What We Collect
When you use our Process Discovery Assessment, we collect only what you provide in the form:
- Email address
- Company name
- Industry (if selected)
- Your answers to assessment questions
How We Process Your Data
Your responses are sent to AI language model APIs to generate your Hidden Drain Report. The AI processes your answers and returns the analysis.
Data Storage
We store data in the following locations:
- Your browser (local storage): Your generated report is saved in your browser's local storage so you can return to it without re-completing the assessment. This data never leaves your device and is only accessible within your browser.
- Our servers (encrypted storage): When your report is generated, we store a copy on our servers (Upstash Redis) so you can access it from any device. Reports are stored for 90 days and are keyed by a salted hash of your email address — we do not store your plain-text email alongside the report data. If you purchase the Implementation Bundle, the bundle content is also stored for 90 days. Rate-limiting records (hashed email only) expire within 24 hours; payment verification records expire after 90 days.
- Magic links: After your report is generated, we email you a unique, private link (a “magic link”) that lets you view your report from any device. This link contains a cryptographically random token — it is not derived from your email address. Anyone who possesses this link can view your report, so you should treat it like a password. Magic links expire after 90 days.
Third-Party Services
We use the following third-party services to operate this platform:
- Anthropic (Claude API) — AI processing of responses. Anthropic does not use API inputs for training. See Anthropic's Privacy Policy.
- Google (Gemini API) — AI processing of responses. See Google AI Terms.
- Cloudflare Turnstile — bot protection verification. No personal data is collected beyond what is needed for verification.
- Upstash Redis — report storage, rate limiting, and payment verification. Report data is stored for up to 90 days, keyed by a salted hash of your email. Rate-limit records expire within 24 hours; payment records expire after 90 days.
- Lemon Squeezy — payment processing for the Implementation Bundle. Lemon Squeezy acts as the Merchant of Record and handles all payment data. See Lemon Squeezy's Privacy Policy.
- Resend — transactional email delivery. Your email address is passed to Resend to deliver your report magic link and, if you purchase the Implementation Bundle, a payment confirmation email. Resend does not use this data for marketing purposes. See Resend's Privacy Policy.
Transactional Emails
When your report is generated, we email you a magic link so you can access it from any device. If you purchase the Implementation Bundle, we also send a payment confirmation email. These are operational emails required to deliver the service — they are not marketing emails and you cannot opt out of them. We do not send newsletters or promotional emails unless you have explicitly opted in.
Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data is only shared with the AI and infrastructure services listed above for the sole purpose of generating and storing your report.
Your Rights
You may request deletion of your stored report and personal data at any time by contacting us at hello@hiddendrain.com. Reports are automatically deleted after 90 days; payment and bundle records are deleted after 90 days.
Cookies & Analytics
This application uses the following cookies and tracking technologies:
- Google Analytics (GA4): We use Google Analytics to understand how visitors interact with our site — including pages visited, time on page, and general traffic patterns. GA4 sets cookies to distinguish unique users and sessions. No personally identifiable information is sent to Google Analytics. See Google's Privacy Policy.
- Google Ads: We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This sets cookies to track whether a visitor completed a purchase after clicking an ad. No personal data beyond anonymised conversion signals is shared with Google.
- Cloudflare Turnstile: May set a cookie for bot verification purposes only. No personal data is collected beyond what is needed for verification.
- Session cookie: A functional cookie may be set to manage site access. This is strictly necessary and does not track your activity.
You can manage or disable cookies through your browser settings. Disabling cookies may affect some site functionality. Our legal basis for analytics cookies is legitimate interest in understanding site usage and improving the service; for advertising cookies, we rely on your consent via the cookie banner displayed on your first visit.