Privacy notice

1. Who we are

Am I Hot is operated by Grimaldy Navirio Gunawan("we", "us", "our"), the seller of the service. We are the data controller responsible for the personal data described in this notice. You can contact us at the email address published on this site or via the in-app support flow.

2. Categories of personal data we collect

• — Account data: email address, username, password hash, optional Instagram handle.
• — Biometric content you upload: selfies and voice recordings.
• — Generated content: AI-generated reports, scores, recommendations.
• — Usage and device data: IP address, browser/user-agent, request timestamps, error logs.
• — Transaction metadata: Paddle transaction IDs, amount, currency, status (no card numbers — those are handled by Paddle).

3. Purposes & legal bases

• — Provide the service (generate reports, store history, run the leaderboard) — performance of contract.
• — Process payments and grant entitlements — performance of contract.
• — Security, fraud prevention, abuse handling — legitimate interest.
• — Service improvement and aggregated analytics — legitimate interest.
• — Legal/regulatory compliance — legal obligation.
• — Optional marketing communications — consent (you can withdraw at any time).

Where you are in the UK/EEA, processing is carried out under the UK GDPR / EU GDPR. Where you are in California, equivalent rights under the CCPA/CPRA apply.

4. Who we share data with

• — Paddle.com Market Ltd ("Paddle") — our Merchant of Record. Paddle handles all payment processing, billing, tax, invoicing, refunds and chargebacks. Paddle receives the data needed to complete your purchase (name, email, billing address, card / payment details, IP, device info). See paddle.com/legal/privacy.
• — Hosting & database infrastructure (Lovable Cloud / Supabase) — to store your account, media, and reports.
• — AI providers (Google Gemini and equivalent model providers) — to generate your scoring report. Inputs are sent for inference only and are not used by us to train third-party models.
• — Professional advisers (legal, accounting) — only where strictly necessary.
• — Authorities — where required by law, court order, or to protect our rights or the safety of others.

We do not sell your personal data. Some recipients are located outside your country. For UK/EEA transfers we rely on adequacy decisions or Standard Contractual Clauses.

5. What's public on the service

Your username, overall scores, selfie thumbnail and voice clip can appear on the public leaderboard and on shareable report pages. Editorial notes, weaknesses and personalized recommendations are visible only to you.

6. Data retention

• — Selfies, voice recordings & reports: kept until you delete them or close your account, then permanently removed within 30 days.
• — Account record (email, username): kept for the lifetime of the account, then removed within 30 days of closure.
• — Transaction & tax records: retained by Paddle and us for up to 7 years to comply with tax/accounting law.
• — Security and access logs: retained for up to 12 months.

7. Your rights

Subject to applicable law, you have the right to: access your data, rectify inaccurate data, request erasure, restrict or object to certain processing, request portability, withdraw consent, and lodge a complaint with your local data protection authority. To exercise any right, contact us — we will respond within one month.

8. Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, principle-of-least-privilege access controls, row-level security on the database, isolated storage buckets, hashed credentials and audit logging. No system is perfectly secure — please use a strong unique password and notify us immediately if you suspect compromise.

9. Cookies

We use essential cookies and local storage strictly necessary to keep you signed in and to remember theme preference. We do not run third-party advertising trackers. Paddle's checkout sets its own cookies necessary to process your payment.

10. Changes & contact

We may update this notice; the "Last updated" date will change. For privacy questions, contact Grimaldy Navirio Gunawan via the email address listed on this site or the in-app support flow.