Privacy Policy for Ottomato.ai

Last Updated: July 17, 2025

1. Introduction

Welcome to Ottomato.ai. We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you visit our website, use our services, or interact with us in any other way.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Who We Are (Data Controller)

The data controller responsible for your personal information is Ottomato.ai.

• Legal Entity: Ottomato.ai

• Location: Sheridan, Wyoming, USA

• Contact for Privacy Inquiries: For any questions or requests regarding your personal data, please contact us at privacy@ottomato.ai.

3. Information We Collect

We collect information to provide and improve our services. This information is collected in several ways and can be categorized as follows:

a. Information You Provide to Us Directly

This is personal data you give us when you fill out forms, register for an account, request a quote, or communicate with us. This includes:

• Contact Data: Your full name, email address, phone number, and company name.

• Financial Data: Payment card details and billing address, which are processed by our secure payment partners.

• Client Project Data: Any data, code, content, or other information you provide to us for the purpose of completing a project, such as building a custom AI application.

• Communications Data: The content of your emails, support requests, and conversations with us during discovery calls or project meetings.

b. Information We Collect Automatically

When you visit our website or use our services, we may collect certain information automatically from your device. This includes:

• Usage Data: Your IP address, browser type and version, operating system, the pages you visit, the time and date of your visit, and other interaction data. This information helps us understand user behavior and improve our services.

• Cookies and Tracking Technologies: We use cookies and similar technologies (like web beacons) to operate and personalize our website, analyze performance, and for marketing purposes. For more detailed information, please see our Cookie Policy. You can manage your cookie preferences through your browser settings or our website's consent tool.

4. How and Why We Use Your Information (Lawful Basis)

We only use your personal data when we have a valid legal reason to do so. Under the GDPR, these reasons are known as "lawful bases." We use your data for the following purposes, relying on the specified lawful basis:

• To Provide and Manage Our Services: We process your Contact Data, Financial Data, and Client Project Data to fulfill our contractual obligations to you. This includes developing your application, providing consulting, managing your account, and processing payments.

  • Lawful Basis: Performance of a Contract.

• To Communicate with You: We use your Contact Data to respond to your inquiries, provide customer support, and send important service-related announcements.

  • Lawful Basis: Legitimate Interest in providing responsive service and, where applicable, Performance of a Contract.

• To Improve Our Services: We analyze aggregated and anonymized Usage Data to understand how our services are used and to make them better. We have a legitimate interest in enhancing our services for our users.

  • Important Note: We will never use your private Client Project Data to train our general AI models or for any purpose other than providing the contracted service directly to you.

  • Lawful Basis: Legitimate Interest.

• For Marketing and Promotional Purposes: We may use your Contact Data to send you information about our services or events. Where required by law, we will only do so with your explicit consent. For existing clients, we may rely on our legitimate interest to market similar services. You can opt-out of marketing communications at any time by clicking the "unsubscribe" link in any email.

  • Lawful Basis: Consent or Legitimate Interest.

5. How We Share and Disclose Information

We do not sell your personal data. We only share your information in the following circumstances:

• With Sub-Processors and Service Providers: We use third-party companies to help us deliver our services. These include Development Platforms, Automation Tools, Cloud Hosting Providers, Payment Processors, and Communication Tools. We have Data Processing Agreements (DPAs) with these providers, which contractually obligate them to protect your data and process it only on our instructions.

• For Legal Reasons: We may disclose your information if required by law, such as in response to a subpoena or court order, or to protect the rights, property, or safety of our company, our users, or the public.

• With Your Consent: We may share your information with other third parties if you have given us your explicit consent to do so.

6. Data Security and Retention

Security Measures:

We implement robust technical and organizational measures to protect your data from unauthorized access, loss, or misuse. This includes encryption of data in transit and at rest, strict access controls, and regular security assessments. Our partners, such as payment processors, are compliant with high industry standards like PCI DSS. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Data Retention:

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

• Client Project Data is retained for the duration of the project and for a defined period afterward as agreed in our contract.

• Financial Records are retained for a minimum of 7 years to comply with legal and tax obligations.

• Marketing Contact Information is retained until you withdraw your consent.

7. International Data Transfers

As a company based in the United States, your information will be processed and stored in the U.S. and other countries where our sub-processors are located. For transfers of personal data from the European Union (EU) and the United Kingdom (UK), we rely on approved legal mechanisms, primarily the Standard Contractual Clauses (SCCs), to ensure your data receives an adequate level of protection.

8. Your Data Protection Rights

Depending on your location, you have certain rights over your personal data. Under laws like the GDPR, these rights include:

• The Right to Access: You can request a copy of the personal data we hold about you.

• The Right to Rectification: You can ask us to correct any inaccurate or incomplete data.

• The Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, under certain conditions.

• The Right to Restrict Processing: You can ask us to limit how we use your data.

• The Right to Data Portability: You can request that we transfer your data to another organization or directly to you.

• The Right to Object: You can object to our processing of your personal data, particularly for direct marketing.

To exercise any of these rights, please contact us at privacy@ottomato.ai. We will respond to your request within the legally required timeframe.

9. Information for International Users

• For Residents of the EU and UK: We process your data in compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. As a non-EU/UK company, we have appointed a representative in the EU and UK to act as a local point of contact. Please contact privacy@ottomato.ai for their details.

10. Children's Privacy

Our services are not intended for or directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child without parental consent, we will take immediate steps to delete it.

11. Contact Us & Your Right to Complain

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@ottomato.ai.

You also have the right to lodge a complaint with a supervisory authority. If you are in the UK, you can complain to the Information Commissioner's Office (ICO). If you are in the EU, you can complain to the data protection authority in your country.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date.