Privacy Policy
Last updated · 2026-06-09
This Privacy Policy describes how Hotshot ("Hotshot", "we", "us", "our") handles personal data when you visit hotshot.cam, use the Hotshot iOS app, or interact with related services (together, the "Service").
The short version. We process your photos to give them a new look, then delete the originals. We do not train AI on your photos. We do not sell your data. We use a short list of vetted service providers for hosting, payment processing, AI image generation, abuse prevention, and analytics. We honor GDPR / UK GDPR / CCPA rights. Contact: hello@hotshot.cam.
Operator (data controller): Maxim Kartuzov, operating Hotshot as an individual based in Portugal. Contact: hello@hotshot.cam.
1. What we collect and why
1.1 Waitlist (hotshot.cam)
- Email address you submit and the timestamp of submission.
- Technical request metadata (IP address, user agent) collected automatically by our hosting layer for fraud prevention and bot mitigation, retained per that provider's standard policy.
Lawful basis: consent (GDPR Article 6(1)(a)). We use your email solely to tell you when Hotshot is available, plus rare announcements. Unsubscribe anytime by emailing hello@hotshot.cam with "unsubscribe".
1.2 Photos you process through the iOS app
In short: we send your photo through an AI processing partner, return the result to you, and delete the original. We never use your photos to train AI.
- Every photo you submit for processing is transmitted to our backend and then to a third-party AI image-generation provider for the transformation.
- The original photo is stored briefly only while processing is in progress (typically less than 30 seconds) and is permanently deleted as soon as the processed result is generated.
- The processed result is stored briefly so you can re-download it from your library, then becomes unreachable. You keep your local copy on device.
- A low-resolution blurred preview may be stored briefly to be shown in push notifications.
No model training. We do not use your photos to train AI models. Our AI processing provider is contractually prohibited from using your photos to train its models either.
Lawful basis: performance of contract (GDPR Article 6(1)(b)).
1.3 Identifiers and abuse prevention
- A device attestation token issued by Apple, used to confirm the request comes from a genuine, unmodified Hotshot install on a real Apple device. The token does not identify you personally.
- An anonymous in-app user ID generated by our subscription-management layer and stored in your iOS Keychain. We use it as the key for your purchase history, shot quota, and any credit balance. It is not linked to your name, email, or Apple ID.
- A server-side state record keyed by the anonymous user ID, holding your subscription tier, shot-quota counters, remaining credits, and (if you have been suspended) the suspension expiry.
- An Apple Transaction ID hash, used solely to prevent the reinstall-to- reclaim-free-shots abuse path. We do not store your Apple ID or full purchase history.
- An Apple push-notification token, stored only if you allow push notifications, used to deliver "your shot is ready" alerts.
Lawful basis: legitimate interests (GDPR Article 6(1)(f)) — preventing fraud and abuse of a paid service.
1.4 Purchases and subscriptions
- Apple handles your payment in full. We never see your credit card details, Apple ID, or billing address.
- Our subscription-management partner receives the transaction receipt from Apple, verifies it, and tells us which subscription tier or credit pack you bought. We store the resulting entitlement status linked to your anonymous user ID.
- Subscriptions are not eligible for Apple Family Sharing.
- Refund-request consumption data. When you ask Apple for a refund on a Hotshot purchase, Apple may request limited consumption data (e.g. how recently you installed, how many of your credits or quota have been used, whether the processed shot was delivered, our preferred resolution). We share that data with Apple solely to help Apple decide the request. Once shared, the data is governed by Apple's privacy practices.
Lawful basis: performance of contract.
1.5 Analytics and product improvement
- Our analytics partner records in-app events such as which filters you choose, when a shot finishes, paywall views, and conversion. Events are keyed by your anonymous user ID. We do not send your photos, captions, or contacts to the analytics partner.
- We log server-side request metadata (timestamps, anonymous job and user identifiers, latency, cost) for operations and capacity planning.
Lawful basis: legitimate interests.
1.6 Cookies and similar technologies
The hotshot.cam marketing site does not set tracking or advertising cookies. Our hosting layer sets short-lived security cookies to detect bots. The administrative dashboard at hotshot.cam/admin is gated by single-sign-on, which sets an authentication cookie only for authorised staff after sign-in.
2. Who we share data with (categories of recipients)
In short: a small, named list of vetted vendors do the hosting, payment, AI processing, and analytics. We don't sell your data.
We use a small number of vetted third-party service providers acting as our data processors under written agreements. They process personal data only on our documented instructions and only for the purposes described above. Categories of recipients:
- Apple Inc. — App Store distribution, in-app payment processing, push notifications, device attestation. (Apple is identified specifically because it is the payment processor and operates the App Store.)
