Hey Otto

Privacy Policy

Effective May 11, 2026 · Hey Otto Ltd.

This Privacy Policy explains what personal data Hey Otto Ltd. ("Hey Otto", "we") collects when you use Hey Otto (the "Service"), how we use it, who we share it with, and the rights you have over it.

We've tried to write this in plain language. If anything is unclear, write to us at privacy@heyotto.com and we'll explain.

Contents
  1. 1. The short version
  2. 2. Who we are
  3. 3. Scope of this policy
  4. 4. Controller and processor roles
  5. 5. Data we collect
  6. 6. How we use your data
  7. 7. Legal basis for processing
  8. 8. How Otto handles your data
  9. 9. Voice input
  10. 10. Who we share data with
  11. 11. Subprocessors
  12. 12. International transfers
  13. 13. How long we keep data
  14. 14. Security
  15. 15. Your rights
  16. 16. Cookies and similar technologies
  17. 17. Children
  18. 18. Changes to this policy
  19. 19. How to reach us
  20. 20. Region-specific disclosures

1. The short version

  • Your data belongs to you. We host it so the Service works; we don't sell it and we don't train AI models on it.
  • When you talk to Otto, the relevant context is sent to a third-party AI provider under a contract that forbids training on your data.
  • If you use voice, your browser may send your spoken audio to its vendor (typically Google for Chrome) for speech recognition. We can't change that — it's how browsers work.
  • Payment card data is handled by Stripe; we never see it.
  • You can export, correct, or delete your data at any time. Section 15 explains how.

2. Who we are

The data controller for the Service is Hey Otto Ltd., an Israeli company. You can reach us at privacy@heyotto.com.

3. Scope of this policy

This policy covers personal data we process when you sign up, when you use the Service (the in-product application, marketing website, and APIs), and when you communicate with us. It does not cover third-party services you choose to connect — those have their own privacy policies, and your use of them is governed by those policies.

4. Controller and processor roles

For data you put into the Service about your contacts, deals, invoices, and team — you (your Workspace) are the data controller. Hey Otto processes that data on your behalf as a processor, in accordance with our Data Processing Addendum (available on request from privacy@heyotto.com).

For data about you as our customer — your account, your billing information, your interactions with our marketing site and support — Hey Otto is the controller.

5. Data we collect

Data you give us when you sign up and use the Service

  • Account data: name, email, password (stored hashed), profile photo, role, language and region preferences.
  • Workspace data: Workspace name, company branding, default currency, team members and their permissions.
  • CRM content: contacts, companies, deals, pipeline stages, notes, lead sources, custom fields.
  • Financial content: invoices, line items, revenue and expense records, finance categories, exchange rates you record, and any bank statement files you upload.
  • Time and schedule content: time entries, daily clock-in/out records, tasks and subtasks, calendar events.
  • Agent context: the messages you send Otto, files you upload to Otto (CSV, PDF, text), Otto's drafts and confirmations, and your approvals or rejections.

Data we collect automatically when you use the Service

  • Device and connection: IP address, browser type and version, operating system, device identifiers, timezone.
  • Usage: pages and features used, actions performed, error logs, performance metrics, the date and time of events.
  • Authentication: session tokens, login timestamps, location at the country level for security alerts.

Data we receive from third parties

  • From Stripe: the last four digits of your card, card brand, billing address, payment status. We never receive your full card number.
  • From Google (if you connect Calendar): the calendar events you choose to sync, plus the OAuth tokens needed to keep the connection alive.
  • From your browser (if you use voice): transcribed text from your spoken input. See Section 9.

6. How we use your data

We use your data to:

  • provide the Service — host your Workspace, run Otto, sync your calendar, send invoices, take payment;
  • communicate with you — product updates, security alerts, billing notices, support replies;
  • keep the Service safe and reliable — authentication, abuse and fraud detection, debugging, capacity planning;
  • comply with our legal obligations — tax records, financial reporting, lawful requests from authorities;
  • improve the Service — measuring which features get used, where errors happen, where users get stuck (aggregate and statistical use, not training of AI models on your Content);
  • market the Service to existing customers in a way that respects your communication preferences and applicable law.

