// legal
Privacy Policy.
Last updated: June 7, 2026
This is the privacy policy for tommybuilt.dev and the tools built and operated by TPS Worldwide LLC. It describes what we collect by category of activity, who processes it, and how to ask us to remove it. We try to be specific instead of vague.
Plain-English disclosure, not legal advice. This page is honest disclosure copy written by the operator. It is not a legal opinion. Before onboarding paying customers, TPS Worldwide LLC intends to have these terms reviewed by a licensed attorney. If you are evaluating one of these products for production use and need a stronger written commitment, email the contact address below.
What this policy covers
This site includes interactive tools and demos. Some of them collect personal information you choose to provide, and some send your input to third-party AI providers in order to work. The set of tools changes over time as new ones ship. Rather than treat each product name as the only source of truth, this policy describes how the tools handle your data by category of activity, names the current tools and the actual third parties as examples, and covers future tools that work the same way.
The properties currently operated by TPS Worldwide LLC are: tommybuilt.dev (this portfolio site, live); War Room Agents (the AI briefing tool at /war-room, live); MonkNote (an embeddable comments widget with a public demo, live); CleverBotly (an embeddable AI sales assistant with a live demo at /demos/chatbot, live); and Ask Sage (a retrieval-augmented memory tool for course creators, with a live demo at /demos/rag; the full product is in development and not yet accepting signups).
External products linked from this site but operated elsewhere (for example TextSpeakPro, GlowUpFinder, and other portfolio entries on their own domains) are governed by their own privacy policies, not this one.
AI assistants and demos that process your input
Some tools on this site send what you type to a third-party AI provider to generate a response and to run automated safety checks on the text. The provider processes that input under its own terms. Current examples:
- CleverBotly, the chat assistant at /demos/chatbot: every message you send is sent to OpenAI to generate the reply and to run a safety check. You are talking to an AI assistant, not a person. If you choose to share contact details so the operator can follow up, it also collects your name, your email, an optional phone number, and a short note of what you want built.
- War Room Agents at /war-room: the URL or short idea you submit, plus the page text it captures, is sent to Anthropic to generate the briefing. It also collects the email address you enter so it can send you the result.
- The MonkNote comments demo at /demos/monknote: when AI moderation is enabled, your comment text is sent to OpenAI's Moderation API for an automated safety check before the comment becomes visible.
- The Ask Sage demo at /demos/rag: the question you type is sent to OpenAI through the Ask Sage demo backend (hosted on Vercel) to generate a cited answer from a fixed body of content and to run an automated safety check. You are talking to an AI assistant, not a person.
What the AI providers say about that data: OpenAI states that data submitted through its API is not used to train its models and is retained only for a limited period (up to about 30 days) for abuse monitoring before deletion, unless it must be kept for legal reasons. Anthropic states that, under its commercial and API terms, it does not train its models on your prompts or outputs and retains them only briefly for operational and safety purposes. These are the providers' own stated policies, linked in the processors section below, not commitments by the operator.
Any AI tool we add later that sends your input to an AI provider is covered by this same category. The providers we use are named in the Third-party processors section below. Please do not type anything into these tools that you would not want sent to an AI provider and, where the tool passes a lead to the operator, shared with the operator.
Forms and direct submissions
When you submit a form or otherwise send us information directly, we collect what you provide and use it to respond. Current examples:
- The contact form: your name, your email, your message, and optionally a project type and budget range. It is stored in our Cloudflare database so the request is not lost, and emailed to the operator through Resend.
- CleverBotly lead capture: if you ask to be contacted, the name, email, and optional phone number you share are stored and emailed to the operator through Resend.
- MonkNote comments (on sites where it is embedded): the name you enter, an email address if provided (not shown publicly), the comment body and any reactions, and the page URL the comment is attached to.
Any future form or lead-capture surface that collects what you submit is covered by this same category.
Technical and security data
To keep the tools available and to block abuse, we process some technical data across the current and future tools the same way:
- A human-check, Cloudflare Turnstile, runs on the contact form, War Room, CleverBotly, and MonkNote to block automated submissions.
- Rate limiting and abuse detection use a salted SHA-256 hash of your IP address and your browser's user agent string. Across these tools the raw IP address is not stored; only the hash is kept.
- CleverBotly additionally records your country code on the conversation record. It does not store your raw IP address.
Cookies and local storage
On your first visit to tommybuilt.dev you will see a cookie consent banner. You can accept all, reject non-essential, or manage individual categories. Your choice persists in your browser, and you can change it any time by clicking "Cookie Preferences" in the footer. Four categories are listed in the preferences dialog:
- Essential: required for the site to load and for the tools to function. Always on. No tracking.
