Hoopit AI, Inc Privacy Policy

Last updated: 2.11.26

Hoopit AI, Inc. (“Hoopit AI,” “we,” “us,” or “our”) operates a relational intelligence platform that provides an information architecture designed to enable users to identify, access, and leverage trusted connections within their professional and personal networks. Our platform is built on a privacy-first framework intended to ensure the secure processing of personal information while facilitating more tailored and effective interactions across digital environments.

This Privacy Policy sets forth the manner in which Hoopit AI collects, uses, discloses, and otherwise processes personal information through our website located at www.hoopit.ai, our proprietary platform and services, and other online properties under our ownership or control that link to this Privacy Policy (collectively, the “Services”), as well as through our official social media accounts, marketing initiatives, and other activities described herein.

This Privacy Policy does not apply to information that may be collected directly by the websites and other digital properties on which the Hoopit AI Service is deployed (the “Partner Sites”).

Personal Information We Collect

Information you provide to us

Personal information you may provide to us through the Service or otherwise includes:

  • Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.
  • Profile data, such as the username and password that you may set to establish an online account on the Service, gender, date of birth, biographical details, links to your profiles on social networks, interests, preferences, and any other information that you add to your account profile.
  • Communications data based on our exchanges with you, including when you contact us through the Service, communicate with us, social media, or otherwise.
  • Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
  • User-Generated Content Data. This includes information and materials that you create, contribute, or otherwise make available through the Service, such as the connections you establish, “hoops” you create or respond to, invitations, saved profiles, annotations, or other content you choose to generate or share. It also includes associated metadata. Metadata refers to information about such content, including, for example, when, where, and by whom it was created, shared, or modified; the format or structure of the content; and any subsequent updates. Metadata may also include relational signals and interaction data, such as whether a hoop has been viewed, saved, endorsed, or acted upon, as well as supplementary information you or others elect to associate with the content (e.g., tags, keywords, categories, or geolocation).
  • Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Third-party sources

We may combine personal information we receive from you with personal information we obtain from other sources, such as:

  • Public sources, such as social media platforms and other publicly available sources.
  • Private sources, such as data providers and data licensors.
  • Partner Sites.
  • Partners, such as marketing partners and event co-sponsors.
  • Service providers that provide services on our behalf or help us operate the Service or our business.
  • Business transaction partners. We may receive personal information in connection with an actual or prospective business transaction. For example, we may receive your personal information from an entity we acquire or are acquired by, a successor, or assignee or any party involved in a business transaction such as a merger, acquisition, sale of assets, or similar transaction, and/or in the context of an insolvency, bankruptcy, or receivership.
  • Third-party services, such as social media and other services (such as Google), that you use to log into, authenticate, or otherwise link to, your Service account. For details about data we access when you connect to your Google account, see the “Google Account Data” section below.

Google Account Data

When you connect your Google account to Hoopit, we access information depending on the features you enable.

  • Email address and profile information - Used for account creation, authentication, and personalization.

Gmail

  • Data Types Collected: Email messages, headers, metadata, thread information, labels, and folders
  • Purpose: To analyze communication patterns, extract relationship insights, and generate personalized communication recommendations
  • Processing: Email content is processed using AI algorithms to determine relationship strength, communication frequency, and business context
  • Storage: Email data is stored securely in our database with encryption at rest
  • Retention: Communication data is retained for relationship analysis purposes until user deletion

Google Calendar Data Access

  • Data Types Collected: Event details, attendee information, meeting outcomes, scheduling patterns
  • Purpose: To track professional interactions, identify follow-up opportunities, and enhance relationship intelligence
  • Processing: Calendar data is analyzed to determine relationship tier scoring and communication timing
  • Storage: Calendar events are stored with contact relationship data in our secure database

Google Contacts Data Access

  • Data Types Collected: Names, email addresses, phone numbers, company information, notes
  • Purpose: To build comprehensive contact profiles and identify relationship connections
  • Processing: Contact information is merged with internal relationship data and enhanced with AI-powered insights
  • Storage: Contact data is stored in our contacts database with relationship scoring and tier classifications

Our use of Google data adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google data for advertising or for purposes unrelated to providing the Service. We may engage third-party service providers to assist with platform operations, maintenance, or analysis. These service providers are contractually obligated to handle your information in a secure and confidential manner and are prohibited from using it for any other purpose.