7. Legal basis for processing

If you are in the EU, UK, or another GDPR-equivalent region, we rely on:

  • Contract — to provide the Service you signed up for and to take payment;
  • Legitimate interests — to keep the Service secure, prevent abuse, debug, and improve the product (we balance these against your rights);
  • Legal obligation — to keep financial and tax records and to respond to lawful requests;
  • Consent — for things that need it, like optional analytics cookies or marketing emails to non-customers. You can withdraw consent at any time.

8. How Otto handles your data

When you give Otto a command, the Service sends to a third-party AI model provider:

  • your message;
  • recent conversation history with Otto;
  • the parts of your Workspace data Otto needs to draft an accurate response (for example, your pipeline stages and contacts list if you ask Otto to add a deal);
  • system instructions describing the tools Otto is allowed to call.

Our AI provider is contractually bound:

  • to process this data only to return Otto's response;
  • not to use it to train any model;
  • to retain it only for the period needed to deliver the response (a "zero-retention" or near-zero-retention configuration).

Otto drafts confirmation cards for any action that changes your Workspace. Nothing is written to your Workspace until you approve. You can edit a card before approving, and most actions can be undone within the Service's undo window. These are core safety features and are designed to keep you in control of what Otto does on your behalf.

9. Voice input

Voice input uses the speech recognition API built into your web browser. We do not record, store, or transmit your raw audio to our servers. However:

  • most browsers process the audio on their vendor's servers in order to do the transcription (for example, Chrome and Edge typically use Google's speech service);
  • the transcribed text — not the raw audio — is what reaches the Service and Otto;
  • your browser vendor's privacy policy governs what happens to the audio while they transcribe it.

If you prefer not to use voice, you can type to Otto instead and no audio will leave your device.

10. Who we share data with

We share personal data with:

  • Subprocessors who help us run the Service, under written contracts that limit their use (see Section 11);
  • Your teammates inside your Workspace, in line with the role-based permissions you set;
  • Third parties you connect, like Google when you sync your Calendar or Stripe when you accept payment;
  • Authorities, when we are required by law and after we confirm the request is valid;
  • A successor, in the context of a merger, acquisition, or sale of assets — we will notify you and your rights under this policy will travel with the data.

We do not sell your personal data. We do not share it for cross-context behavioral advertising. We do not let our subprocessors use your data for their own purposes.

11. Subprocessors

The following subprocessors help us run the Service. We update this list when it changes; see Section 18 for how we notify you.

SubprocessorPurposeLocation
SupabaseApplication hosting, Postgres database, authentication, file storageEU (Frankfurt) or US (your chosen region)
StripeSubscription billing and (optionally) outbound payment links on your invoicesUS / EU / IE
GoogleCalendar synchronization (only when you connect your Google account)US / EU
OpenAIAI model provider powering Otto. Zero-retention configuration; data not used for model training.US
Transactional email providerSending teammate invites, invoice emails, password resets, and product notificationsUS / EU
Exchange-rate data providerLive currency exchange rates for multi-currency invoicing and reportingUS / EU

We require each subprocessor to provide a level of protection at least as strong as this policy. Where transfers happen outside your country, see Section 12.

12. International transfers

Because our team and our subprocessors operate from multiple countries, your data may be processed in Israel, the European Economic Area, the United Kingdom, or the United States. Where we transfer personal data outside its country of origin to a country that does not offer an adequate level of protection by default, we rely on safeguards such as:

  • the European Commission's Standard Contractual Clauses, and the UK Addendum to those Clauses;
  • the EU–US Data Privacy Framework, where the recipient is certified under it;
  • Israeli adequacy where applicable.

You can request a summary of the safeguards that apply to a specific transfer by emailing privacy@heyotto.com.