- Cloud infrastructure providers — website hosting, edge compute, object storage, key-value storage, content delivery.
- AI image-generation provider — the on-demand model that produces your transformed photo.
- Abuse-prevention and authentication provider — device attestation verification, configuration delivery.
- Subscription-management provider — receipt validation, entitlement tracking.
- Product-analytics provider — in-app event analytics.
We will share your data with law-enforcement or regulatory authorities only when legally required to do so, and only the data legally required. We may also share data in connection with a corporate transaction (merger, acquisition, financing) under confidentiality obligations consistent with this policy.
The current list of named processors is available on request. Email hello@hotshot.cam.
3. International data transfers
Some of our service providers may process your data outside your country of residence, including in the United States. Where we transfer personal data from the EU/UK to a third country, we rely on Standard Contractual Clauses adopted by the European Commission and the equivalent UK addendum, plus, where applicable, the EU-US Data Privacy Framework.
4. Face data
In short: faces in your photos are processed, not analysed. We do not extract or store biometric identifiers.
Many photos people send through Hotshot contain faces. Because some laws treat biometric data specially (e.g. the Illinois Biometric Information Privacy Act, the Texas CUBI Act, the Washington Biometric Privacy Act, and the GDPR's special-category rules in Article 9), we want to be precise about what we do and don't do with faces.
- We do not generate, store, or share face embeddings, face templates, faceprints, or any other unique biometric identifier derived from your photos.
- We do not use facial recognition to identify or authenticate anyone, link photos to specific individuals, or match faces across photos.
- Your photo is sent to our AI processing partner, which transforms it into the stylised output you requested and returns it. The AI provider does not retain the photo or use it to train its models, per its terms with us.
- Original photos are deleted from our storage as soon as the processed result is generated (typically < 30 seconds).
If you reside in a US state that requires written consent for biometric processing, note that we are not processing your face as a biometric identifier — we are transforming a picture you provided. By submitting a photo to Hotshot you nonetheless consent to the processing described above. You can withdraw consent at any time by discontinuing use of the Service.
5. How long we keep your data
- Original photos: deleted from our storage as soon as the AI processing completes (typically <30 seconds).
- Processed results & blurred preview: stored briefly to support result delivery, then become unreachable. You retain your local copy on device.
- Job status records: up to 7 days.
- Server-side user state (charges balance, quota counters, suspension flag): up to 1 year from last activity. This retention is required to prevent the uninstall/reinstall abuse loop.
- Aggregate counters (anonymous, non-personal): up to 90 days.
- Waitlist emails: until you unsubscribe or 1 year after public launch, whichever comes first.
- Server logs: our hosting provider retains operational logs per its standard policy (typically ≤ 7 days).
- Push notification tokens: until invalidated by Apple or revoked by you.
6. Your rights
In short: you can ask us to show, correct, or delete what we have about you. Email us and we respond within 30 days.
Depending on where you live (EEA, UK, Switzerland, California, and other jurisdictions with similar laws), you have the following rights:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data.
- Restriction / objection — limit or stop our processing.
- Portability — receive a machine-readable export of data you provided.
- Withdraw consent where processing relies on it (waitlist email).
- Complain to your supervisory authority.
To exercise any of these rights, email hello@hotshot.cam. For app-related requests, include the anonymous user ID found in Settings → About so we can locate your record. We respond within 30 days.
6.1 California residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to (a) know what categories of personal information we collect, the sources, and the purposes; (b) request a copy or deletion of your personal information; (c) opt out of the "sale" or "sharing" of personal information; and (d) limit use of sensitive personal information. We do not sell or share your personal information for cross-context behavioural advertising, and we do not process sensitive personal information for purposes other than those described in this policy. We will not discriminate against you for exercising your CCPA rights. To submit a request, email hello@hotshot.cam with "CCPA request" in the subject. We may need to verify your identity (typically by replying from the email tied to your record or by providing your in-app anonymous user ID) before fulfilling the request.
7. Security
All traffic between your device, our edge, and our service providers uses TLS. Tampered or modified app installs are blocked at the network layer before reaching our backend. We do not store your Apple ID, email, payment details, or any other directly identifying information on our servers. Access to administrative tools is gated by single-sign-on with an email allow-list.
8. Children
Hotshot is not directed at children under 13 (or under 16 in countries where that is the digital-services age of consent). We do not knowingly collect data from children. If we learn that a child has provided personal data, we will delete it. If you believe a child has used the Service, contact hello@hotshot.cam.
9. Automated decision-making
We do not make decisions with legal or similarly significant effect about you using only automated processing.
10. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. For material changes, we will notify you by email (waitlist) or in-app banner (app users) at least 14 days before they take effect, where the law requires it.