If Hot Wallet developers already have access to users' databases, they certainly know what each person's private key is. So, what is the security of a Hot Wallet?
It depends on what kind of wallet a user is using. There are two kinds of hot wallet, one is open source and the next one is closed source. If a user is using a closed source wallet then what you have written is correct. If a user is using an open source waleet then their source code can be verified to check where is the private key is being stored. Another important thing a user needs to check while using a hot wallet is that it should be non custodial.
Reputed and trusted wallet like Electrum doesn't use such tactics. There are wallets that have big reputation and they do publicly claim that they don't have access to the private key of an user. Either you can trust them or go for wallets that have been recommended on your thread.