Privacy Policy

1. Introduction

Welcome to OnOTTOPilot. This Privacy Policy explains how OnOTTOPilot ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our platform, products, and services available through getottopilot.com (our marketing site), onottopilot.com (our application), and any associated mobile applications, browser extensions, or integrations.

OnOTTOPilot is a US-based company. By accessing or using any of our products or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the practices described herein, please do not use our services.

We are committed to being transparent about our data practices. We believe that privacy is a fundamental right and strive to collect only the data necessary to provide you with a great experience.

2. Products and Services Covered

OnOTTOPilot operates a unified AI platform with multiple feature-gated products. This Privacy Policy applies to all of the following products and services:

Product	Description
ReminderBot	AI-powered reminders delivered via SMS/text messaging and email. Processes natural language to set, manage, and deliver reminders on your behalf.
Conversational Intelligence	AI-driven conversation analysis, including transcription, summarization, sentiment analysis, and actionable insight extraction from recorded or live conversations.
InterviewKit	Interview preparation and practice platform with AI-generated questions, mock interview sessions, and performance feedback.
VidMind	Video content intelligence that analyzes, summarizes, and extracts insights from video content including YouTube videos and uploaded media.
AI Council	Multi-perspective AI advisory panel providing analysis from multiple AI-generated viewpoints for decision-making support.
OttoPilot	Business automation and AI assistant for task management, workflow automation, communications, and intelligent process orchestration.

All products operate under a single platform architecture. Your account, preferences, and applicable data are shared across products you have access to based on your subscription tier.

3. Information We Collect

3.1 Information You Provide Directly

Account Information: Name, email address, and phone number when you create an account or subscribe to our services.
Profile Data: Any additional profile information you choose to provide, such as a profile photo, job title, company name, or preferences.
AI Conversation Data: Messages, prompts, and content you send to and receive from our AI assistants across all products.
SMS/Text Message Content: The content of text messages sent and received through ReminderBot, including reminder text, scheduling details, and your replies.
Voice Data: Audio recordings and voice input if you use voice-enabled features, including voice commands, voice memos, and speech-to-text input.
Uploaded Content: Files, documents, videos, audio recordings, images, and any other content you upload to our platform for processing or analysis.
Payment Information: Billing details processed through our payment providers. We do not store full credit card numbers on our servers.
Communications: Messages you send to us through support channels, feedback forms, or email.

3.2 Information Collected Automatically

Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
IP Address: Your Internet Protocol address, which may indicate your approximate geographic location.
Session Data: Session duration, pages visited, feature usage patterns, and click paths through our platform.
Error Logs: Technical error data, crash reports, and diagnostic information to help us identify and resolve issues.
Performance Metrics: Response times, task completion rates, and system performance data.
Conversation Analytics: Aggregated conversation topics, session frequency, and usage patterns (distinct from the content of conversations).
Cookies and Local Storage: Data stored in your browser through cookies, local storage, and similar technologies (see Section 8).

3.3 Information from Third Parties

Google OAuth: If you sign in with Google, we receive your Google profile information including your name, email address, and profile photo as authorized by your Google account settings.
Linked Accounts: If you connect third-party services (calendars, email, CRM systems), we may receive data from those services as needed to provide our features.

3.4 Tester and Beta User Data

Note for testers and beta users: During testing and beta periods, we may collect additional analytics data including more detailed session recordings, expanded click path tracking, feature interaction logs, and detailed error reporting. This enhanced data collection helps us improve our products before general availability. Testers are informed of this expanded collection when joining a beta program.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Providing and Improving Our Services

To create, maintain, and secure your account.
To deliver the core functionality of our products, including AI-powered conversations, reminders, analysis, and automation.
To process and respond to your AI prompts and requests across all products.
To send you reminders, notifications, and alerts you have requested.
To analyze usage patterns and improve our products, features, and user experience.
To identify and fix bugs, errors, and performance issues.

4.2 Communications

To send transactional emails (account verification, password resets, billing receipts).
To send SMS/text messages you have opted into (reminders, alerts, notifications).
To respond to your support requests and inquiries.
To send product updates and announcements relevant to your subscription (you may opt out at any time).

4.3 Safety and Security

To detect, prevent, and respond to fraud, abuse, security threats, and technical issues.
To enforce our Terms of Service and other policies.
To comply with legal obligations and respond to lawful requests from authorities.

4.4 Analytics and Research

To understand how our products are used and identify opportunities for improvement.
To conduct internal research and development.
To generate aggregated, de-identified analytics and reports.

