This Privacy Policy explains how HitCue collects, uses, discloses, and protects personal data when you use our app, website, and related services.
By creating an account, uploading content, or otherwise using HitCue, you acknowledge this Privacy Policy.
1. Controller
For the purposes of applicable data protection law, the controller of the personal data processed through the service is Davide Deponti, operating HitCue, unless otherwise stated.
If you have questions about this Privacy Policy or want to exercise your privacy rights, you can contact us at: support@hitcue.app
2. Personal Data We Collect
We may collect and process the following categories of personal data:
Account and identity data
- name, email address, login credentials, account identifiers, and authentication data;
- profile information you choose to provide;
- information received from sign-in or identity providers if you use third-party login methods.
Content and rehearsal data
- scripts, text, notes, prompts, recordings, uploads, and other materials you submit to HitCue;
- collaboration data, such as shared notes, shared recordings, invite link metadata, script membership data, and information about users with whom content is shared;
- metadata relating to uploaded content, such as file names, timestamps, processing status, and usage context.
Technical and usage data
- device information, app version, browser type, operating system, language, IP address, approximate location derived from technical data, and crash or diagnostics data;
- log data, session activity, feature usage, timestamps, and interactions with the service.
Support and communications data
- messages you send to support, feedback, survey responses, and other communications with us.
We may also generate internal service data, such as processing results, moderation flags, performance metrics, or system records linked to your use of HitCue.
3. How We Use Personal Data
We use personal data to:
- create and manage user accounts;
- provide the core functionality of HitCue, including script upload, storage, organization, rehearsal tools, and account features;
- process content using AI-assisted or automated tools;
- authenticate users, secure the service, prevent abuse, and investigate incidents;
- provide customer support and respond to requests;
- monitor performance, debug issues, maintain logs, and improve reliability;
- improve, develop, and optimize HitCue and related features;
- comply with legal obligations, enforce our terms, and protect our rights, users, and third parties.
4. Legal Bases for Processing
Where the GDPR applies, we process personal data on one or more of the following legal bases:
- performance of a contract, where processing is necessary to provide HitCue to you;
- legitimate interests, such as securing, maintaining, improving, and administering the service, preventing misuse, and supporting our business operations;
- compliance with legal obligations;
- consent, where required by law for specific processing activities.
Where we rely on legitimate interests, we assess those interests against your rights and freedoms as required by law.
5. AI Processing and Third-Party Providers
HitCue may use third-party service providers to operate the service, including cloud hosting providers, storage providers, authentication providers, analytics or monitoring providers, customer support tools, and AI providers.
To provide AI-assisted features, personal data and user-submitted content may be transmitted to or processed by external AI providers and cloud infrastructure providers. This may include scripts, prompts, notes, related metadata, and technical information necessary to generate, structure, analyze, or return outputs.
We use third-party providers because certain parts of the service depend on infrastructure and systems that we do not operate ourselves. While we select providers carefully and seek to use contractual, technical, and organizational safeguards that are appropriate for the service, we do not control every aspect of third-party systems, infrastructure, sub-processors, or security operations.
Accordingly, where your data is processed by third-party providers, their systems, availability, and security controls may affect the service. We do not make any promise that third-party systems will be error-free, continuously available, or immune from security incidents.
6. Data Sharing
We may disclose personal data:
- to service providers and processors acting on our behalf;
- to AI, hosting, cloud, storage, authentication, analytics, and support providers as needed to operate HitCue;
- to other users, cast members, collaborators, or invite recipients when you choose to share scripts, notes, recordings, invite links, or other materials through HitCue;
- where necessary to comply with law, regulation, court order, or lawful request from a public authority;
- where necessary to establish, exercise, or defend legal claims;
- in connection with a merger, acquisition, financing, asset sale, or similar transaction, subject to appropriate safeguards where required.
We do not sell personal data in the ordinary meaning of the term.
If you choose to use collaboration or sharing features, some of your personal data and content may become visible to other users as part of that functionality. This may include your display name, shared scripts, notes, recordings, comments, activity related to shared scripts, and other collaboration-related metadata. You are responsible for deciding whether to share content and with whom to share it.
7. International Transfers
Your personal data may be processed in countries outside the European Economic Area, including countries whose data protection laws may not provide the same level of protection as those in your country.
This may happen, for example, when our AI providers, cloud providers, or other service providers store, access, or process data from infrastructure or personnel located outside the EEA.
Where required by applicable law, we rely on lawful transfer mechanisms for such transfers, including:
- adequacy decisions issued by the European Commission; or
- appropriate safeguards such as the European Commission's Standard Contractual Clauses, together with supplementary measures where appropriate.
Even where such safeguards are used, international transfers can involve residual risks, including the possibility that public authorities in foreign jurisdictions may access data under local law.
8. Data Retention
We keep personal data for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate interests.
In general:
- account and service data may be retained while your account remains active;
- uploaded content and related records may remain available until you delete them, request deletion, or the account is deleted, subject to operational and legal retention needs;
- logs, diagnostics, and security records may be retained for shorter periods or longer where needed for security, abuse prevention, compliance, or incident investigation;
- backup copies may persist for a limited period before being overwritten or deleted in the ordinary course of operations.
9. Security
We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction.
These measures may include access controls, authentication safeguards, logging, provider security features, data segregation, and processes intended to support confidentiality, integrity, and availability.
However, no method of transmission over the internet, cloud infrastructure, mobile network, or electronic storage is completely secure. For that reason, we cannot guarantee absolute security, uninterrupted protection, or that unauthorized access, loss, misuse, or disclosure will never occur.
10. Important Notice About Security and Liability
Because no system is 100% secure, you use HitCue with that understanding. To the maximum extent permitted by applicable law, we will not be liable for unauthorized access, loss, corruption, interception, or disclosure of data caused by:
- vulnerabilities, outages, or security incidents affecting third-party providers or telecommunications networks;
- actions or omissions outside our reasonable control;
- misuse of your account credentials or failure to keep them confidential;
- malicious acts by third parties that could not reasonably be prevented despite appropriate measures.
This does not apply to the extent a loss is directly caused by our fraud, willful misconduct, gross negligence, or any other matter for which liability cannot be excluded or limited under applicable law.
11. Your Rights
Depending on your location and applicable law, you may have the right to:
- access your personal data;
- request rectification of inaccurate or incomplete data;
- request deletion of your personal data;
- request restriction of processing;
- object to certain processing;
- request portability of data you provided to us, where applicable;
- withdraw consent where processing is based on consent, without affecting prior lawful processing;
- lodge a complaint with a competent supervisory authority.
We may need to verify your identity before acting on a request. Some rights are subject to legal limitations or exceptions.
12. Children
HitCue is not intended for children under the age at which they can lawfully consent to the relevant data processing under applicable law. If you believe a child has provided personal data unlawfully, contact us so we can review the situation.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the app, website, or other reasonable means.
The updated version will apply from its stated effective date.
14. Contact
For privacy requests or questions, contact: support@hitcue.app