1. Introduction

Welcome to Hotdrop ("we," "us," "our," or "Hotdrop"). Hotdrop is operated by Ampium LLC, a limited liability company with its principal place of business at 1085 Herkness Drive, Meadowbrook, PA 19046.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered content optimization platform (the "Service"). By accessing or using Hotdrop, you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, name, password, and profile information
• Voice Profile Information: Professional role, industry, target audience, unique value proposition, company name, LinkedIn profile URL, and example content you provide to train your personalized writing style
• Content Data: LinkedIn posts, emails, comments, and other content you submit for optimization or generation
• Payment Information: Billing details are processed by our third-party payment processor. We do not store complete payment card information on our servers
• Support Communications: Information you provide when contacting our support team, including issue descriptions and screenshots

2.2 Information Collected Automatically

• Usage Data: Information about how you interact with the Service, including features used, credits consumed, and session activity
• Device Information: Browser type, operating system, IP address, device identifiers, and screen resolution
• Analytics Data: We use Google Analytics and similar services to understand usage patterns and improve user experience
• Style Learning Data: When you edit AI-generated content, we capture the differences between the AI output and your edits to improve personalized content generation. This data is stored locally on your device and in your account profile
• In-App Telemetry: Feature usage events (e.g., which tools are used and how frequently) collected to improve the Service
• Log Data: Server logs containing timestamps, actions performed, and system events

2.3 Cookies and Tracking Technologies

We use essential cookies for authentication and session management via Firebase Authentication. We also use analytics cookies (Google Analytics) to understand usage patterns and improve user experience. We do not use advertising cookies. For more information, see our Cookie Policy.

2.4 Calendar and Integration Data

If you choose to connect your Google Calendar, we request read-only access to your primary calendar. We collect the following data from your calendar:

• Event Details: Meeting titles, descriptions, and start/end times
• Attendee Information: Names and email addresses of meeting attendees

When you first connect your calendar, we sync up to 14 days of past events to establish your contact relationship history. Ongoing, we sync upcoming events within the next 48 hours. Synced event data is transient and is automatically deleted shortly after each meeting ends.

From your calendar attendees, we create contact and company records in your account to power meeting briefs and relationship insights. These records include attendee names, email addresses, and company information inferred from email domains. Contact and company records persist in your account until you manually delete them or request account deletion — they are not automatically removed when you disconnect your calendar.

You may disconnect your calendar at any time via Settings, which immediately revokes our access, deletes your OAuth token, and removes all synced event data from our systems.

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve the AI-powered content optimization features
• AI Processing: To process your content through third-party AI model providers to generate optimized outputs
• Meeting Intelligence: To generate pre-meeting briefs using publicly available signals from news and other open sources, combined with context you have submitted to Hotdrop, to help you prepare for meetings
• Account Management: To create and manage your account, including credit balance tracking and subscription management
• Communication: To send transactional emails, service updates, and respond to support requests
• Analytics: To understand usage patterns, identify bugs, and enhance user experience
• Compliance: To comply with legal obligations, enforce our Terms of Service, and protect against fraud or abuse
• Product Development: To develop new features and improve existing functionality

4. AI Model Processing and Data Sharing

4.1 Third-Party AI Providers

Your content (including LinkedIn posts, emails, meeting context, and other user-submitted text) is processed by third-party AI model providers, including but not limited to Google, OpenAI, Anthropic, and xAI. The specific provider and model used may vary based on the nature of your request, and we may change providers at any time to improve service quality.

These providers process your data in accordance with their own privacy policies. We use enterprise-grade APIs and do not authorize these providers to use your content for their own model training purposes.

4.2 Data Minimization

We only send the minimum necessary information to AI providers to fulfill your requests. We do not share your account credentials, payment information, or unnecessary metadata with AI providers.

