Privacy Policy
Last updated: February 23, 2026
Hikoo SAS (hereinafter "Hikoo", "we") attaches great importance to the protection of your personal data. This Privacy Policy aims to inform you about how we collect, use, share and protect your personal data, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and French Law No. 78-17 of January 6, 1978 ("Informatique et Libertés").
This policy applies to the marketing website www.tryhikoo.com and the application app.tryhikoo.com (hereinafter collectively "the Service").
1. Data Controller
The data controller for your personal data is:
- Hikoo SAS
- 4 rue Michel Luciani, 91330 Yerres, France
- SIREN : 100 812 817
- contact@tryhikoo.com
GDPR Officer / Data Protection Officer: Gabriel Toledano - contact@tryhikoo.com
2. Personal Data Collected
Depending on your use of the Service, we may collect the following categories of data:
2.1. Registration and Account Data
- Email address
- Full name
- Password
- Google identifier (when signing in via Google OAuth)
- Avatar URL
- User preferences (theme, language)
2.2. Billing Data
- Account type (individual, micro-entrepreneur, company, etc.)
- Name, first name and/or company name
- Legal form (if applicable)
- Full billing address
- Billing email
- SIREN number (if applicable)
- EU VAT number (if applicable)
- Tax identifier
Credit card data is processed exclusively by our payment provider Stripe and is never stored on our servers.
2.3. Service Usage Data
- Analyzed website data (URL, name, description, logo)
- Tracked competitor data (name, URL)
- Audit results, citations and search queries
- Generated content suggestions
2.4. Technical and Browsing Data
- Browser type and version
- Operating system
- Pages viewed and interactions on the Service
- Cookie data (see our Cookie Policy)
3. Purposes and Legal Bases
| Purpose | Legal basis |
|---|---|
| Creation and management of your user account | Performance of contract (Art. 6.1.b GDPR) |
| Provision of the Service (audits, citations, AI analysis) | Performance of contract (Art. 6.1.b GDPR) |
| Billing and subscription management | Performance of contract (Art. 6.1.b) and legal obligation (Art. 6.1.c) |
| Sending transactional emails (confirmation, password reset, payment notifications) | Performance of contract (Art. 6.1.b GDPR) |
| Error tracking and Service improvement (technical monitoring) | Legitimate interest (Art. 6.1.f GDPR) |
| Audience measurement and statistical analysis | Consent (Art. 6.1.a GDPR) |
| Service security (rate limiting, fraud prevention, access logs) | Legitimate interest (Art. 6.1.f GDPR) |
| Customer support (live chat) | Legitimate interest (Art. 6.1.f GDPR) |
| Compliance with legal and tax obligations | Legal obligation (Art. 6.1.c GDPR) |
4. Data Recipients
Your personal data may be shared with third-party service providers (processors) strictly as necessary to provide the Service. These processors operate in the following categories:
- Hosting and infrastructure (servers, database, backups)
- Payment processing and subscription management
- Transactional email delivery
- Error monitoring and application performance
- Analytics and audience measurement
- Customer support
- Authentication
- Artificial intelligence services
Our processors are located in the European Union or the United States. We ensure they provide appropriate data protection guarantees.
5. Data Transfers Outside the European Union
Some of our processors are located outside the European Union, particularly in the United States. These transfers are governed by the following safeguards:
- The EU-US Data Privacy Framework (DPF), recognized as providing an adequate level of protection by the European Commission (adequacy decision of July 10, 2023), for certified processors.
- Standard Contractual Clauses (SCCs) approved by the European Commission, for other processors.
6. Data Retention
We retain your personal data for as long as necessary to provide you with the Service, comply with our legal, accounting and tax obligations, and resolve any disputes.
The specific retention periods depend on the nature of the data and the reason for which it is collected and processed. The criteria we use include:
- How long the data is needed to provide the Service or operate our business.
- Whether there is a legal, accounting or tax obligation requiring a specific retention period.
- Whether the data is of a sensitive nature - sensitive data is subject to shorter retention periods.
- Whether specific consent has been provided for a longer retention period.
When we no longer have a legitimate business need or legal obligation to process your personal data, we will either delete or anonymise it. If this is not immediately possible (e.g., data stored in backup archives), we will securely isolate it from any further processing until deletion is possible.
7. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR) Obtain confirmation that data concerning you is being processed and receive a copy.
- Right to rectification (Art. 16 GDPR) Request the correction of inaccurate or incomplete data.
- Right to erasure (Art. 17 GDPR) Request the deletion of your data under the conditions provided by the GDPR.
- Right to restriction (Art. 18 GDPR) Obtain the restriction of processing of your data in certain circumstances.
- Right to data portability (Art. 20 GDPR) Receive your data in a structured, commonly used and machine-readable format.
- Right to object (Art. 21 GDPR) Object to the processing of your data based on legitimate interest.
- Right to withdraw consent Withdraw your consent at any time, without affecting the lawfulness of prior processing.
- Right to define post-mortem instructions Define instructions regarding the retention and communication of your data after your death.
To exercise these rights, contact our GDPR officer at contact@tryhikoo.com.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction.
These measures include encryption of data in transit, secure credential storage, regular backups, and strict access controls. Our infrastructure is hosted within the European Union.
No method of electronic transmission or storage is 100% secure. In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you in accordance with applicable regulations.
9. Cookies
Our use of cookies is detailed in our Cookie Policy.
10. Protection of Minors
The Service is not intended for persons under 16 years of age. We do not knowingly collect personal data from minors.
11. Policy Changes
We reserve the right to modify this Privacy Policy at any time. In the event of a substantial change, we will inform you by email or notification on the Service.
12. Contact
For any questions regarding this policy or the exercise of your rights:
- By email contact@tryhikoo.com
- By mail Hikoo SAS - GDPR Officer - 4 rue Michel Luciani, 91330 Yerres, France