13. How long we keep data

  • Workspace content — kept for as long as your account is active. After account closure, deleted from active systems within 60 days and from backups within 90 days.
  • Otto conversation history — kept in your Workspace until you delete it, or until account closure.
  • Voice transcripts — stored only if Otto used them to drive an action (in which case the resulting text is part of your conversation history). Raw audio is never stored on our servers.
  • Billing and invoice records — retained for the period required by Israeli, EU, and applicable tax law (typically 7 years).
  • Authentication and security logs — retained for up to 24 months for fraud and abuse investigations.
  • Marketing-list data — until you unsubscribe.

14. Security

We protect your data with measures that include:

  • encryption in transit (TLS) for all traffic between your device and the Service;
  • encryption at rest for stored data;
  • row-level security in our database so that queries are constrained to your Workspace's data;
  • role-based access controls inside our team — we restrict access to production data to the staff who need it for support, security, or operations;
  • continuous monitoring, logging, and alerting;
  • regular dependency and vulnerability scanning;
  • backups, with restore procedures we test.

No system is perfectly secure. If we ever experience a breach that affects your personal data, we will notify you and the relevant authorities within the timeframes required by applicable law.

15. Your rights

Depending on where you live, you may have rights including:

  • Access — ask for a copy of the personal data we hold about you;
  • Rectification — ask us to correct data that's wrong;
  • Erasure — ask us to delete data we no longer need a lawful basis to keep;
  • Restriction or objection — ask us to stop or limit certain processing;
  • Portability — ask us to give your data to you (or to another provider) in a standard format;
  • Withdraw consent — for processing based on consent, at any time;
  • Complain — to your local data protection authority. We'd appreciate the chance to address your concern first.

To exercise any of these rights, write to privacy@heyotto.com. We may need to verify your identity, and we will respond within the timeframes required by your law (typically within 30 days under GDPR / UK GDPR / Israeli PPL, and within 45 days under California law).

If you are a teammate inside a Workspace that someone else owns, please contact your Workspace owner first — they are the controller for that Workspace's content, and most requests can be resolved there.

16. Cookies and similar technologies

We use a small number of cookies and similar technologies:

  • Strictly necessary — to keep you signed in and to remember your preferences;
  • Security — to detect fraud and abuse;
  • Analytics — privacy-preserving, aggregate measurement of how the Service is used. Where consent is required by your law, we ask for it before setting analytics cookies.

We do not use advertising cookies or cross-site tracking cookies.

17. Children

The Service is not directed to children under 16, and we don't knowingly collect personal data from them. If you believe a child has provided us personal data, write to privacy@heyotto.com and we will delete it.

18. Changes to this policy

We will update this policy as the Service evolves. When we make a material change — for example, adding a subprocessor that processes Workspace content in a meaningfully new way — we will notify you by email or in the Service at least 30 days before the change takes effect, unless the change is required by law sooner. The "Effective" date at the top of the page tells you when the current version started.

19. How to reach us

For privacy questions, requests, or complaints: privacy@heyotto.com.

For security reports: security@heyotto.com.

For general support: hello@heyotto.com.

See also the Terms of Service.

20. Region-specific disclosures

European Economic Area and United Kingdom

We act as a controller for account and billing data and as a processor for Workspace content. Under GDPR / UK GDPR, you have the rights listed in Section 15 and can lodge a complaint with your supervisory authority. If you need an EU or UK representative for Article 27 purposes, write to us and we will tell you who that representative is.

California (CCPA / CPRA)

In the previous 12 months we have "collected" the categories of personal information described in Section 5 and "disclosed" them for the business purposes described in Section 10. We do not "sell" or "share" personal information for cross-context behavioral advertising. California residents have the right to know, delete, correct, and limit the use of their information; to opt out of any future sale or sharing; and not to be discriminated against for exercising these rights. To exercise them, email privacy@heyotto.com.

Israel

Processing of personal data under Israel's Privacy Protection Law follows the principles in this policy. You can contact our privacy team at the address above for access, correction, or deletion of your data.

Hey Otto Ltd. · Hey Otto · Effective May 11, 2026