4.3 Meeting Brief Research

For meeting brief features, our AI providers may gather context from publicly available sources such as news articles, press releases, company websites, and other open sources to enrich your meeting preparation. This publicly available information is combined with context you have submitted to Hotdrop (such as your voice profile and meeting details) to generate relevant briefs. Research results may be stored in your account as part of your contact and company relationship records.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party vendors who assist in operating our Service (e.g., cloud hosting via Google Cloud Platform, payment processing, email delivery via SendGrid for transactional and automated emails, and AI model providers as described in Section 4)
• Automated Emails: Automated meeting brief emails sent to you via SendGrid may contain information about your meeting attendees derived from your calendar data and publicly available sources
• Legal Requirements: When required by law, court order, or governmental regulation, or to protect our rights, property, or safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity
• With Your Consent: When you explicitly authorize us to share your information
• Organizational Access: If you are part of an organization or team account, designated administrators within your organization may have access to your usage data and content history

6. Data Retention

6.1 Active Account Data

• User Inputs: Raw inputs (post drafts, emails) are retained for 90 days and then automatically deleted
• Generated Outputs: AI-generated outputs are retained indefinitely unless you delete them manually or request account deletion
• AI-Generated Images: Images generated by the Service are retained for 30 days and then automatically deleted
• Contact & Company Records: Relationship intelligence records derived from calendar attendees and meeting briefs are retained until you manually delete them or request account deletion
• Style Learning Data: Personalization data derived from your edits to AI outputs is retained indefinitely to improve your experience, and is deleted upon account deletion
• Calendar Event Data: Synced calendar events are transient and automatically deleted shortly after each meeting ends
• Credit Ledger: Transaction records are retained indefinitely for auditing and billing purposes
• Account Information: Retained as long as your account is active

6.2 Deleted Account Data

When you request account deletion, your data enters a 7-14 day grace period during which deletion can be cancelled. After this period, all your personal data, including runs, outputs, and profile information, is permanently deleted from our systems.

6.3 Legal Retention

Certain data may be retained longer if required by law or to resolve disputes, even after account deletion (e.g., audit logs, payment records).

7. Your Privacy Rights

7.1 General Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and personal data (subject to a grace period)
• Data Portability: Export your AI generation history (inputs and outputs from the past 90 days) in a structured, machine-readable format (JSON). Contact us for a broader data summary
• Objection: Object to certain processing activities
• Withdraw Consent: Withdraw consent for optional data processing activities

7.2 How to Exercise Your Rights

To exercise these rights, contact us at privacy@hotdrop.ai or use the privacy controls in your account settings:

• Data Export: Export your AI generation history via Settings → Privacy & Data → Export My Data. For a broader data summary, contact privacy@hotdrop.ai
• Account Deletion: Available via Settings → Privacy & Data → Delete My Account

7.3 European Union (GDPR) Rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR). See our GDPR Compliance page for details.

7.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA). To submit a CCPA request, email privacy@hotdrop.ai with "CCPA Request" in the subject line.

8. International Data Transfers

Hotdrop is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For EEA, UK, and Swiss users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to third countries. By using the Service, you consent to the transfer of your information to the U.S. and other jurisdictions.

9. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: Data in transit is encrypted using TLS/SSL; sensitive data at rest is encrypted
• Access Controls: Role-based access controls limit who can access your data
• Secure Infrastructure: Hosted on Google Cloud Platform with enterprise-grade security
• Regular Audits: Security reviews and vulnerability assessments

However, no method of transmission or storage is 100% secure. You use the Service at your own risk.

10. Children's Privacy

Hotdrop is not intended for users under 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that a user is under 18, we will promptly delete their account and associated data. If you believe a minor has provided information to us, contact us immediately at privacy@hotdrop.ai.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date and notify you via email or in-app notification. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: privacy@hotdrop.ai
Mail: Ampium LLC, Attn: Privacy Team, 1085 Herkness Drive, Meadowbrook, PA 19046
Support: Available via the "Report an Issue" feature in the app (business hours only)