Privacy Policy

1. Who We Are

Hostalot LLC is a web hosting and software company based in Texas, United States. We operate web hosting infrastructure and the Designer Talk AI page builder SaaS platform.

For privacy-related questions, contact us at:
Email: support@hostalot.com
Website: hostalot.com

2. Information We Collect

2.1 Information You Provide to Us

When you create an account or use our services, we collect:

• Account information: Name, email address, and password (stored as a secure hash)
• Billing information: Payment details processed through our billing provider (WHMCS). We do not store raw credit card numbers on our servers.
• Support communications: Any messages, emails, or tickets you send to our support team
• Business information: If you use Designer Talk's Brand Settings feature, information you enter such as your business name, industry, target audience, tone, and business goals

2.2 Information We Collect Automatically

When you use our services, we automatically collect:

• Usage data: Which AI models you use, how many credits you consume, token counts per request, and timestamps
• API activity logs: Your API key ID, AI provider used, model used, request response time, and your IP address — logged for billing verification and abuse prevention
• Conversation and generation data: The messages you send to the AI and the HTML/CSS sections generated in response, stored to enable editing continuity across sessions
• Log files: Standard server logs including IP address, browser type, pages visited, and referring URLs
• Cookies and local storage: We use cookies for session management and authentication. The Designer Talk plugin uses browser localStorage to save your preview zoom preference.

2.3 Information from Third Parties

• Payment processors: We receive confirmation of payment and basic billing details. We do not receive or store full credit card numbers.
• AI providers: When you use Designer Talk, your prompts and conversation context are sent to third-party AI providers (Anthropic, OpenAI, Google) to generate responses. Those providers may retain data per their own privacy policies (see Section 6).

3. How We Use Your Information

We use the information we collect to:

• Provide our services — process your requests, generate AI content, manage your credits, and deliver the features you use
• Manage your account — authenticate you, manage billing, and maintain your account
• Improve our services — analyze usage patterns to improve performance, fix bugs, and develop new features
• Prevent abuse — detect and prevent fraud, API abuse, rate limit violations, and violations of our Terms of Service
• Communicate with you — send account notifications, billing receipts, service announcements, and respond to support requests
• Legal compliance — comply with applicable laws, respond to legal requests, and enforce our Terms of Service

4. Data Retention

We retain your data for as long as your account is active or as needed to provide services.

Data Type	Retention Period
Account information	Until account deletion
Billing records and transaction history	7 years (legal/tax requirement)
Conversation messages	60 days from creation, then automatically deleted
AI-generated section HTML	Until you delete the page or your account
AI-generated images	Not stored on our servers. Generated images are returned to your WordPress site and saved in your own Media Library — we never retain a copy.
API usage logs	90 days, then automatically deleted
Support communications	3 years

When your account is deleted or terminated, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

5. How We Store and Protect Your Information

• API key security: Your Designer Talk API key is never transmitted to the browser. All API calls are proxied through your WordPress server, keeping your key server-side at all times.
• Sensitive file protection: Configuration files containing API keys and database credentials are stored outside the public web directory and are not accessible via HTTP.
• Database security: We use prepared statements for all database queries to prevent SQL injection.
• Encryption in transit: All data transmitted between your browser, your WordPress site, and our API server is encrypted using TLS (HTTPS).
• Access controls: Database credentials and API keys use least-privilege access.
• Password hashing: Account passwords are never stored in plain text.

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

6. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

6.1 AI Providers

When you use Designer Talk to generate content, your messages and conversation context are transmitted to the applicable third-party AI provider:

• Anthropic (Claude models) — anthropic.com/privacy
• OpenAI (GPT-4o models) — openai.com/policies/privacy-policy
• Google (Gemini models) — policies.google.com/privacy

We send only the minimum data necessary to fulfill your request (your message, recent conversation history, and any images you attach).

6.2 Payment Processors

We use WHMCS and our payment processor to handle billing. They receive the information necessary to process your payment. We do not store raw payment card data.

6.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect our rights, investigate fraud, or respond to a legal request.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of our assets, your information may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.

7. Third-Party Services

Our services integrate with or link to third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of:

• Anthropic, OpenAI, and Google (AI model providers — see Section 6.1)
• Your payment processor
• Your WordPress hosting provider (for the Designer Talk plugin)
• Three.js (loaded via CDN on published AI pages — no personal data collected)
• Google Fonts (loaded via CDN in generated sections — Google may log font requests per their privacy policy)

8. Cookies and Tracking

8.1 What We Use Cookies For

• Session management: Keeping you logged in to the client area
• Security: CSRF protection tokens
• Preferences: Remembering settings such as your preferred view in the dashboard

8.2 What We Do Not Do

8.3 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may affect your ability to log in or use certain features of our client area.

9. Children's Privacy

Our services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at support@hostalot.com and we will delete it promptly.

10. Your Rights and Choices

You may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request that we delete your personal data, subject to retention requirements in Section 4
• Portability: Request your data in a portable format where technically feasible
• Opt-out of communications: Unsubscribe from marketing emails at any time. Transactional emails (billing receipts, account alerts) cannot be opted out of while your account is active.

To exercise any of these rights, contact us at support@hostalot.com. We will respond within 30 days and may need to verify your identity before processing your request.

11. Texas Privacy

As a Texas-based company, we comply with applicable Texas privacy laws including the Texas Data Privacy and Security Act (TDPSA). Texas residents have the right to:

• Know what personal data we collect and how it is used
• Correct inaccuracies in your personal data
• Delete personal data you have provided to us
• Opt out of the sale of personal data (note: we do not sell personal data)

To exercise these rights, contact us at support@hostalot.com.

12. International Users

Our services are operated from the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States. By using our services, you consent to this transfer.

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via email within a reasonable timeframe as required by applicable law. Our notification will describe the nature of the breach, the data affected, and steps we are taking to address it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you via email or a notice in the client area where required by law. Your continued use of our services after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Hostalot LLC
Email: support@hostalot.com
Website: hostalot.com
Response time: within 30 days