- Analytics: aggregate, non-identifying usage data. Off by default. The main tommybuilt.dev pages do not load an analytics provider. The embedded CleverBotly widget, served from widget.tommybuilt.dev, loads Cloudflare Web Analytics, a cookieless, aggregate measurement beacon that does not set cookies or identify individual visitors.
- Marketing: reserved for marketing or retargeting pixels. Off by default. Currently not in use.
- Functional: optional comfort features like remembering a preference between visits. Off by default.
Each consent choice is recorded server-side with a SHA-256 hash of your IP, your user agent string, your category choices, and a timestamp. The raw IP is never stored. The hash makes it possible to verify a specific choice was made without identifying the visitor.
Other browser storage in use: the CleverBotly widget stores a random visitor token in localStorage and in a cookie named cb_visitor (on widget.tommybuilt.dev) so it can recognize a returning conversation on the same site; a short-lived admin session cookie for the internal admin panel, which is only relevant to the site operator; and the MonkNote widget's own localStorage entries (sort preference, draft body, theme choice, manage tokens) on sites where MonkNote is embedded. Cloudflare Turnstile, the human-check used on the forms and the chatbot, may also set its own functional storage to run the challenge. There is no third-party tracking pixel, no Google Analytics, no Meta Pixel, no cross-site fingerprinting.
How we use the data
We use your data solely to provide the service you requested. That means: replying to inquiries from the contact form, running the briefing tool against the URL or idea you submitted and emailing you the result if you opt in, generating CleverBotly chatbot replies and passing a lead to the operator when you ask to be contacted, rendering and moderating comments on sites that embed MonkNote, and internal admin review for spam and abuse.
We do not sell your data. We do not share it with third parties for marketing.
Third-party processors
We use a small set of vendors to run the site and the tools. Each is named here. The specific tools that use a given provider may change as the site evolves, but the providers themselves are listed here, and this list is updated when they change.
- Cloudflare: hosts every site and runs the API functions, Workers, D1 databases, KV namespaces, R2 buckets, and Durable Objects behind the tools. Cloudflare provides a data processing agreement and states that it is covered by the EU-US Data Privacy Framework and Standard Contractual Clauses.
- Cloudflare D1: the database where contact submissions, War Room Agents runs, and CleverBotly conversations and leads are stored, on US-based infrastructure.
- OpenAI: generates CleverBotly chat replies and Ask Sage demo answers, runs automated safety checks on them, and moderates MonkNote comments on sites that enable it. OpenAI states that data submitted through its API is not used to train its models and is retained only briefly (up to about 30 days) for abuse monitoring, then deleted unless legally required.
- Anthropic: the AI model provider whose Claude models process your input to produce War Room Agents output. Anthropic states that, under its commercial and API terms, it does not train its models on your prompts or outputs and retains them only briefly.
- Resend: delivers transactional email (contact replies, briefing packets, CleverBotly lead notifications, MonkNote subscriber and admin notifications). Resend acts as a processor, stores data in the US, states that it is certified under the EU-US Data Privacy Framework and its UK extension, and provides a data processing agreement with Standard Contractual Clauses.
- Cloudflare Turnstile: a cookieless human-check used on the contact form and the AI tools to block automated submissions. It processes only short-lived session signals (such as IP address and user agent) for that bot check.
- Vercel: hosts the Ask Sage demo backend that processes questions typed into the /demos/rag demo before they reach OpenAI. Vercel acts as a processor and offers a data processing addendum.
These providers act as service providers that process data on the operator's behalf under their terms, not for their own independent purposes. Each processes your input under its own privacy terms, linked here: OpenAI, Anthropic, Cloudflare, and Resend.
Retention
Contact form submissions, War Room Agents runs, and CleverBotly conversations and leads are retained so the operator can respond to you and review for abuse. We do not currently run an automatic deletion schedule for these records, so they are kept until the operator removes them or until you ask us to. MonkNote comments are retained for as long as the embedding site owner keeps them; visitors can request deletion of their own comments via the moderator of the embedding site or, on the public demo, via the email below. Short-lived rate-limiting counters expire automatically within minutes. You can request deletion of any data we hold about you at any time by emailing the contact address below.
Children's privacy
None of these products are directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has submitted information through one of these properties, email the contact address below and we will delete it.
Where your data is processed
The site and its tools run on US-based cloud infrastructure, and the AI providers process your input in the United States. If you use the site or its tools from outside the United States, your data is transferred to and processed in the United States.
Your rights
You can request access to the data we hold about you, ask us to correct it, or ask us to delete it. Email the contact address below and we will respond within a reasonable timeframe. Depending on where you live, you may have additional rights under your local privacy law; tell us where you are and what you would like, and we will work with you in good faith.
Contact
Privacy requests should be sent to tommy@tpsworldwidellc.net.