Skip to main content
HQ
HeadlessHQ
Request Access

Privacy Policy

Last updated: March 5, 2026

1. Information We Collect

When you use Headless HQ, we collect information you provide directly, including:

  • Account information (name, email address, organization name)
  • Ad platform credentials and OAuth tokens for connected services
  • Campaign data, creative assets, and performance metrics you import or generate
  • Messages and instructions you provide to AI agents
  • Usage data, including feature interactions and session information

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Headless HQ platform
  • Execute AI agent actions on your behalf (campaign management, analytics, creative generation)
  • Send transactional emails (password resets, approval notifications, account alerts)
  • Analyze usage patterns to improve our services
  • Detect and prevent fraud, abuse, or security incidents

3. Third-Party Services

Headless HQ integrates with third-party services to deliver its functionality. These include:

  • Ad Platforms — Meta, Google, and TikTok for campaign management
  • AI Providers — OpenAI for creative generation (text, image, video)
  • Cloud Infrastructure — Google Cloud Platform for hosting and task processing
  • Email — SendGrid for transactional email delivery

Each third-party service is governed by its own privacy policy. We only share the minimum data required for each integration to function.

4. Cookies & Local Storage

We use essential cookies and browser local storage to maintain your authentication session and store application preferences. We do not use third-party tracking cookies or advertising pixels. Session tokens are stored as secure, HTTP-only cookies where possible.

5. Data Retention

We retain your account data for as long as your account is active. Campaign data and agent conversation history are retained for up to 24 months after last access. You may request deletion of your account and associated data at any time by contacting us.

6. Security

We implement industry-standard security measures including encrypted data transmission (TLS), hashed passwords (bcrypt), rate-limited authentication endpoints, and secure OAuth token storage. Platform credentials are encrypted at rest and never exposed through our API.

7. Your Rights

You have the right to access, correct, or delete your personal data. You may also request a portable copy of your data or withdraw consent for optional data processing. To exercise any of these rights, contact us at the address below.

8. Contact

For privacy-related inquiries, contact us at hello@headlesshq.com.