Legal

Privacy Policy.

Last updated: 18 May 2026

1. Who we are

Hooklyne is a B2B sales intelligence service based in the Netherlands. We help sales teams find relevant reasons to reach out to prospects and write personalised outreach in the sender's voice. References to "Hooklyne", "we", "us", or "our" in this policy refer to the entity operating this service.

For questions about this policy or your personal data, contact us at: privacy@hooklyne.com

2. Data we collect about website visitors

When you visit this website we may collect:

  • Information you submit via our contact form: name, company, email address, and message
  • Basic technical data your browser sends automatically: IP address, browser type, pages visited, and referrer

We use Google Analytics and Microsoft Clarity to measure how visitors use this website. Microsoft Clarity records anonymised interaction data (clicks, scrolls, mouse movement) to help us identify usability issues, with input field content masked by default. Analytics tools are only loaded if you accept cookies via the banner. Data is processed by Google LLC and Microsoft Corporation respectively and may be transferred outside the EEA under standard contractual clauses. We do not use advertising trackers or cross-site tracking.

3. How we use your data

  • Contact form submissions - to respond to your enquiry and, if you become a customer, to manage your account. Legal basis: contract performance or legitimate interests.
  • Technical data - to keep the website secure and functioning correctly. Legal basis: legitimate interests.

4. Prospect data - our service

Hooklyne's core service involves researching and preparing outreach for B2B sales prospects on behalf of our customers. In doing so, we process personal data relating to business contacts (such as name, business email address, job title, company, and publicly available business activity).

This data is sourced from publicly available business sources and third-party business data providers who operate under their own lawful basis for making such data available. We process this data only to the extent necessary to deliver our service and only retain it for as long as required for the relevant outreach activity.

Role under GDPR: Hooklyne acts as a data processor on behalf of its customers, who are the data controllers. Our customers determine the purpose and scope of the outreach. We process data only on documented instructions from customers and in accordance with a Data Processing Agreement (DPA), which is incorporated into the terms of service accepted upon first use of the portal. A copy of our DPA is available on request to privacy@hooklyne.com.

Lawful basis for B2B prospecting: B2B outreach directed at individuals in their professional capacity is generally permitted under Article 6(1)(f) GDPR (legitimate interests), provided the outreach is relevant, proportionate, and individuals can easily opt out. Our customers are responsible for ensuring their outreach meets these requirements.

5. Customer account data

When you sign up for a Hooklyne account we store information needed to run the service for you:

  • Identity and login - email address, password hash, language preference, and your team membership and role (Manager or Member).
  • Product state - small flags so the portal works the same on every device you sign in from: when you finished the product tour, when you last opened the "What's new" page, which mail app you chose for the "Open in email" button (default, Gmail or Outlook), and your notification preferences.
  • Notification preferences - a per-user JSON record of which lifecycle emails you want to receive (signal alerts, prospect-ready, meeting-prep-ready, morning brief, weekly digest, team alerts for Managers, drop-off recovery nudges, and escalation updates). All preferences default to on and can be changed at any time on the Settings page.
  • Billing mirror - we keep a copy of a small set of Stripe fields on your account row so the portal can show the right plan, renewal date and status without round-tripping to Stripe on every page. These fields include your Stripe customer and subscription IDs, subscription status, plan, billing interval, current period end, cancel-at-period-end flag, trial end date, and whether your account is on manual invoicing. Stripe remains the source of truth for billing data; the mirror is updated by Stripe webhooks and used only for in-product chrome and access decisions.

Legal basis: contract performance (to run the service you signed up for) and our legitimate interests (to keep the portal usable and your account secure).

6. Team management

Hooklyne supports multi-seat teams. Managers can invite colleagues by email, change their role between Manager and Member, and remove members. When a workspace sets an allowed email domain, invitations sent to other domains are refused. Removed members are soft-deleted (their row is marked inactive) so that prospect history and audit trails stay intact.

The visible data per team member is name, email, role and membership status (invited, active, removed). Members can leave a workspace by contacting their Manager or our support team.

