Privacy Policy

Interface Labs Ltd, registered in England and Wales, 124 City Road, London, England, EC1V 2NX. We are the data controller for personal data processed through the Service. Reach us at help@hotpot.sh.

We process the following categories of personal data:

• Account data: your email address, chosen username, password hash (managed by our authentication provider), and account timestamps.
• Content data: prompts you submit, the generations we produce for you, iteration messages, saved workspace items, feedback (thumbs up/down, reports), and whether a generation is published.
• Usage data: events such as page views, generation runs, clicks on copy/download/share, and aggregate performance metrics. These are logged with metadata (timestamps, type flags, counts) but we do not include the body of your prompts or generated content in analytics events.
• Technical data: IP address, user agent, and cookies required for authentication and basic functionality.

We use personal data to:

• Operate the Service (authenticate you, run generations, save your workspace).
• Send transactional email (account confirmation, occasional product updates, security notifications).
• Improve model output and retrieval quality, diagnose bugs, and monitor abuse.
• Comply with legal obligations and enforce our Terms of Service.

Our legal bases under UK GDPR are: performance of a contract (to deliver the Service to you), legitimate interests (to improve and secure the Service), and consent where required (for example, non-essential analytics if we add them in the future).

We share personal data with:

• Infrastructure providers that host the Service (cloud servers, managed Postgres).
• Large language model providers (currently Anthropic) who process the prompt and retrieval context required to generate your output. Prompts and generated content may be retained briefly by those providers for safety/trust and abuse review, subject to their own terms.
• Authentication and email delivery providers used to sign you in and send transactional email.
• Law enforcement or regulators where we are legally required to disclose data.

We do not sell your personal data.

Content you explicitly publish to your public profile is visible to anyone on the internet and may be indexed by search engines. Unpublishing removes the item from your profile but we cannot control third-party caches or search-engine indexes outside the Service.

Shared generation links (e.g. hotpot.sh/<id>) are accessible to anyone who holds the URL.

We retain account and content data for as long as your account is active. When you delete your account, we delete your user record and the generations you own. Generations forked or remixed by other users belong to those users and are not deleted. Aggregate analytics and operational logs may be retained for a limited period for security and debugging purposes.

Under UK GDPR and equivalent laws, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, to portability, and to withdraw consent where we rely on it. You can exercise most of these rights directly from the Settings page (change email, change username, delete account) or by emailing help@hotpot.sh.

If you are in the UK or EU and believe we have mishandled your data, you can complain to the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority, although we would like the chance to resolve concerns first.

Some of our providers may process data outside the UK or EEA. Where this happens, we rely on standard contractual clauses or other appropriate safeguards to protect personal data.

We use cookies strictly necessary to keep you signed in and maintain session state. We do not currently use third-party advertising or tracking cookies. If we add optional analytics in the future that rely on cookies, we will update this policy and ask for your consent where required.

We apply industry-standard measures to protect your data (encrypted transport, hashed passwords via our auth provider, access controls). No system is perfectly secure; if a breach materially affects your data, we will notify you and the relevant authorities as required by law.

The Service is not directed at children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last updated” date. If the changes are material, we will take additional steps to notify you.

Questions or requests? Email help@hotpot.sh or write to Interface Labs Ltd, 124 City Road, London, England, EC1V 2NX.