Skip to main content
Back to Home

Privacy Policy

Last updated: January 2025

1. Introduction

Welcome to Ottopen ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices for the Ottopen writing platform and all related services.

By using Ottopen, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

Account Information

  • Email address (required for account creation)
  • Username and display name
  • Password (encrypted and never stored in plain text)
  • Profile information (bio, avatar, writing preferences)
  • Subscription and payment information (processed by Stripe)

Content & Usage Data

  • Manuscripts, scripts, and other creative content you create
  • Comments, messages, and community interactions
  • Reading lists, bookmarks, and favorites
  • AI feature usage and prompts
  • Analytics data (page views, feature usage, engagement metrics)

Technical Information

  • IP address and device information
  • Browser type and version
  • Operating system
  • Cookies and similar tracking technologies
  • Session logs and authentication events

3. AI Services and Data Processing

Ottopen uses advanced AI technology to provide writing assistance features. This section explains how your data is processed when you use AI features.

Third-Party AI Providers

We partner with the following AI service providers to power our writing assistance features:

  • Anthropic Claude: Character development, dialogue enhancement, critique, and premium writing assistance
  • DeepSeek: Cost-effective AI for Pro tier users (general writing assistance)
  • Google Gemini: Free tier AI assistance for basic writing features
  • OpenAI GPT: General writing assistance and brainstorming (fallback provider)
  • Perplexity AI: Research and fact-checking features (optional)

Data Sent to AI Providers

When you use AI features, the following data may be sent to third-party AI providers:

  • Your manuscript/script content (contextual excerpts only, not entire documents)
  • User prompts and questions you submit to AI assistants
  • Genre, style, and format preferences relevant to your request
  • Selected text for rewriting, expansion, or critique

Important: What We DO NOT Share with AI Providers

  • ✗ Personal identifying information (name, email, phone number)
  • ✗ Payment information or billing details
  • ✗ Account credentials or passwords
  • ✗ Complete manuscripts or full documents (only relevant excerpts)
  • ✗ Private messages or collaboration data

AI Provider Data Retention

Each AI provider has different data retention policies:

Anthropic Claude

Does not train on user data. Zero retention for users who opt-out of data sharing (default for Ottopen).

OpenAI GPT

Does not train on API data. 30-day retention for abuse monitoring only.

DeepSeek

Does not train on API data. Minimal retention for service operation.

Google Gemini

May use data for service improvement. Users can opt-out via settings.

Perplexity AI

Does not train on API data. Used for research queries only.

Your AI Data Rights

You can:

  • Opt-out of AI features entirely (Settings → AI Preferences → Disable AI)
  • Request deletion of AI processing logs (Settings → Privacy → Export/Delete Data)
  • Choose which AI provider to use (Studio tier only)
  • Disable AI features on a per-document basis
  • Review AI usage history and token consumption (Settings → AI Usage)

AI Content Ownership

  • You retain full ownership of all content you create, including AI-assisted content
  • AI-generated suggestions become your property once accepted and edited by you
  • We claim no ownership over your AI-assisted works
  • You are responsible for ensuring AI-assisted content complies with copyright law

4. How We Use Your Information

  • Provide and maintain our writing platform services
  • Process your subscription and billing
  • Enable AI-powered writing assistance features
  • Facilitate collaboration and community features
  • Send important service updates and security notifications
  • Improve our services through analytics and user feedback
  • Prevent fraud, abuse, and security threats
  • Comply with legal obligations

5. Data Sharing & Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers

  • Supabase: Database hosting and authentication
  • Vercel: Application hosting and infrastructure
  • Stripe: Payment processing (they have their own privacy policy)
  • AI Providers: As described in Section 3 above
  • Email Service: Transactional emails and notifications

Legal Requirements

We may disclose your information if required by law, such as:

  • In response to valid legal requests (subpoenas, court orders)
  • To protect our rights, property, or safety
  • To prevent fraud or security threats
  • To comply with DMCA takedown notices

Public Content

Content you choose to share publicly (community posts, public profiles, published works) is accessible to other users and may appear in search engines.

6. Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for data transmission (HTTPS/TLS)
  • Encrypted password storage (bcrypt hashing)
  • Row Level Security (RLS) for database access control
  • Regular security audits and vulnerability assessments
  • Rate limiting and DDoS protection
  • Secure session management and CSRF protection
  • Comprehensive audit logging for security events

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

GDPR Rights (for EU/EEA/UK residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Restrict Processing: Limit how we use your data
  • Right to Object: Opt-out of certain data processing activities

CCPA Rights (for California residents)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

How to Exercise Your Rights

Self-Service Options:

  • • Settings → Privacy → Export Data (download all your data)
  • • Settings → Privacy → Delete Account (permanent account deletion)
  • • Settings → AI Preferences (manage AI data usage)
  • • Settings → Privacy → Manage Cookies (cookie preferences)

Contact Us:

For assistance with privacy requests: legal@ottopen.app

We will respond to verified requests within 30 days.

8. Data Retention

  • Active Accounts: Data retained while your account is active
  • Deleted Accounts: Personal data deleted within 30 days (anonymized analytics may be retained)
  • Legal Holds: Data may be retained longer if required by law or legal proceedings
  • Backups: Deleted data may persist in backups for up to 90 days
  • AI Processing Logs: Deleted within 90 days unless you opt for longer retention

9. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve our services:

Essential Cookies

Required for the platform to function (authentication, security, preferences). Cannot be disabled.

Analytics Cookies

Help us understand how users interact with our platform (Google Analytics, PostHog). Can be disabled in settings.

Performance Cookies

Improve platform performance and load times. Can be disabled in settings.

10. Children's Privacy

Ottopen is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

If you believe we have inadvertently collected information from a child under 13, please contact us at legal@ottopen.app.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure adequate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Compliance with GDPR and other privacy regulations
  • Data processing agreements with all third-party vendors

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of significant changes via:

  • Email notification to your registered email address
  • Prominent notice on our platform
  • In-app notification

Continued use of Ottopen after changes indicates acceptance of the updated policy.

13. Contact Us

Questions, concerns, or requests regarding this Privacy Policy or our data practices?

Privacy Team

Email: legal@ottopen.app

Data Protection Officer: legal@ottopen.app

GDPR Representative (EU): legal@ottopen.app

Response time: Within 30 days for privacy requests

Terms of ServiceCommunity GuidelinesDMCA Policy