Privacy Policy

Privacy

How heyLooAI handles your data

Plain-English policy for our site, newsletter, and optional accounts.

> ⚠️ **Disclaimer about this template:** This is a starting policy that covers the common bases for a content site running affiliate links + Google AdSense + a newsletter. It is **not** legal advice. If you’re operating in the EU, UK, or California and earn meaningful revenue, have a lawyer review it. We recommend Termly.io’s free generator or iubenda for a fully auditable version when you scale.

Who we are

heyLooAI is a website published at https://heylooai.com, owned and operated by [Your Name / Your Business Name], registered in [Country]. You can reach us at `partners@heylooai.com`.

For the purposes of GDPR, [Your Name / Business] is the **data controller** for personal data collected through this site.

What information we collect

### Information you give us directly

  • **Newsletter subscription:** your email address, and if you provide it, your first name
  • **Contact form / email:** any information you choose to send us
  • **Comments:** your name, email (not published), website (optional), and the comment itself

### Information we collect automatically

  • **Analytics:** anonymized page views, device type, browser, country, and referrer (via [Plausible / Cloudflare Web Analytics / Google Analytics 4 — pick one])
  • **Cookies:** see Cookie Policy section below
  • **IP address:** logged by our hosting provider (Hostinger) for security purposes only, retained 30 days

We do **not** collect: payment information (we have no checkout), precise location, sensitive personal data, or anything from minors knowingly.

Why we collect it (legal basis under GDPR)

| Data | Why | Legal basis |

|—|—|—|

| Newsletter email | To send you our newsletter | Consent (opt-in) |

| Contact info | To respond to you | Legitimate interest |

| Comments | To display them publicly | Consent |

| Analytics | To improve the site | Legitimate interest |

| Affiliate click tracking | To attribute commissions | Legitimate interest |

Cookies and tracking

We use the following cookie categories:

  • **Essential** (always on): WordPress session, cookie consent record
  • **Analytics** (opt-in): [GA4 / Plausible] for understanding traffic patterns
  • **Affiliate** (opt-in): Pretty Links click attribution, Amazon Associates session
  • **Marketing** (opt-in): only if/when we add retargeting (currently: none)

You can manage your cookie preferences any time using the “Cookie Settings” link in the footer.

Who we share data with

We share data only with the following processors, and only to the minimum necessary:

  • **MailerLite** (newsletter delivery) — privacy policy: https://www.mailerlite.com/legal/privacy-policy
  • **Cloudflare** (CDN + security) — privacy policy: https://www.cloudflare.com/privacypolicy/
  • **Hostinger** (hosting) — privacy policy: https://www.hostinger.com/privacy-policy
  • **Google** (AdSense, if active) — privacy policy: https://policies.google.com/privacy
  • **Akismet** (spam filter) — privacy policy: https://automattic.com/privacy/

We never sell your data. We never share with data brokers. If we add a new processor, we’ll update this list before they start receiving data.

Your rights

Under GDPR, CCPA, and similar laws, you have the right to:

  • **Access** the personal data we hold about you
  • **Correct** inaccurate data
  • **Delete** your data (subject to legal retention requirements)
  • **Object** to processing
  • **Withdraw consent** at any time (e.g., unsubscribe from the newsletter)
  • **Data portability** — receive your data in a portable format
  • **Lodge a complaint** with your data protection authority

To exercise any of these, email `partners@heylooai.com`. We respond within 30 days.

How long we keep data

  • **Newsletter:** until you unsubscribe, then deleted within 30 days
  • **Comments:** indefinitely (you can request deletion any time)
  • **Contact emails:** 2 years
  • **Analytics:** aggregated and anonymized after 14 months
  • **Server logs:** 30 days

Children’s privacy

heyLooAI is intended for users aged 16 and older. We don’t knowingly collect data from children. If you believe a child has provided us data, email us and we’ll delete it.

Security

We use HTTPS site-wide, strong passwords, 2FA on all admin accounts, and a managed hosting environment. No system is 100% secure — but we use industry-standard practices to protect your data.

Changes to this policy

If we make material changes, we’ll notify newsletter subscribers by email and post a notice on the site for 30 days. The “Last updated” date at the top always reflects the latest revision.

Contact us

For any privacy question, email `partners@heylooai.com`.