in accordance with normal backup-rotation schedules.
• Waitlist email addresses are kept until you unsubscribe or until launch updates are no longer being sent, whichever comes first.
• Relay routing logs are kept only as long as needed for security and abuse-prevention purposes.
• Push notification tokens are deleted when you disable notifications, uninstall the app, or when the token becomes invalid.

9. Your rights

Depending on where you live, you may have the following rights with respect to your personal data:

• access to a copy of the information we hold about you;
• correction of inaccurate or incomplete information;
• deletion of your data (sometimes called the “right to be forgotten”);
• restriction or objection to certain types of processing, including processing based on our legitimate interests;
• portability of the data you have given us;
• withdrawal of consent at any time, where processing is based on consent;
• the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, write to privacy@hooky-ai.com. We will respond within the timeframes required by applicable law. We may need to verify your identity before acting on certain requests.

10. Security

All communication between the mobile app, the relay, and the IDE extension uses Transport Layer Security (TLS). Pairing codes are short-lived (currently ten minutes) and authentication tokens are long random strings. Credentials pushed to the IDE for the Claude CLI are written to disk with restrictive file permissions on the IDE machine. No system can be guaranteed to be perfectly secure, but we work to apply industry-standard practices and to fix issues promptly when they are reported.

11. Children

Hooky is intended for software developers and is not directed at children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, where the changes are material, we will provide a more prominent notice (for example, an in-app message or an email to subscribers).

13. Contact

Questions or requests about this Privacy Policy can be sent to privacy@hooky-ai.com.