5. AI Data Processing

Our platform uses artificial intelligence extensively. This section explains how your data interacts with AI systems.

5.1 How AI Processes Your Data

When you interact with any OnOTTOPilot product, your inputs (text, voice, uploaded content) are processed by one or more AI models to generate responses, analyses, summaries, reminders, or other outputs. This processing may involve:

Sending your input to third-party AI providers (Anthropic Claude, OpenAI, Google Gemini) for inference processing.
Storing conversation history to maintain context within a session or across sessions, depending on the product and your settings.
Analyzing conversation data to improve response quality and relevance.

5.2 AI Training and Your Data

Your data is not used to train third-party AI models. We use API-based access to AI providers with data processing agreements that prohibit the use of your inputs and outputs for model training. Your conversations and content remain your own.

5.3 AI Limitations

AI-generated outputs may contain inaccuracies or errors. OnOTTOPilot products are designed to assist and augment your capabilities, not replace professional judgment. You should review and verify any AI-generated content before relying on it for important decisions.

6. SMS/Text Messaging Policy

This section applies specifically to ReminderBot and any other OnOTTOPilot features that send SMS/text messages. We are committed to compliance with the Telephone Consumer Protection Act (TCPA) and A2P 10DLC messaging requirements.

6.1 Consent and Opt-In

Explicit Opt-In Required: We will never send you SMS/text messages unless you have explicitly opted in. You must provide your phone number and affirmatively consent to receive text messages from OnOTTOPilot before any messages are sent.
Consent Records: We maintain records of your consent, including how and when you opted in.
No Assumed Consent: Providing your phone number for account creation does not automatically enroll you in SMS messaging. Separate, explicit consent is required.

6.2 Message Frequency

Message frequency varies based on the reminders, notifications, and alerts you configure. You control the frequency by managing your reminders and notification preferences. Typical usage ranges from a few messages per week to several per day, depending on your settings.

6.3 Opting Out

To stop receiving text messages, reply STOP to any message from OnOTTOPilot. You may also manage your SMS preferences in your account settings or contact us at [email protected]. Upon opting out, you will receive a single confirmation message and no further texts will be sent unless you re-subscribe.

6.4 Costs

Message and data rates may apply. Standard messaging rates from your wireless carrier apply to messages sent and received. OnOTTOPilot does not charge per-message fees beyond your subscription plan, but your carrier may.

6.5 Phone Number Privacy

We do not share, sell, rent, or lease your phone number to any third party for marketing purposes.
Your phone number is shared only with our SMS delivery provider (Twilio) solely for the purpose of delivering messages you have requested.
We do not use your phone number for any purpose other than delivering the SMS services you have opted into and account security (such as two-factor authentication, if enabled).

6.6 Supported Carriers

Our SMS services are compatible with major US carriers. Carriers are not liable for delayed or undelivered messages.

6.7 Help

For help with our SMS services, reply HELP to any message from OnOTTOPilot or contact us at [email protected].

7. Third-Party Services

We use the following third-party services to operate our platform. Each processes data according to their own privacy policies, and we have data processing agreements in place where applicable.

Service	Purpose	Data Shared
Supabase	Authentication, database, and data storage	Account information, application data, session tokens
Twilio	SMS/text message delivery	Phone numbers, message content
Resend	Transactional email delivery	Email addresses, email content
Google	OAuth authentication, Google Play Store distribution	Google profile data (name, email, profile photo) as authorized by you
Anthropic (Claude)	AI inference processing	AI conversation inputs and context necessary for generating responses
OpenAI	AI inference processing	AI conversation inputs and context necessary for generating responses
Google (Gemini)	AI inference processing, image generation	AI conversation inputs and context necessary for generating responses
Microsoft Azure	Cloud hosting and infrastructure	Application data as hosted on our infrastructure
Cloudflare	DNS management, CDN, and DDoS protection	IP addresses, request metadata (for security and routing)

We select third-party providers that maintain appropriate security standards and privacy practices. However, we encourage you to review the privacy policies of these services if you have specific concerns.

8. Cookies and Tracking Technologies

8.1 What We Use

We use the following technologies to operate our platform and understand how it is used:

Technology	Type	Purpose
Session Cookies	Essential	Authentication and session management. Required for the platform to function.
Preference Cookies	Functional	Remembering your settings, theme preferences, and display configurations.
Local Storage	Functional	Storing application state, cached data, and user preferences for performance.
Analytics Cookies	Performance	Understanding usage patterns, feature popularity, and platform performance.

8.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may prevent you from using our platform. Disabling functional cookies may degrade your experience.

