Effective date: May 29, 2026
Last updated: May 29, 2026
This Privacy Policy explains how Otto AI, Inc. ("Otto," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the Otto AI assistant service. By using the Service, you agree to the practices described in this policy.
1.1 Account Information. When you register for Otto, we collect your name, email address, and a hashed version of your password. We do not store your password in plain text — it is hashed using bcrypt before being stored.
1.2 Profile Information. You may optionally provide additional profile information such as a display name, timezone, or preferences. This information helps Otto personalize its responses.
1.3 Conversation Data. We store the messages you send to Otto and the responses Otto generates. This history is used to maintain context across sessions so Otto can reference prior conversations and provide more relevant assistance. You can delete conversation history at any time.
1.4 Memory Data. Otto's memory system allows the AI to save facts, preferences, and notes about you that you instruct it to remember (e.g., "remember that I prefer bullet points"). These memories are stored in our database and associated with your account. You can view, edit, and delete all memories from the Memory page.
1.5 Task and Routine Data. We store tasks you create and schedules/automations ("Routines") you configure, including their prompts, schedules, and execution history.
1.6 Integration Credentials. When you connect third-party services, we receive and store OAuth access tokens and refresh tokens. These tokens are encrypted using AES-256 encryption at rest. We use them solely to access the connected services on your behalf, when you direct Otto to do so.
1.7 Content from Connected Services. When Otto accesses connected services on your behalf (e.g., reads your email, checks your calendar), the content retrieved is processed in memory to generate a response. We do not permanently store the full contents of your emails, calendar events, documents, or other third-party content beyond what is necessary to complete your request in the current session. Summaries or excerpts may be stored as conversation history.
1.8 Usage Data. We collect information about how you use the Service, including: features accessed, commands sent, message counts, session duration, and error logs. This data is used for billing, abuse prevention, and product improvement.
1.9 Device and Technical Data. When you access the Service, we automatically collect certain technical information: IP address, browser type and version, operating system, device type, screen resolution, referring URL, and pages visited. This data is used for security, fraud prevention, and analytics.
1.10 Log Data. Our servers automatically record log data when you use the Service, including the date and time of requests, request details, and server response codes. Logs are retained for up to 90 days.
1.11 Cookies and Local Storage. We use session cookies to maintain your logged-in state. We use local storage for UI preferences (e.g., dark/light mode). We do not use tracking cookies or third-party advertising cookies. You can control cookies through your browser settings, but disabling session cookies will prevent you from logging in.
1.12 Legal Consent Records. When you agree to our Terms of Service and Privacy Policy, we record the timestamp, the version of the documents you agreed to, and your IP address at the time of agreement. This record is required for legal compliance and cannot be deleted.
1.13 Payment Information. If you subscribe to a paid plan, payment information (credit card numbers, billing address) is collected and processed by Stripe, our third-party payment processor. We do not receive or store your full credit card number. We receive only a payment token and basic billing details from Stripe.
We use the information we collect for the following purposes:
This section is required by Google's API Services User Data Policy and describes exactly how we handle data obtained through Google APIs.
What we access. When you connect your Google account, Otto may access the following, solely when you direct it to:
Limited Use compliance. Otto's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
Storage of Google data. OAuth access and refresh tokens are stored encrypted in our database. We do not persistently store the full content of your Gmail messages, calendar events, or Drive files. Content is fetched on demand and processed in memory to respond to your requests.
Revoking Google access. You can revoke Otto's access to your Google account at any time by: (a) disconnecting the Google integration from Otto's Integrations page, or (b) visiting your Google Account Security settings at myaccount.google.com/permissions and removing Otto's access. Upon disconnection, we immediately delete the stored tokens.
Slack. When you connect Slack, Otto can read messages from channels and direct messages you authorize, and send messages on your behalf. We store your Slack OAuth token encrypted. We do not store full Slack message history.
Notion. When you connect Notion, Otto can read and write pages and databases you authorize. We store your Notion OAuth token encrypted.
Other integrations. For API-key based integrations, you provide an API key which we store encrypted. We use the key solely to make requests to that service when you direct Otto to.
General principle. For all integrations: we access only what is necessary to complete your request, we store credentials encrypted, we do not share your integration data with other users, and you can disconnect any integration at any time.
We do not sell your personal information. We do not share your personal information with third parties for their marketing purposes. We share information only in these limited circumstances:
5.1 AI model providers. When you send a message to Otto, the content of that message (and relevant context from your conversation history and memories) is transmitted to Anthropic's Claude API to generate a response. Anthropic processes this data subject to their own privacy policy and Terms of Service. We do not send your Google/Gmail/Slack content to Anthropic unless it is directly relevant to fulfilling your request.
5.2 Infrastructure providers. We use Railway for hosting and deployment. They may have access to server logs and infrastructure data. They do not have access to your account content.
