// privacy

Privacy Policy

Effective July 8, 2026

Hijack (“Hijack,” “we,” “us,” or “our”) operates the press-operations platform at hijackpr.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the Service you agree to this policy.

1. Information we collect

  • Account information. When you create an account we process your name and email address through our authentication provider (Clerk). We do not store your password.
  • Content you create. Companies, campaigns, press releases, media lists, pitches, and related material you enter into the Service.
  • Google user data. If you choose to connect your Gmail account, we access certain Gmail data as described in the next section.
  • Usage & technical data. Standard log data (IP address, browser type, timestamps) and in-product events used to operate and improve the Service.

2. Google user data & Limited Use

Connecting Gmail is optional and powers two features: sending pitch emails from your own address, and pulling replies to those pitches into your Signals inbox. When you connect, we request the following Google OAuth scopes:

  • gmail.send — to send pitch emails you compose, from your connected Gmail address.
  • gmail.readonly — to read replies to the pitches you sent so we can surface them as “Signals” and thread the conversation. We only read messages to identify and display replies relevant to your outreach.

We store the minimum data needed to provide these features (including message metadata and content necessary to display your reply threads) and your OAuth tokens. We do not sell Google user data, use it for advertising, or use it to train generalized AI or machine-learning models.

Limited Use disclosure

Hijack’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we (a) only use Google user data to provide and improve the user-facing features described above; (b) do not transfer or sell this data except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition; (c) do not use the data for serving advertisements; and (d) do not allow humans to read the data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (such as investigating abuse) or to comply with applicable law, or the data is aggregated and anonymized.

3. How we use information

We use the information we collect to operate, maintain, and improve the Service; to send and track your outreach; to surface replies and engagement; to provide support; to secure the Service and prevent abuse; and to comply with legal obligations.

4. How we store and protect data

OAuth access and refresh tokens are encrypted at rest before being stored. We host data with reputable infrastructure providers (including Amazon Web Services and Neon) and restrict access to authorized personnel. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your information.

5. Sharing and disclosure

We do not sell your personal information. We share data only with service providers that help us run the Service (for example, authentication, hosting, email delivery, and AI processing of content you submit), and only as needed to perform their functions; when required by law; or in connection with a merger, acquisition, or sale of assets. Google user data is handled per the Limited Use disclosure above.

6. Data retention and deletion

You can disconnect Gmail at any time from your company settings, which revokes our stored tokens and stops all further access. You may also revoke Hijack’s access directly from your Google Account permissions. To delete your account and associated data, contact us at privacy@hijackpr.com. We retain data only as long as needed to provide the Service or meet legal requirements.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information. To exercise these rights, contact us at privacy@hijackpr.com.

8. Third-party services

The Service relies on third parties including Google (Gmail), Clerk (authentication), Amazon Web Services and Neon (infrastructure), and AI model providers used to generate and analyze content. Their handling of data is governed by their own privacy policies.

9. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above and, where appropriate, by additional notice.

10. Contact us

Questions about this policy or your data? Email privacy@hijackpr.com.