Skip to content

Privacy Policy

This Privacy Policy explains how Hintible, Inc. ("Hintible," "we," "us," or "our") collects, uses, shares, and protects personal data when you visit our websites, use our apps (including the Hintible Conference App), embed or view our interactive videos, or otherwise interact with our Services.

If you do not agree with this Policy, do not use the Services. Capitalized terms not defined here have the meanings in our Terms of Use and/or Data Processing Addendum ("DPA").

Last updated: August 29, 2025

1. WHO WE ARE

Hintible, Inc. is a U.S. company headquartered in Pleasant Grove, Utah. We provide software that helps businesses create interactive video journeys and capture first‑party buyer signals that can be synced to customer systems like HubSpot.

Contact: legal@hintible.com (privacy & rights requests) • support@hintible.com (technical support)

2. SCOPE & ROLES (CONTROLLER VS. PROCESSOR)

Customer Content. Videos, images, prompts, scripts, forms, and any data our customers upload or create in the Services.

Viewer Data. Information generated when a viewer interacts with a Customer’s video (e.g., watch time, buttons clicked, form answers, timestamps, device/approximate location derived from IP, referrer URL).

Service Data. Operational data we collect to run and secure the Services (e.g., account profile, billing metadata from our payment provider, product telemetry and diagnostics, cookie/consent preferences, crash logs).

Roles.

  • For Customer Content and Viewer Data that we process on a Customer’s behalf, the Customer is the controllerand Hintible is the processor. We process that data only under the Customer’s instructions (e.g., your account configuration, API calls, and our DPA).

  • For our own websites, marketing, the Conference App we operate for our own events, and product telemetry, Hintible is the controller.

If you are a viewer of a Customer’s video or fill out a form presented by a Customer, please contact that Customer (the controller) to exercise your privacy rights. We will assist the Customer to respond to your request consistent with applicable law and our DPA.

3. WHAT WE COLLECT

We collect the minimum necessary to provide and improve the Services.

a) Data you provide

  • Account & profile. Name, work email, password (hashed), company, role.

  • Billing. Payment card details are processed by our third‑party payment processor; we receive limited billing metadata (e.g., last4, card type, expiry month/year, billing address).

  • Forms & prompts. Responses you or your viewers submit inside videos and forms (e.g., text answers, multiple‑choice selections, ratings).

  • Support. Messages, attachments, or screen recordings you send to support.

b) Data from your use of the Services

  • Product usage. Feature interactions, event telemetry, device/OS/browser, IP‑derived approximate location (city/region), referrer URL, session identifiers, crash diagnostics.

  • Viewer interactions. Video loads, watch time, buttons clicked, drop‑off points, form answers, CTA clicks, timestamps, playback device/OS/browser.

  • CRM connections (optional). If you connect HubSpot or other CRMs, we access and write only the fields you authorize (e.g., contact properties, engagement objects, lifecycle stages) and only as configured in your workspace.

c) Conference & events data (Conference App)

  • Registration. Name, email, company, role/title, event badge/QR ID.

  • In‑app activity. Sessions viewed or joined, scans of booth/table QR codes, interactions with in‑app videos and forms, and preferences you set.

  • Sources. Event organizers (where permitted), your scans of QR/NFC codes, and forms you fill inside the app.

d) Data from third parties

  • Identity providers (SSO), payment processors, customer support tools, error monitoring, analytics, and, if you choose, your CRM and calendar/meeting tools.

We do not knowingly collect sensitive categories unless you provide them to us in a free‑text field (please avoid sharing sensitive data in prompts or uploads).

4. HOW WE USE DATA

  • Provide the Services. Operate accounts, host and deliver videos, render interactive elements, sync signals to your configured systems, and provide support.

  • Improve and secure. Debugging, diagnostics, monitoring, incident response, quality assurance, and product development.

  • Communicate. Transactional notices (e.g., service, security, billing). Marketing communications with your consent or as permitted by law (you can opt out anytime).

  • Compliance. Prevent fraud/abuse, enforce terms, comply with law, and protect rights and safety.

  • Aggregated & de‑identified insights. We may create aggregated or de‑identified statistics about video engagement and product usage. These do not identify a person or Customer. We do not re‑identify aggregated/de‑identified data.