5.3 Payment processing. Stripe processes payments. They receive your payment card information and billing details. We do not receive or store full payment card information.
5.4 Legal requirements. We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of any person.
5.5 Business transfers. If Otto is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5.6 With your consent. We may share your information for any other purpose with your explicit prior consent.
5.7 Sub-processors. The following third parties process personal data on our behalf to operate the Service. Each is bound by contractual obligations to protect your data and process it only on our instructions. All are located in the United States.
Anthropic, PBC
AI model provider — processes message content and relevant context to generate responses (Claude)
OpenRouter, Inc.
AI model routing — processes message content when you select a non-Anthropic model
Stripe, Inc.
Payment processing — handles card details and billing; we never receive full card numbers
Railway Corp.
Cloud hosting and infrastructure — stores the application database and server logs
Resend (Plus Five Five, Inc.)
Transactional and marketing email delivery
If you connect optional integrations (e.g., Google, Slack, Notion, Telegram), those providers also receive data as needed to fulfill the requests you direct Otto to make. We update this list when we add or remove a sub-processor; material changes are communicated as described in the "Changes to This Policy" section. To request advance notice of sub-processor changes, email privacy@ottohq.app.
We implement and maintain technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.
Active accounts. We retain your personal information for as long as your account is active. Conversation history, memories, and task data are retained indefinitely until you delete them, as they are core to the Service's functionality.
Deleted accounts. When you delete your account, all associated personal data — including account information, conversations, memories, tasks, integration tokens, and routines — is permanently deleted from our systems within 30 days. Legal consent records (timestamp, IP, version) are retained as required by law.
Backups. Deleted data may remain in encrypted backups for up to 60 days before being purged from backup systems.
Logs. Server and access logs are retained for 90 days and then deleted.
Payment records. Billing records are retained for 7 years as required by financial regulations.
Depending on your location, you may have certain rights regarding your personal information. We honor these rights for all users, regardless of jurisdiction:
Right to access. You can access most of your personal data directly within the Service (conversations, memories, tasks, integrations). You may request a full export of your data by emailing privacy@ottohq.app.
Right to rectification. You can update your name and email from the Settings page. For other corrections, contact us at privacy@ottohq.app.
Right to deletion ("right to be forgotten"). You can delete your account from the Settings page, which initiates permanent deletion of all your data within 30 days. You can also delete individual conversations, memories, and tasks directly from the app.
Right to data portability. You may request an export of your data in a machine-readable format by emailing privacy@ottohq.app. We will fulfill this request within 30 days.
Right to withdraw consent. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to object / restrict processing. You may object to certain processing activities or request restriction. Contact us at privacy@ottohq.app to exercise these rights.
CCPA rights (California residents). California residents have the right to know what personal information we collect, the right to delete personal information, the right to opt out of sale (we do not sell data), and the right to non-discrimination for exercising these rights.
To exercise any of these rights, contact us at privacy@ottohq.app. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.
The Service is intended for adults and is not directed to children. You must be at least 16 years old to create an account and use Otto.
COPPA (United States). Otto complies with the Children's Online Privacy Protection Act (COPPA). The Service is not directed to children under 13, and we do not knowingly collect, use, or disclose personal information from any child under 13. We do not knowingly create profiles of, or serve content to, children under 13. If we discover that we have inadvertently collected personal information from a child under 13, we will delete that information as quickly as possible and terminate any associated account.
We also do not knowingly collect personal information from minors aged 13 to 15. If we learn that a user is under 16, we will delete their information promptly.
If you are a parent or guardian and believe that a child under 13 has provided us with personal information, please contact us immediately at privacy@ottohq.app and we will take steps to delete it.
Otto is operated from the United States. If you are located outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We take steps to ensure that your information receives an adequate level of protection in the countries where we process it.
For users in the European Economic Area (EEA), UK, or Switzerland, we rely on the following legal bases for processing: (a) performance of a contract (providing the Service), (b) your consent (for optional features), and (c) our legitimate interests (security, product improvement).
Some browsers transmit "Do Not Track" signals. We honor these signals — we do not use tracking cookies or cross-site tracking. Our analytics are based on aggregate usage data from our own systems, not third-party tracking.
If you enable push notifications, we store your push subscription endpoint to deliver notifications from Otto (such as routine results, reminders, or alerts you have configured). You can disable push notifications at any time from your browser or device settings, or from the Settings page in Otto. Disabling notifications will cause us to delete your push subscription.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by displaying a prominent notice in the Service at least 14 days before the changes take effect. We will also update the "Last updated" date at the top of this policy.
Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Service and delete your account.
The version of this policy you agreed to at registration is recorded in our systems. If we make changes that require re-consent under applicable law, we will ask for your renewed agreement.
For any privacy-related questions, data requests, or concerns, please contact our privacy team:
Otto AI, Inc. — Privacy Team
Email: privacy@ottohq.app
We aim to respond to all privacy inquiries within 5 business days.