You can revoke Hoopit's access to your Google account at any time at myaccount.google.com/permissions or through your Hoopit settings.

Automatic data collection

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Service, our communications and other online services, such as:

  • Device data, such as your computer or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
  • Online activity data, such as the pages you have viewed, saved and shared, the use of features within the Service, how long you spent on a page, the website you visited before using the Services, navigation paths between pages, information about your activity on a page, access times and duration of access, and whether you have opened our emails or clicked links within them.
  • Communication interaction data such as your interactions with our email or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.

Data about others

We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so. Our services may process data about individuals who are not direct users (e.g., professional contacts in your network). Where required, we will inform those individuals in accordance with GDPR Article 14. If direct notification proves impossible or disproportionate, we will apply appropriate safeguards.

Cookies and similar technologies

Some of our automatic data collection is facilitated by cookies and similar technologies. We will also store a record of your preferences in respect of the use of these technologies in connection with the Service.

  • Cookies, which are small text files that websites store on user devices and that allow web servers to record users' web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

For information concerning your choices with respect to the use of these technologies, see the Your rights & choices section, below.

How We Use Your Personal Information and Legal Bases

We may use your personal information for the purposes set out below. Each purpose is tied to at least one lawful basis under Article 6 GDPR.

PurposeExamples of UseLegal Basis
Service delivery & operationsAccount creation, access, communications, supportContract (Art. 6(1)(b))
Security & fraud preventionIdentity verification, monitoring, breach preventionLegitimate interest (Art. 6(1)(f)); Legal obligation (Art. 6(1)(c))
PersonalizationPreferences, saved profiles, recommendationsConsent (Art. 6(1)(a)) or Legitimate interest (Art. 6(1)(f))
Research & developmentService analytics, anonymization, AI improvementsLegitimate interest (Art. 6(1)(f))
Model training (user-only)Personalization of AI models per user or organizationLegitimate interest (Art. 6(1)(f)) with opt-out; Contract (Art. 6(1)(b))
Marketing communicationsService updates, newslettersConsent (Art. 6(1)(a))
Compliance & legalResponding to legal process, enforcing agreementsLegal obligation (Art. 6(1)(c))

We do not sell or share personal information for advertising purposes.

Use of Data for Model Training

We may process certain personal information and user-generated content in order to train, fine-tune, and improve models provisioned exclusively for, and accessible solely by, the individual user or affiliated organization. Such processing is carried out under the principles of data minimization and purpose limitation. Personal information is never sold, licensed, or disclosed for training models accessible to other customers, third parties, or the general public.

Users have the right to object to this processing at any time and may request exclusion from model training by contacting us at hello@hoopit.ai.

Compliance and protection

We may use your personal information to:

  • comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
  • protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements or our internal policies;
  • enforce the terms and conditions that govern the Service; and
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

With your consent

In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.

Data Encryption and Security

All personal information and user-generated content processed through Hoopit is encrypted both in transit and at rest. For sensitive categories of data, encryption is end-to-end, ensuring that only you can access the content—Hoopit itself cannot view or decrypt it.

We store personal information in secure data centers that maintain industry-recognized certifications (such as ISO 27001). These facilities apply strict technical and organizational safeguards and are subject to recurring audits to ensure the continued protection of personal data.

When Hoopit relies on third-party data centers or cloud infrastructure providers, encryption keys remain under Hoopit's exclusive control and are accessible only through Hoopit's secure software systems during the limited periods necessary to deliver the Services. Third-party service providers engaged by Hoopit AI act solely as processors on our behalf. They do not use, access, or disclose personal information for any purpose other than providing contracted services such as secure cloud storage, hosting, or technical support necessary to operate the Services.