7. Automated emails and how to opt out

The portal sends a small set of operational and product emails: account confirmation and password resets, lifecycle nudges (a signup nudge after seven days and a wizard nudge after three days if you haven't finished setup), workspace digests (morning brief, weekly digest), per-lead notifications (signal alerts, prospect-ready, meeting-prep-ready), team alerts for Managers, and escalation updates when a lead is sent to admin review.

Every product email contains a link to your notification settings. Lifecycle nudges and escalation updates can each be switched off independently on the Settings page; the other categories can be switched off the same way. Account confirmation, password reset and billing receipts are transactional and are always sent.

8. Prospect data we collect on your behalf

When you ask Hooklyne to research a company or find a contact, our engine queries public business sources and our third-party data providers and writes the result to your workspace. The data we may collect for a prospect includes company name and domain, role title, LinkedIn profile URL, and a verified business email address.

For each contact-finding run we also keep an internal forensic record (the pool of candidates considered, the matching tier assigned to each, parse signals and grounding) in a separate audit table. This audit data is retained for debugging, quality assurance and dispute resolution. It is not used for marketing and is not exposed to other customers.

Anonymized previews: during the contact-evaluation step the portal deliberately hides candidate names and LinkedIn URLs until you commit a credit to reveal a specific candidate. This is a fairness measure to keep the service from being used purely to browse our underlying data. Anonymized previews are not a basis for a refund.

Legal basis: legitimate interests under Article 6(1)(f) GDPR for B2B sales prospecting. You are the sender of the outreach; Hooklyne acts as a data processor for the prospect data in your account.

9. If you are a prospect - your rights

If you have received outreach generated through Hooklyne and wish to be removed from the sender's prospect list, you can contact the sender directly or email us at privacy@hooklyne.com. We will pass your request to the relevant customer and ensure your details are suppressed.

Under GDPR you have the right to: access your data, correct inaccuracies, request erasure, restrict processing, and object to processing based on legitimate interests. To exercise any right, email us at the address above.

10. Sub-processors

We rely on a limited set of third-party processors to deliver our service: infrastructure and hosting providers, business contact data providers, email verification services, and language-model providers used for research and drafting. Each is bound by a written data processing agreement with us.

A current list of sub-processors, including their function and processing location, is available on request to privacy@hooklyne.com and is provided as part of our DPA. We notify customers in advance of any material change to this list and allow reasonable objection before a new sub-processor is engaged.

11. International transfers

Hooklyne is operated from the Netherlands and primary processing of customer and prospect data takes place within the European Economic Area. Some of our sub-processors, including certain language-model and analytics providers, are established outside the EEA (notably in the United States).

Where personal data is transferred outside the EEA, the transfer is covered by the European Commission's Standard Contractual Clauses and, where applicable, supplementary measures such as encryption in transit and at rest, limited data minimisation, and contractual restrictions on further use. We do not sell personal data.

12. Retention

Contact form data is retained for as long as needed to manage the enquiry or customer relationship, and no longer than 3 years after last contact. Prospect data is retained only for the duration of active outreach campaigns and deleted upon customer request or contract termination. Contact-finding audit records are retained for as long as the related workspace is active, for forensic debugging and dispute resolution.

13. Payment processing

Payments are processed by Stripe, Inc. Hooklyne does not store or have access to credit card or payment account numbers. When you make a payment, your card details are transmitted directly to Stripe's servers over an encrypted connection and never pass through Hooklyne's systems. Stripe processes your payment data as a data processor on Hooklyne's behalf under a Data Processing Agreement. Stripe may process personal data outside the EEA; where this occurs, Standard Contractual Clauses apply. For details on how Stripe handles your data, see stripe.com/privacy.

14. Cookies

We use functional cookies and, with your consent, Google Analytics cookies to measure site usage. See our Cookie Policy for details.

15. Changes to this policy

We may update this policy when our practices change. Material changes will be communicated via the website. The date at the top of this page reflects the most recent revision.

16. Complaints

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl

Native NL + EN
No CRM required
GDPR · EU-native
No contract, try anytime

Free trial

Try 10 prospects, free.

Ten fully built prospects. Verified contacts, real signals, messages in your voice. No card, no commitment.

Try for freeSee pricing