Privacy Policy

Last updated: March 31, 2026

1. Information We Collect

We collect the following types of information:

  • Account data: Email address and authentication provider (Google, email/password) when you create an account.
  • Subscription data: Plan type, billing period, and payment status managed through Stripe. We do not store credit card numbers.
  • Usage analytics: Pages visited, features used, and general interaction patterns to improve the Service.
  • Device data: Browser type, operating system, and device type for compatibility purposes.

2. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process subscription payments through Stripe
  • Send service-related notifications (e.g., billing updates)
  • Analyze usage patterns to improve features and performance
  • Enforce our Terms of Service and prevent abuse

3. Data Storage

Your data is stored securely using the following services:

  • Supabase: Authentication data and application database, hosted on infrastructure with encryption at rest and in transit.
  • Stripe: Payment processing and subscription management. Stripe is PCI DSS Level 1 certified.
  • Vercel: Application hosting and serverless functions with automatic HTTPS.

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data with:

  • Service providers: Stripe (payments), Supabase (database), and Vercel (hosting) as necessary to provide the Service.
  • Legal compliance: When required by law or to respond to legal process.

5. Cookies

We use essential cookies for authentication through Supabase. These cookies are necessary for the Service to function and cannot be disabled. We do not use third-party advertising or tracking cookies.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Delete: Request deletion of your account and associated data through the Settings page.
  • Correct: Update your account information at any time.
  • Export: Request an export of your data in a machine-readable format.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

8. Contact

For privacy-related questions or requests, contact us at support@hothand.app.