hot.dev logo
Coming Soon
Light Dark

Legal Documents

Terms Privacy DPA License Self-Host

Hot Dev Privacy Policy

Last Updated: November 27, 2025

Hot Dev, LLC ("Hot Dev," "Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (https://hot.dev), applications, and services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

1. INFORMATION WE COLLECT

1.1 Information You Provide

Account Information: When you create an account, we collect:

  • Name
  • Email address
  • Password (stored in hashed form)
  • Organization/company name (if applicable)

Billing Information: When you subscribe to paid services, we collect:

  • Payment method details (processed by our payment processor, Stripe)
  • Billing address
  • Invoice history

Content and Data: When you use our Services, we collect:

  • Workflow code and configurations you create
  • API calls and webhook data you process through the Services
  • Files you upload to the Services
  • Support tickets and communications with us

Communications: When you contact us, we collect:

  • Email correspondence
  • Support requests
  • Feedback and survey responses

1.2 Information We Collect Automatically

Usage Data: We automatically collect information about how you use the Services:

  • Features accessed and actions taken
  • Workflow execution statistics (counts, durations, success/failure rates)
  • API usage and rate limit data
  • Error logs and diagnostic data

Device and Connection Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Time zone and language settings

Cookies and Tracking Technologies:

  • Session cookies (required for authentication)
  • Preference cookies (to remember your settings)
  • Analytics cookies (to understand usage patterns)

See Section 6 for more information about cookies.

1.3 Information from Third Parties

OAuth Providers: If you sign in using Google or GitHub, we receive:

  • Your name and email address
  • Profile picture (if available)
  • Unique identifier from the OAuth provider

Payment Processor: Stripe provides us with transaction status and basic payment details (we do not receive or store full credit card numbers).

2. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

2.1 Providing and Improving the Services

  • Create and manage your account
  • Process your workflows and execute your code
  • Provide customer support
  • Send service-related notifications (e.g., password resets, security alerts)
  • Monitor and improve Service performance and reliability
  • Develop new features and services

2.2 Billing and Payments

  • Process subscription payments
  • Send invoices and receipts
  • Manage subscription status and renewals
  • Enforce usage limits based on your plan

2.3 Communications

  • Respond to your inquiries and support requests
  • Send product updates and announcements (you may opt out)
  • Send marketing communications (with your consent, where required)

2.4 Security and Compliance

  • Detect and prevent fraud, abuse, and security threats
  • Enforce our Terms of Service and policies
  • Comply with legal obligations

2.5 Analytics and Improvement

  • Analyze usage patterns to improve the Services
  • Generate aggregate, anonymized statistics
  • Conduct research and development

3. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

ProviderPurposeData Shared
Amazon Web Services (AWS)Cloud infrastructureAll Service data (encrypted)
StripePayment processingBilling information, transaction data

All service providers are contractually obligated to protect your information and use it only for the specified purposes.

3.2 Third-Party Integrations

When you connect third-party services (e.g., OpenAI, Anthropic, Slack, email providers) through your workflows, your data is transmitted to those services according to their privacy policies. You control which integrations you enable and what data is sent.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

3.4 Business Transfers

If Hot Dev is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

3.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. DATA RETENTION

4.1 Account Data

We retain your account information for as long as your account is active. If you delete your account, we will delete your personal information within thirty (30) days, except as required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

4.2 Workflow Data

  • Active accounts: Workflow execution history is retained according to your Service Plan (typically 30-90 days for execution logs).
  • Deleted accounts: Workflow data is deleted within thirty (30) days of account deletion.

4.3 Backups

Backup copies may be retained for up to ninety (90) days for disaster recovery purposes.

4.4 Legal Obligations

We may retain certain information longer if required by law (e.g., tax records, fraud investigations).

5. DATA SECURITY

We implement appropriate technical and organizational measures to protect your information:

5.1 Technical Measures

  • Encryption in transit: All data transmitted to and from our Services uses TLS 1.2 or higher
  • Encryption at rest: Sensitive data is encrypted using AES-256
  • Access controls: Role-based access controls limit employee access to data
  • Infrastructure security: Hosted on AWS with SOC 2 Type II certified infrastructure

5.2 Organizational Measures

  • Security training for all employees
  • Regular security assessments and penetration testing
  • Incident response procedures
  • Vendor security reviews

5.3 Your Responsibilities

You are responsible for:

  • Maintaining the security of your account credentials
  • Not sharing your password or API keys
  • Reporting any unauthorized access immediately

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 Types of Cookies We Use

Cookie TypePurposeDuration
EssentialAuthentication, security, core functionalitySession
PreferencesRemember your settings (theme, language)1 year
AnalyticsUnderstand usage patterns2 years

6.2 Your Cookie Choices

  • Browser settings: Most browsers allow you to block or delete cookies
  • Opt-out: You can opt out of analytics cookies through your account settings
  • Essential cookies: Cannot be disabled as they are necessary for the Services to function

6.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

  • Access the personal information we hold about you
  • Receive a copy of your data in a portable format
  • Export your workflow data through the Services

7.2 Correction

You can update your account information at any time through the Services. Contact us if you need assistance correcting other data.

7.3 Deletion

You can delete your account through the Services or by contacting us. Upon deletion:

  • Your account will be deactivated immediately
  • Your data will be deleted within thirty (30) days
  • Some data may be retained as described in Section 4

7.4 Opt-Out

You can opt out of:

  • Marketing communications (via unsubscribe link or account settings)
  • Analytics cookies (via account settings)

7.5 Restriction and Objection

You may have the right to restrict or object to certain processing of your data. Contact us to exercise these rights.

8. INTERNATIONAL DATA TRANSFERS

8.1 Data Location

Our Services are hosted in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States.

8.2 Transfer Mechanisms

For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on:

  • Standard Contractual Clauses approved by the European Commission
  • Our Data Processing Addendum (available at https://hot.dev/dpa)

8.3 Adequacy

The United States does not have an adequacy decision from the European Commission. We implement appropriate safeguards as described above.

9. SPECIFIC JURISDICTIONS

9.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

  • Contract: Processing necessary to provide the Services
  • Legitimate interests: Analytics, security, service improvement
  • Consent: Marketing communications
  • Legal obligation: Compliance with laws

Additional Rights:

  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time

Contact: For GDPR inquiries, contact support@hot.dev

9.2 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request information about the categories of personal information we collect, the purposes for collection, and the categories of third parties with whom we share data.

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes.

Categories of Personal Information Collected:

  • Identifiers (name, email, IP address)
  • Commercial information (billing, transaction history)
  • Internet activity (usage data, browsing history on our Services)
  • Professional information (company name)

We do not sell personal information as defined by the CCPA.

To exercise your rights, contact us at support@hot.dev.

10. CHILDREN'S PRIVACY

The Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email to your registered email address
  • Displaying a notification in the Services

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

12. CONTACT US

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Hot Dev, LLC 1606 Headway Cir STE 9513 Austin, TX 78754 United States

13. ADDITIONAL RESOURCES

This Privacy Policy is available at https://hot.dev/privacy

↑ Back to top ← Back to Home