HQ ("HQ," "we," "us") operates the HQ creative-operations platform at use-hq.com (the "Service"). This Privacy Policy explains what personal and organizational data we collect, how we use it, who we share it with, and your rights. It applies to everyone who visits our website or uses the Service.
When you sign up, we collect your name, email address, and (optionally) a profile photo. We store this in our database, linked to your account.
When you create or join a team workspace, we store: the team name, your role within the team, and team-level settings (task destination, intake form configuration, brand guidelines, feature flags).
We store the content you put into the Service: intake-form responses (creative requests), generated brief text, template entries, brand assets (colors, tagline, uploaded logo/images), and other content you create or upload. This content is owned by you and is scoped to your team — no other team can see it.
When you connect a third-party tool (Google, Slack, Monday.com, Asana, Linear, Canva, Figma), we store:
We do not store the OAuth token itself in our database; it lives in Pipedream (see §3).
We automatically collect: IP address, browser/device type, pages visited, timestamps of actions, and error logs. This is standard web-service telemetry used to operate and improve the Service.
We use Stripe to process payments. When you subscribe, you provide payment information directly to Stripe — we never see or store your raw card data. We do store your Stripe customer ID, subscription status, and billing history to manage your account.
We use minimal cookies: session cookies to keep you logged in, and functional cookies set by our hosting stack. We do not use advertising or tracking cookies.
We use the data we collect to:
We do not use your data to train AI models, sell it to third parties, or use it for advertising.
We share data only as described below. We do not sell your data.
These are companies that process data on our behalf to deliver the Service:
| Sub-processor | Role | Location |
|---|---|---|
| Supabase, Inc. | Database, authentication, and file storage | US |
| Vercel, Inc. | Web hosting and CDN | US and edge |
| Pipedream, Inc. | Stores and manages OAuth tokens for your connected tools (Google, Slack, Monday, Asana, Linear, Canva, Figma) — encrypted at rest | US |
| Stripe, Inc. | Payment processing | US |
| Resend, Inc. | Transactional email delivery | US |
When you connect Google, Slack, Monday.com, Asana, Linear, Canva, or Figma to HQ, the Service reads from and writes to those platforms on your behalf (creating documents, tasks, and messages). The data sent to or received from those platforms is governed by their own privacy policies. We access only the data required to perform the action you requested.
We may disclose your data if required by law, court order, or government request, or when necessary to protect the safety of our users or the integrity of the Service. We will notify you where legally permitted.
If HQ is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you by email and/or a prominent notice in the Service before your data becomes subject to a different privacy policy.
| Data type | Retention period |
|---|---|
| Account and team data | Retained while active + 90 days after deletion request or subscription lapse |
| Intake submissions and artifacts | Life of subscription + 30 days after cancellation or termination |
| Usage logs and telemetry | 90 days rolling |
| Payment records | 7 years (tax/legal compliance) |
| Backups | 30 days rolling |
You may request deletion of your data at any time by emailing hello@use-hq.com. Upon a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law.
Depending on where you are located, you may have the following rights regarding your personal data:
To exercise any of these rights, email hello@use-hq.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
We use cookies to keep you logged in and to make the Service function properly. We do not use cookies for advertising tracking. You can clear cookies in your browser settings; note that doing so will log you out of the Service.
The Service is not directed to anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us at hello@use-hq.com and we will delete it.
Our sub-processors are primarily located in the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses or other lawful transfer mechanisms where required.
We may update this Privacy Policy. If a change is material, we will give at least 30 days' notice by email and/or a prominent notice in the Service. Your continued use after the notice period constitutes acceptance.
For privacy questions, data requests, or to report a concern, email us at hello@use-hq.com.