Privacy Policy
Last updated: July 5, 2026
This policy explains what OtoDock ("we", "us") collects when you use otodock.io, your customer account, and the optional hosted services we operate — and, just as importantly, what we never collect from the software you self-host. Questions or requests: [email protected].
The short version
- Your self-hosted install is yours. Chats, files, agents, credentials, and users on an OtoDock install live on your infrastructure. We do not receive them — ever.
- We collect the minimum needed to run accounts, licensing, and billing: your email, name, optional company name, and payment state.
- License verification sends the license key and an install identifier — no user data, no usage data, no content (see License verification).
- Payments run through Stripe as merchant of record; we never see your full card details.
What we collect, and why
Account data
When you create an account we store your email address, name, optional company name (used inside your signed license key), and a password hash — or, if you sign in with Google or GitHub, the identity those providers share with us. Two-factor secrets are stored encrypted. We use this data to operate your account, deliver license keys, and send transactional email (verification, password resets, purchase confirmations). Legal basis: performance of a contract.
Billing data
Purchases are processed by Stripe acting as merchant of record: Stripe collects your payment details, handles VAT/sales tax, and issues invoices. We store the resulting subscription and license state (plan, status, invoice references) — never full card numbers. Legal basis: performance of a contract and our legal obligations (tax, accounting).
License verification
Licensed installs periodically verify their license with us. The check sends the signed license key and an anonymous install identifier — nothing else. It carries no personal data about the people using your install and no content. The full mechanism, including how to run fully offline, is documented on the transparency page. Legal basis: legitimate interest (license operation) and performance of a contract.
Website analytics
We use self-hosted, cookieless Umami for aggregate audience measurement (no IP addresses stored, no cross-site tracking). Google Analytics and the Meta Pixel run only with your consent — see the Cookie Policy. Legal basis: consent (GA/Pixel) and legitimate interest (cookieless aggregate statistics).
Support
If you email us, we keep the correspondence for as long as needed to help you and to keep a record of the resolution.
What we share
We do not sell personal data. We share it only with the processors that run the service: Stripe (payments, as merchant of record), Cloudflare (networking and security in front of our servers), our EU-based hosting providers, and our transactional email service. Each processes data only on our instructions. Where a processor is outside the EEA, transfers rely on standard contractual clauses or an adequacy decision.
Retention
Account and license data is kept while your account is active and for as long as we must retain records under tax and accounting law. You can ask us to delete your account at any time; we will remove everything not subject to a legal retention duty.
Your rights
Under the GDPR (and similar laws) you can request access, correction, deletion, portability, and restriction of your personal data, object to processing based on legitimate interest, and withdraw consent at any time. Write to [email protected] — we respond within 30 days. You may also lodge a complaint with your local data-protection authority.
Security
Secrets and tokens are encrypted at rest, staff access is gated behind zero-trust authentication with enforced multi-factor auth, and traffic is encrypted in transit. We keep the attack surface deliberately small.
Children
Our services are not directed at children under 16.
Changes
We will post any changes here and update the date above. Material changes affecting account holders are announced by email.
