Privacy Policy | Bot Your Brain
Legal

Privacy Policy

The Mm-hmm Shop LLC (Colorado) · d/b/a Ultimate Online Revenue and Bot Your Brain
Last Updated: May 6, 2026 · [email protected]

1) What We Collect

We may collect:

  • Identifiers: name, email, phone, billing address, IP address, device identifiers, cookie IDs.
  • Payment data: handled by our payment processors (Stripe, PayPal). We do not store full card numbers on our servers.
  • Account data: login credentials, purchase history, subscription status, support communications.
  • Usage data: pages visited, click patterns, device and browser metadata, session timing, analytics events.
  • Inputs you submit for AI and system configuration: examples, brand information, voice samples, prompts, documents, conversation history with Your Business Brain, and other materials you provide for the Services to operate.

2) How We Use Information

We use data to:

  • deliver and maintain the Services
  • process payments and provide receipts
  • authenticate your account and prevent fraud
  • provide customer support
  • improve products and user experience
  • generate AI outputs based on your Inputs
  • send service announcements and, if you opt in, marketing emails or text messages

3) Vendors + Processing

We use third-party vendors to operate the business, including:

  • Stripe, PayPal (payments)
  • Kajabi (course/membership hosting)
  • Content Creator Machine / GoHighLevel-based platform (CRM, automation, messaging, email and SMS delivery)
  • Anthropic products (Claude API, Claude Agent SDK), OpenAI products (ChatGPT, OpenAI API), and other AI providers used to generate outputs
  • Application hosting platform (the cloud platform on which our application runs)
  • Database and authentication providers (the systems that store user accounts and application data)
  • Cloud storage providers (file and document hosting)

These vendors process data under their own terms and privacy policies. We choose vendors that meet commercially reasonable security standards.

4) AI Data Handling

When you submit Inputs (writing samples, brand context, conversation messages, uploaded documents) for AI processing:

  • Those Inputs are transmitted to AI providers (currently Anthropic and OpenAI) to generate outputs in real time.
  • We do not use your Inputs to train AI models that serve other customers. We do not sell your Inputs to AI providers for model training.
  • AI providers may have their own data-handling terms. As of the Last Updated date above, Anthropic and OpenAI both provide enterprise-grade API tiers with no-training guarantees, which we use.
  • AI outputs may incorporate patterns learned from broader datasets that the underlying model was trained on. Outputs are not always accurate, may reflect biases in training data, and should be reviewed before you act on them.
  • We recommend you avoid submitting highly sensitive personal data through the Services (Social Security numbers, health records, banking credentials, government IDs).

Automated decision-making: outputs from Your Business Brain are AI-generated suggestions, not legally binding decisions. You retain full responsibility for what you choose to act on.

5) Sharing of Information

We do not sell your personal information.

We may share information with:

  • Service providers who help us run the business (hosting, analytics, CRM, payments, email and SMS, AI APIs).
  • Legal authorities when required by law, valid subpoena, or court order.
  • Professional advisers (lawyers, accountants) as needed to operate the Company.
  • Successor entities in the event of a merger, acquisition, or asset sale, subject to the same protections in this policy.

6) Cookies and Analytics

We may use cookies, pixels, and analytics tools to measure traffic, improve performance, and personalize the user experience. The specific tools we use as of the Last Updated date include Google Analytics and Meta Pixel.

You can disable cookies in your browser settings. Some features of the Services may not function correctly without cookies. Where required by law, we display a cookie banner so you can manage your preferences.

7) Email and SMS Communications

If you opt in, we may send you marketing emails and text messages.

  • Email: unsubscribe any time using the link in any marketing email or by emailing [email protected].
  • SMS: standard message and data rates may apply. Frequency varies. Reply STOP to any message to unsubscribe. Reply HELP for help. We do not share your phone number with third parties for their marketing purposes.

Service-related communications (billing notices, security alerts, account changes) are sent regardless of marketing preferences and cannot be opted out of without closing your account.

8) Data Security

We use commercially reasonable safeguards to protect your information, including encryption in transit (TLS), encrypted database storage, role-based access controls, and regular security reviews.

No system is 100 percent secure. You use the Services at your own risk. If you become aware of a security incident affecting your account, please email [email protected] immediately.

