Skip to content

Privacy Policy

Last updated: March 1, 2026

1. Overview

Hookset Inc. (“Hookset,” “we,” or “us”) provides booking management and guide allocation software for fishing lodges. This policy explains what data we collect, how we use it, and your rights regarding that data.

We have designed Hookset with a clear principle: guest data belongs to the lodge, not to us. We act as a data processor on behalf of lodges: we store and process guest information only to provide the service, not for our own business purposes.

2. Data We Collect

Lodge Accounts

When you create a lodge account, we collect your name, email address, lodge name and contact information, and billing details (processed by Stripe; we do not store card numbers). We use this to provide and bill for the service.

Guest Data

Guest records (names, email addresses, phone numbers, trip preferences, gear sizes) are created and managed by lodges. This data is stored in your lodge's account and is visible only to you and your authorized team members. We do not use guest data for any purpose other than delivering the platform features you use.

Usage Data

We collect anonymized product usage data via PostHog, configured in cookieless mode. This helps us understand which features are being used and improve the product. No personal identifiers are attached to this analytics data, and no cookie banner or consent prompt is required.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the Hookset platform
  • Send transactional emails (booking confirmations, prep form links, invoices)
  • Process subscription payments via Stripe
  • Respond to support requests
  • Detect and prevent fraud or misuse

We do not sell your data. We do not use your data for advertising. We do not share guest information with any third party except as described in this policy.

4. Guest Rights

Because guest data is controlled by lodges, guests who want to access, update, or delete their personal information should contact the lodge that holds their records. Lodges can export or delete guest data from the Hookset dashboard.

If a lodge is unresponsive or no longer operating, guests can contact us directly at privacy@gethookset.com and we will process deletion requests directly.

5. Cookies

Hookset uses minimal cookies. The only cookies we set are the Supabase authentication session cookies necessary to keep you logged in to the dashboard. These are strictly necessary session cookies: no tracking cookies, no advertising cookies.

Our analytics (PostHog) operates in cookieless mode and does not require a cookie consent banner under GDPR or similar regulations.

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing for subscriptions and lodge guest payments. Stripe's Privacy Policy governs their handling of payment data.
  • Resend: Transactional email delivery. Email content may pass through Resend's servers for delivery purposes only.
  • Supabase: Database and authentication infrastructure, hosted on AWS. Data is stored in the US by default.
  • PostHog: Product analytics in cookieless mode. No personal data is included in analytics events.

7. Data Retention

We retain your lodge account data for as long as your account is active. If you close your account, data is retained for 90 days to allow for recovery, then permanently deleted. You can request immediate deletion by contacting privacy@gethookset.com.

8. Security

We use industry-standard security practices including encryption in transit (TLS), encryption at rest, row-level security in the database, and regular security reviews. We do not store plaintext passwords.

9. Changes to This Policy

We may update this policy as our practices change. Material changes will be communicated to account holders by email. The date at the top of this page reflects when the policy was last revised.

10. Contact

Privacy questions and data requests: privacy@gethookset.com