PRIVACY
Minimal data. Clear purpose.
This notice covers the public website, founding-beta application, release communications, operational telemetry, and purchase handoff.
Information collected
The founding-beta form may collect your name, email address, selected roles, time zone, optional project or portfolio link, information about what you are building, and whether you are willing to participate in a guided test.
How application information is used
Application information is used to organize beta cohorts, send release and testing communications, respond to feedback, and improve BadMoth. Application answers are not sent to visitor analytics and are not intended for sale to advertisers.
Purchase data
Payment is handled by the checkout provider configured on the BadMoth page. DevMind does not receive or store full payment-card details through this website. The provider may process contact, payment, tax, fraud-prevention, and transaction information under its own terms and privacy notice.
Storage and email providers
When operational connections are enabled, beta application records are stored in Supabase and confirmation messages are sent through Resend. Server-side secret keys are held in Vercel environment variables and are not included in browser code.
Privacy-minimized analytics
The site records bounded events such as page entry, CTA use, form start, form completion, world focus, release version, viewport size, and broad performance tier. It does not send form answers, project source, uploaded files, private messages, or payment details to analytics.
Error reports
Client errors may include the error type, redacted message, route, line number, release version, quality tier, and capability state. Common credential patterns and URL query values are removed. Do not intentionally submit secrets through support reports.
Abuse prevention
The server may store a one-way, salted hash derived from an IP address to identify repeated automated submissions or error floods. The raw IP is not stored in the launch tables.
Retention and removal
Beta records are retained while useful for participation, support, release communications, fraud prevention, or legal obligations. Contact Support address not connected to request correction, removal, or communication opt-out.
Security boundary
Browser code cannot read beta records. Database tables use Row Level Security with no public browser policies. Purchase delivery must verify the completed Stripe session and use a protected BadMoth file rather than a publicly exposed download URL.