9) Data Retention and Deletion

We retain different categories of data for different lengths of time, based on what each category is used for and what legal obligations apply.

While your account is active

We retain all account data, Inputs, AI conversation history, and usage data for as long as your account is active. This is the data we need to operate the Services for you.

After you cancel a subscription

When you cancel a subscription, your account data and Inputs (including your brand profile, saved fragments and frameworks, conversation history, and uploaded documents) enter a 30-day grace period. During the grace period, you can reactivate your subscription and your data resumes uninterrupted.

After 30 days, we delete your active-account Inputs (brand profile, fragments, frameworks, conversation history, uploaded documents) from our production systems. Backup copies are retained for an additional 90 days under strict access controls and are then permanently deleted.

You can request deletion at any point during the grace period, and we will honor it within 30 days.

Build Day Starter Pack purchases

If you purchased a Build Day Starter Pack, the Pack files (delivered to you as a zip archive) are yours to keep regardless of subscription status. We retain a record that you purchased the Pack for warranty, support, and license verification purposes for the longer of 7 years (for tax and accounting) or the life of the company.

Billing and tax records

We retain billing records, invoices, transaction logs, and tax-related information for 7 years from the transaction date, as required by U.S. federal and Colorado state tax law.

Support communications

Support tickets and email correspondence are retained for 3 years from the last message, then deleted.

Marketing email lists

If you unsubscribe from marketing emails, your address is removed from active mailing lists within 7 days. Suppression-list records (used to ensure we do not accidentally re-add you) are retained indefinitely as required by anti-spam laws (CAN-SPAM, CASL).

Anonymized usage data

Aggregated and anonymized usage data (with all personal identifiers removed) may be retained indefinitely for product analytics and improvement purposes.

How to request deletion

To request deletion of your personal information at any time, email [email protected] with the subject line "Deletion Request." We will confirm receipt within 7 days and complete the deletion within 30 days, except where we are required by law to retain specific records (billing, tax, legal-hold) or where we need to retain information to resolve an active dispute.

You can also export your data before deletion. See Section 10 below.

10) Your Rights

Depending on where you live, you may have the following rights regarding your personal information.

All users

  • Access: request a copy of the personal information we hold about you.
  • Correction: request that we correct inaccurate or incomplete information.
  • Deletion: request that we delete your personal information, subject to legal retention requirements (Section 9).
  • Portability: request a machine-readable export of your Inputs and account data.
  • Opt-out of marketing: unsubscribe from marketing emails or SMS at any time.

California residents (CCPA / CPRA)

In addition to the rights above, California residents have:

  • The right to know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share with.
  • The right to opt out of the sale or sharing of personal information. We do not sell personal information. If we ever begin to share personal information for cross-context behavioral advertising, we will provide a "Do Not Sell or Share My Personal Information" link on our website.
  • The right to limit the use of sensitive personal information.
  • The right to non-discrimination for exercising any of these rights.

EU/UK residents (GDPR / UK GDPR)

EU and UK residents have the rights above plus:

  • The right to object to processing based on legitimate interests.
  • The right to restrict processing in certain circumstances.
  • The right to lodge a complaint with your local supervisory authority.
  • The right to withdraw consent at any time where processing is based on consent.

The legal basis for our processing is, depending on context, your consent, the performance of a contract with you, our legitimate interests in operating the business, or compliance with a legal obligation.

How to exercise your rights

Email [email protected] with the subject line "Privacy Rights Request" and tell us which right you are exercising. We will respond within 30 days (45 days for complex requests). We may need to verify your identity before processing the request.

11) Children

We do not knowingly collect personal information from anyone under 18. If you believe we have collected information from someone under 18, contact [email protected] and we will investigate and delete the information promptly.

12) International Data Transfers

We are a U.S. company. If you are accessing the Services from outside the United States, your information will be transferred to and processed in the U.S. and other countries where our vendors operate. By using the Services, you acknowledge this transfer.

For EU and UK users: where required, transfers are made under Standard Contractual Clauses or other approved transfer mechanisms.

13) Changes to This Policy

We may update this policy from time to time. The Last Updated date above controls. Material changes will be communicated by email to active subscribers and posted prominently on our website. Continued use after a policy update means acceptance.

14) Contact

Privacy questions: [email protected]

The Mm-hmm Shop LLC, d/b/a Bot Your Brain, Colorado, USA.