At Hoopit, we employ leading technical, organizational, and physical safeguards—aligned with industry-recognized standards—to protect your personal information. While we are committed to maintaining the highest levels of security, it is important to recognize that, like all internet-based systems, no technology can be completely impervious to risk. Therefore, Hoopit cannot guarantee the absolute security of your personal information.

Enhanced Data Security and Encryption Details

Data security for third party services integration:

Encryption and Storage

  • All Google data is encrypted in transit using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256-GCM encryption in our database
  • Google OAuth tokens are encrypted and stored securely with limited access controls

Access Controls

  • Only authorized personnel have access to systems processing Google data
  • All access is logged and monitored for security purposes
  • Regular security audits ensure compliance with Google's security requirements

Data Minimization

  • We only request the minimum Google API scopes necessary for our service functionality
  • Users can revoke access to their Google data at any time through their Google Account settings
  • We delete inactive user data according to our retention schedule and Terms of Service

Data Retention

We retain personal information only as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by category:

  • Account data: retained while the account is active, and for up to 3 years after closure unless longer required by law.
  • Google integration data (emails, calendar, contacts): retained until user deletion, revocation of access, or account closure; automatically deleted within 30 days of revocation.
  • Logs and security data: typically retained for up to 12 months.
  • Aggregated, anonymized data: may be retained indefinitely.

Your Rights & Choices

In this section, we describe the rights and choices available to all users.

Access or update your information

If you have registered for an account with us through the Service, you may review and update certain account information by logging into the account.

Consent Withdrawal

You may withdraw your consent at any time, and withdrawing consent will be as easy as giving it. (GDPR Art. 7(3))

Opt-out of communications

You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may also opt-out of marketing-related emails or marketing-related mailings by contacting us at hello@hoopit.ai. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails.

If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message.

Cookies and other technologies

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Blocking images/clear gifs

Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.

Do Not Track

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track”. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information

We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Linked third-party platforms

If you choose to connect to the Service through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Your Rights with Google Data

  • Data Access and Portability. You can review all Google data we've collected about you through your account dashboard. You can export your data in standard formats upon request. You can request a detailed report of how your Google data has been processed.
  • Data Deletion. You can delete specific Google data (emails, calendar events, contacts) through your account. Complete account deletion will remove all associated Google data within 30 days. You can revoke Google data access through your Google Account settings at https://myaccount.google.com/permissions.
  • Granular Control. Choose which Google services to connect (Gmail only, Calendar only, etc.). Control how your communication data is processed and analyzed. Opt-out of specific AI analysis features while maintaining basic functionality.

Delete Your Data or Close Your Account

You can request deletion of your account and all associated data, including data obtained from Google, through the Hoopit application. We will confirm deletion via email once complete.

Under GDPR, UK GDPR, Swiss FADP, and other applicable laws

You have the following rights:

  • Right of access (Art. 15 GDPR) – obtain confirmation of whether we process your data and request a copy.
  • Right to rectification (Art. 16 GDPR) – correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten,” Art. 17 GDPR).
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR).
  • Right to object (Art. 21 GDPR), including to profiling and automated decision-making (Art. 22 GDPR).
  • Right to withdraw consent at any time when processing is based on consent.
  • Right to lodge a complaint with a supervisory authority in the EU/EEA, UK, or Switzerland.

Requests can be made via hello@hoopit.ai. We will respond in accordance with GDPR timelines.

International Data Transfers

Hoopit AI is headquartered in the United States. When transferring personal data outside of the EEA, UK, or Switzerland, we implement appropriate safeguards as required by law:

  • Transfers to the U.S. may rely on the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework (where applicable).
  • Where these do not apply, we use Standard Contractual Clauses (SCCs) approved by the European Commission and equivalent instruments in the UK and Switzerland.

A copy of these safeguards can be requested at hello@hoopit.ai.

Other sites and services

The Service may contain links to third party websites, mobile applications, and other online services operated by third parties. In addition, our Service may be integrated into web pages or other online services that we do not control or are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions, nor are they subject to this Privacy Policy. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Children

The Service is not intended for use by anyone under 13 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us at hello@hoopit.ai. If we learn that we have collected personal information through the Service from a child without the consent of the child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.

How to Contact Us