What We Collect
When you use our Process Discovery Assessment, we collect only what you provide in the form:
- Email address
- Company name
- Industry
- Your answers to assessment questions
How We Process Your Data
Your responses are sent to AI language model APIs to generate your Hidden Drain Report. The AI processes your answers and returns the analysis.
Data Storage
We store data in the following locations:
- Your browser (local storage): Your generated report is saved in your browser's local storage so you can return to it without re-completing the assessment. This data never leaves your device and is only accessible within your browser.
- Our servers (encrypted storage): When your report is generated, we store a copy on our servers (Upstash Redis) so you can access it from any device. Reports are stored for 90 days and are keyed by a salted hash of your email address — we do not store your plain-text email alongside the report data. Rate-limiting records (hashed email only) expire within 24 hours.
- Magic links: After your report is generated, we email you a unique, private link (a “magic link”) that lets you view your report from any device. This link contains a cryptographically random token — it is not derived from your email address. Anyone who possesses this link can view your report, so you should treat it like a password. Magic links expire after 90 days.
Third-Party Services
We use the following third-party services to operate this platform:
- Anthropic (Claude API) — AI processing of responses. Anthropic does not use API inputs for training. See Anthropic's Privacy Policy.
- Google (Gemini API) — AI processing of responses. See Google AI Terms.
- Cloudflare Turnstile — bot protection verification. No personal data is collected beyond what is needed for verification.
- Upstash Redis — report storage and rate limiting. Report data is stored for up to 90 days, keyed by a salted hash of your email. Rate-limit records expire within 24 hours.
- Resend — transactional email delivery. Your email address is passed to Resend to deliver your report magic link. Resend does not use this data for marketing purposes. See Resend's Privacy Policy.
- Microsoft Clarity — session recording and heatmap analytics. With your consent, Clarity records anonymised visitor sessions (mouse movements, clicks, scrolls) and generates heatmaps to help us understand how visitors interact with the site. Clarity automatically masks all input fields — your email address and questionnaire answers are never captured. Clarity is loaded only after you accept cookies. Microsoft acts as a data processor. See Microsoft's Privacy Statement.
Transactional Emails
When your report is generated, we email you a magic link so you can access it from any device. This is an operational email required to deliver the service — it is not a marketing email and you cannot opt out of it. We do not send newsletters or promotional emails unless you have explicitly opted in.
Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. Your data is only shared with the AI and infrastructure services listed above for the sole purpose of generating and storing your report.
Your Rights
You may request deletion of your stored report and personal data at any time by contacting us at hello@hiddendrain.com. Reports are automatically deleted after 90 days.
Cookies & Analytics
This application uses the following cookies and tracking technologies:
- Google Analytics (GA4): We use Google Analytics to understand how visitors interact with our site — including pages visited, time on page, and general traffic patterns. GA4 sets cookies to distinguish unique users and sessions. No personally identifiable information is sent to Google Analytics. See Google's Privacy Policy.
- Google Ads: We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This sets cookies to track whether a visitor completed a purchase after clicking an ad. No personal data beyond anonymised conversion signals is shared with Google.
- Microsoft Clarity: With your consent, Clarity sets cookies to record visitor sessions and generate heatmaps. All input fields are automatically masked — no personal data entered into forms is captured. Clarity is only loaded after you accept cookies.
- Cloudflare Turnstile: May set a cookie for bot verification purposes only. No personal data is collected beyond what is needed for verification.
- Session cookie: A functional cookie may be set to manage site access. This is strictly necessary and does not track your activity.
You can manage or disable cookies through your browser settings. Disabling cookies may affect some site functionality. Our legal basis for analytics cookies is legitimate interest in understanding site usage and improving the service; for advertising cookies, we rely on your consent via the cookie banner displayed on your first visit.