Last updated: September 10, 2025
We collect the following categories of information when you use our Services: personal details (name, email, phone, business info), financial information (bank data, invoices, receipts, contracts, tax docs), communications (messages, support chats, call recordings), technical data (device identifiers, IP, cookies), and social logins (e.g., Google, Stripe).
We use your information to provide, personalize, and improve the Services; process financial transactions; enable AI-powered features; provide support; and comply with legal obligations. We may also use de-identified or aggregated data to improve AI models, generate benchmarks, or publish product insights.
Otto AI uses artificial intelligence to enhance your workflows.
We use cookies and similar technologies for site performance and analytics. Otto AI does not use your data for third-party advertising or behavioral retargeting. You can manage preferences through our Cookie Preference Center [insert link].
We retain your data only as long as necessary:
You may request deletion by emailing privacy@joinotto.com. Verified requests are fulfilled within 30 days unless retention is required by law.
We protect your data with encryption (TLS 1.2+ in transit, AES-256 at rest), role-based access controls, monitoring, and audit logging. Independent audits are in progress, including SOC 2 Type II. Payments are handled by PCI-DSS–compliant providers; Otto AI does not store raw payment card details.
Authorized Otto AI personnel may access your data for troubleshooting or compliance. Access is role-based, logged, and bound by confidentiality agreements.
Your data is primarily stored in the United States. Our cloud providers may replicate data across regions for resilience. International transfers are safeguarded by Standard Contractual Clauses (SCCs) or equivalent mechanisms.
We engage trusted service providers for hosting, analytics, AI, and payments. A current list is available at: [insert link].
We share information with subprocessors, to comply with law, in mergers/acquisitions, or with your consent.
Services are not directed to children under 13 (or 16 in some regions). If we learn we have collected such data, we delete it promptly.
Depending on where you live, you may have rights to access, correct, delete, and port your data; opt out of automated decision-making; and appeal denied requests. We honor GDPR, CCPA/CPRA, and other state laws (Virginia, Colorado, Connecticut).
If a breach impacts your data, we will notify you promptly and in accordance with applicable law.
If Otto AI ceases operations, merges, or is acquired, your data will be transferred only under terms consistent with this policy. You will be notified and may export your data. Unless required by law, we delete data within 90 days of closure.
We retain tax-related records per IRS requirements, apply safeguards consistent with GLBA, and comply with relevant U.S. state privacy laws.
We may update this policy from time to time. Material changes will be notified via Services or email.
If you have questions, contact us at:
Otto AI
Email: privacy@joinotto.com
Start your journey with Otto Al and see how simple bookkeeping can be. Access detailed financial statements and gain the clarity your small business deserves.