No sale or sharing for cross‑context behavioral ads. We do not sell or share personal information under U.S. state privacy laws. We honor browser Global Privacy Control / universal opt‑out signals and provide in‑product controls for cookies and targeted advertising preferences.

5. COOKIES, SDKs & CONSENT

We use cookies, local storage, pixels, and SDKs to:

  • Authenticate sessions and keep you logged in.

  • Measure product usage and video engagement.

  • Remember preferences (e.g., language, cookie choices).

Consent & privacy modes. Our player supports privacy‑respecting modes and consent flows. Until consent is obtained where required (e.g., EU/UK), the player can limit collection to anonymized metrics. You can control whether non‑essential cookies run by using our Cookie Settings (link in product/site footer) and, where applicable, a consent banner.

Your choices. Manage cookies in your browser and via Cookie Settings. We honor user‑enabled global opt‑out signals (e.g., GPC) for sale/share/targeted‑ads preferences. Some features may not work without certain cookies.

6. HOW WE SHARE DATA

We share personal data only with:

  • Service providers / subprocessors that host, process, or support the Services (e.g., cloud hosting/CDN, email, payments, analytics, customer support, AI transcription/summary vendors). We bind them by contract to use data only to provide services to Hintible.

  • Your integrations when you connect them (e.g., HubSpot) and only according to your configuration.

  • Professional advisors (lawyers, accountants) bound by confidentiality.

  • Compliance and safety disclosures when required by law or to protect rights, safety, and integrity of the Services.

  • Business transfers. If we are involved in a merger, acquisition, or asset sale, we will notify you of any change in control and your choices.

We do not permit AI vendors to use Customer Content to train their generalized models unless you (or we) enable a separate, explicit opt‑in.

7. INTERNATIONAL TRANSFERS

If you are outside the United States, your information may be transferred to and processed in the U.S. and other countries that may have different data protection laws. We use approved transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) and, where applicable, the UK IDTA. If we participate in the EU‑U.S. Data Privacy Framework, we will reflect that here and on our public listing.

8. DATA RETENTION

We keep data only as long as needed for the purposes in this Policy or as required by law. Typical retention periods:

  • Account & profile data: Life of the account + up to 90 days.

  • Product logs & telemetry: 12–18 months.

  • Backups: Rolling 30 days.

  • Support records & billing/legal records: As required by law or for legitimate business purposes.

When you delete content or close your account, we will delete or anonymize associated personal data within these windows; residual copies may persist in encrypted backups until overwritten.

9. SECURITY

We use technical and organizational measures such as encryption in transit and at rest, role‑based access controls, least‑privilege access, MFA for internal systems, network and application firewalls, regular vulnerability scanning, and vendor security reviews. No method of transmission or storage is 100% secure; we work continuously to protect your information.

10. YOUR RIGHTS & CHOICES

Depending on where you live, you may have the right to request access, correction, deletion, portability, or restriction/objection to certain processing. You can exercise rights by emailing legal@hintible.com or via our Data Request Form (link in product/site footer). We will respond within the timelines required by law (typically 45 days, extendable once by 45 days when reasonably necessary).

Appeals. If we deny your request, you may appeal by replying to our decision or submitting the appeal form (linked with our response). We will respond to appeals within the timeframe required by law (commonly 45–60 days) and provide information about contacting your local regulator if we deny the appeal.

Marketing opt‑out. You can unsubscribe from marketing emails via the link in those emails. Transactional and service‑related communications will still be sent.

Global opt‑out signals. We honor browser‑based opt‑out signals (e.g., GPC) for sale/share/targeted‑ads preferences.

If you are a Viewer of a Customer’s video, please contact the relevant Customer directly to exercise your rights. We will support the Customer in fulfilling your request.

11. CHILDREN

Our Services are intended for business use and are not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child provided personal data to us, contact legal@hintible.com and we will take appropriate action.

12. CHANGES TO THIS POLICY

We may update this Policy from time to time. We will post the updated version with a new "Last updated" date, and for material changes, we will provide additional notice (e.g., email or in‑product banner).

13. CONTACT US

If you have any questions or need to exercise your privacy rights, contact:

Hintible, Inc.
legal@hintible.com (privacy & rights)

support@hintible.com (support)

14. CALIFORNIA NOTICE AT COLLECTION (CPRA)

Categories collected. Identifiers (e.g., name, email, IP address), commercial information (plan, subscription status), internet/network activity (product usage, video interaction events), geolocation