Effective April 7, 2026 · Last Updated April 7, 2026
You own your data. We use it to serve you, not to sell you. Your data never trains anyone else's AI model. You can export or delete everything, anytime.
You give us directly: account information (email, creator type, revenue range, goals, challenges, platforms, business models), diagnostic responses (assessment answers, scores, reports, recommendations), work requests (name, email, service type, timeline, situation), and communications. Payment is processed entirely by Stripe — we never see or store card numbers.
We collect automatically: chat history (your Drag Bot conversations), usage data (feature interactions, timestamps, session patterns), and device/browser info for security.
We do not collect sensitive personal data or data from users under 18. Hot Mess OS is intended for users 18 and older only.
To generate diagnostic reports and AI recommendations, power Drag Bot responses, process payments, track your progress, send opted-in communications, and improve the platform using aggregated anonymized data only.
We never sell your data.
We never use your data to train AI models across accounts.
Baseline memory and personalization is the core product — accepted by using the service.
As Hot Mess OS evolves into a persistent second brain, advanced features (feedback loops, memory evolution, active learning layers) will always be opt-in, available to invited or power users.
When we identify patterns that could make Drag Bot more useful to you, we'll ask: “Want to see what we're noticing — and tell us if we're right?”
All memory is isolated per user, never crosses accounts, always exportable and deleteable.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database and authentication | supabase.com/privacy |
| Anthropic | AI model powering Drag Bot | anthropic.com/privacy |
| Stripe | Payment processing | stripe.com/privacy |
| Resend | Transactional email delivery | resend.com/legal/privacy-policy |
| Vercel | Hosting and deployment | vercel.com/legal/privacy-policy |
We share only the minimum data necessary for each service to function.
We retain your data for as long as your account is active, or two years from your last activity, whichever comes first. Deletion requests processed within 30 days.
Manage from Account → Data Controls.
Access, export, correct, delete, opt out, portability — all available from your account dashboard.
California residents (CCPA): right to know, right to delete, right to opt out of sale (we do not sell data). Contact: dragbot@hotmessos.tech
EU/EEA residents (GDPR): legal basis is legitimate interest and contract performance. Right to lodge complaint with local supervisory authority.
Data encrypted in transit (SSL/TLS) and at rest via Supabase. No card storage. Production access restricted to authorized personnel only.
Hot Mess OS is intended for users 18 and older. We do not knowingly collect data from minors.
Accounts discovered to belong to someone under 18 will be terminated and data deleted immediately.
We will notify you via email at least 14 days before material changes take effect.