8.3 Do Not Track

Our platform does not currently respond to "Do Not Track" browser signals, as there is no industry-standard method for honoring these requests. We will update this policy if a standard is established.

9. Data Sharing and Disclosure

We do not sell your personal information. We do not rent, lease, or trade your personal information to third parties for their marketing purposes.

We may share your information only in the following circumstances:

Service Providers: With the third-party services listed in Section 7, solely to operate and deliver our platform and products.
With Your Consent: When you explicitly authorize us to share information with a specific party.
Legal Compliance: When required by law, regulation, legal process, or governmental request.
Safety and Rights: To protect the rights, property, or safety of OnOTTOPilot, our users, or the public.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your information may be transferred. You would be notified of any such change.
Aggregated/De-Identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you.

10. Data Retention

We retain your data according to the following guidelines:

Data Type	Retention Period
Account information	For as long as your account is active, plus 30 days after deletion request
AI conversation data	Retained while your account is active; deleted within 30 days of account deletion
SMS/text message content	90 days from date of message, or until account deletion, whichever is sooner
Voice recordings	Processed in real-time and not persistently stored unless you explicitly save them
Session and analytics data	12 months, then aggregated and de-identified
Error logs	90 days
Uploaded content	Retained while your account is active; deleted within 30 days of account deletion
Payment records	As required by tax and financial regulations (typically 7 years)

When data is deleted, we use commercially reasonable efforts to remove it from our active systems. Some data may persist in encrypted backups for a limited period before being permanently removed.

11. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (HTTPS).
Encryption at Rest: Sensitive data is encrypted at rest in our databases and storage systems.
Access Controls: Strict role-based access controls limit who can access user data within our organization.
Authentication Security: We support secure authentication methods including magic links, OAuth, and password-based login with secure hashing.
Infrastructure Security: Our hosting infrastructure includes DDoS protection, firewall rules, and continuous monitoring.
Regular Reviews: We conduct periodic security reviews and update our practices as needed.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

12. Your Rights and Choices

You have the following rights regarding your personal information:

Access: You can request a copy of the personal data we hold about you.
Correction: You can request correction of inaccurate or incomplete personal data.
Deletion: You can request deletion of your personal data (see below for how).
Data Portability: You can request an export of your data in a commonly used, machine-readable format.
Opt-Out of SMS: Reply STOP to any text message or adjust your settings in-app.
Opt-Out of Marketing Emails: Click the unsubscribe link in any marketing email.
Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time.
Account Deletion: You can request complete account deletion by contacting us.

How to Request Data Deletion

To request deletion of your data:

Email [email protected] with the subject line "Data Deletion Request."
Include the email address associated with your account.
We will verify your identity and process your request within 30 days.
You will receive confirmation once your data has been deleted.

Note that some data may be retained as required by law (e.g., financial records) or for legitimate business purposes (e.g., fraud prevention) even after a deletion request.

13. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

13.1 Your CCPA Rights

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale: We do not sell your personal information. If this practice ever changes, we will provide a clear opt-out mechanism.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing for exercising your privacy rights.

13.2 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers (name, email address, phone number, IP address)
Internet or electronic network activity (browsing history on our platform, interactions with our services, session data)
Geolocation data (approximate location derived from IP address)
Audio and electronic information (voice recordings if voice features used, AI conversation content)
Professional or employment-related information (if provided in your profile)
Inferences drawn from the above (usage patterns, preferences)

13.3 How to Exercise Your Rights

To exercise your CCPA rights, email us at [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days as required by law. You may also designate an authorized agent to make a request on your behalf.

14. Children's Privacy

OnOTTOPilot is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at [email protected] so we can take appropriate action.

Users between the ages of 13 and 18 should review this Privacy Policy with a parent or guardian and should not use our services without parental consent.

15. International Data Transfers

OnOTTOPilot is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using our services, you consent to the transfer of your information to the United States and other countries as described in this policy.

We take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it, including through the use of data processing agreements with our service providers.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, products, legal requirements, or for other operational reasons. When we make material changes:

We will update the "Last Updated" date at the top of this policy.
For significant changes, we will notify you by email (sent to the address associated with your account) or by posting a prominent notice on our platform.
We may also notify you through in-app notifications or SMS for material changes affecting those channels.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after the updated policy takes effect constitutes your acceptance of the changes.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

OnOTTOPilot

Email: [email protected]

Website: getottopilot.com

App: onottopilot.com

We will respond to all privacy-related inquiries within 30 days. For CCPA requests, we will respond within 45 days as required by California law.

Table of Contents