Privacy Policy

Last updated June 30, 2026

OverviewInformation we collectHow we use informationService providersPaymentsCookies, logs, and analyticsAI and connected agentsEmail communicationsData retentionYour choicesContact

Overview

This Privacy Policy explains how BKRXY, LLC handles information collected through Otto do it, including the public marketing website, account access, product communications, and hosted workspaces.

Otto do it is a live product. Approved users may be able to create accounts, establish workspaces, invite collaborators where enabled, and use product features.

Information we collect

Communication details, such as email address, first name, last name, message content, product-interest details, and related email engagement information.

Account and authentication details for invited users, such as name, email address, login status, authentication identifiers, session metadata, and security events handled through WorkOS/AuthKit.

Workspace content you or your collaborators choose to create in Otto do it, including workspace names, project names, tasks, drafts, labels, activity history, profile details, uploaded avatars, and support requests.

Technical and usage information, such as IP address, user agent, device and browser information, timestamps, request logs, route activity, diagnostics, error reports, and security signals.

AI and customer automation interaction details if you use Otto AI or connected agent features, including prompts, workspace context sent to the assistant, generated draft content, action previews, MCP tool requests, tool results, and related usage metadata needed to provide, audit, and improve the feature.

How we use information

To operate the website, access flow, hosted app, workspaces, authentication, support, and product communications.

To create and manage invited user accounts, workspace access, security controls, entitlement status, and product participation.

To provide product features, including workspace collaboration, activity history, account settings, workspace administration, and Otto AI features where enabled.

To diagnose issues, prevent abuse, investigate security events, maintain backups and audit records, and improve reliability.

To understand interest in Otto do it, communicate product updates, and improve the product.

Service providers

We use third-party providers to operate Otto do it. These may include Cloudflare for website delivery and security, EmailOctopus for email automation, WorkOS/AuthKit for authentication, Stripe for billing and payment processing, Railway for hosted app infrastructure, managed database and cache providers, object storage providers for uploaded files, and OpenAI or other AI service providers when Otto AI features are used. These providers process information on our behalf according to their own terms, privacy commitments, and security practices.

Payments

Approved access flows may include paid, complimentary, or non-Stripe-managed workspace access. Paid Stripe-managed workspaces use Stripe for payment processing, subscription management, invoices, and the billing portal. Otto do it does not store full payment card details.

We may process billing status, billing arrangement, Stripe customer and subscription identifiers, invoice and payment events, cancellation state, entitlement state, refund-request, dispute, and support details to provide access, support, audit, fraud-prevention, account-management, tax, and business-record functions.

Complimentary or non-Stripe-managed workspaces may not have a Stripe billing portal. Their access, cancellation, conversion, or removal may be handled through product controls or support instead.

Cookies, logs, and analytics

The current public marketing site does not intentionally use non-essential marketing cookies or third-party analytics scripts. The hosted app and our infrastructure providers may still process technical information needed for logs, telemetry, diagnostics, security monitoring, billing operations, rate limiting, support, abuse prevention, and reliability analysis.

AI and connected agents

When you use Otto AI or customer MCP features, Otto do it may send selected workspace context, prompts, files or task content you provide, tool instructions, and recent activity details to AI providers or connected agent systems so the feature can respond. Generated output, action previews, accepted or rejected actions, tool calls, and readback/audit records may be stored with your workspace or account history.

Customer MCP and connected-agent actions are scoped to the workspace and permissions authorized for that connection. We may log tool names, arguments, results, actor identity, timestamps, and safety or rate-limit decisions to operate the feature, investigate issues, and provide activity readback.

Email communications

If you create an account, request information, or receive access, we may send Otto do it product, access, support, security, and account-related messages. You can unsubscribe from marketing emails using the link included in those emails, where available, or by contacting us. Transactional or security messages may still be sent when needed to operate your account or workspace.

Data retention

We keep information for as long as needed to operate Otto do it, manage access, provide support, maintain security and audit records, comply with legal obligations, process billing and tax records, resolve disputes, enforce terms, prevent fraud and abuse, and preserve business records.

Eligible account deletion removes the account, workspace data you administer, profile details, and sign-in identity from active product systems, but deletion may be blocked or delayed when your account has active Stripe-managed billing, belongs to workspaces you do not administer, contains collaborator content, or has protected product references.

Some information may remain in backups, logs, deletion-request records, billing records, security/audit records, provider records, or other retained business records for a limited period or as required by law and operational needs.

Your choices

You may unsubscribe from marketing emails.

You may ask us to access, correct, export, or delete personal information associated with your account or product communications, subject to legal, security, billing, backup, audit, fraud-prevention, workspace-ownership, collaborator, and operational limits. Export and access requests may be handled through support or product controls and may be limited to information tied to your account or workspaces you are authorized to administer.

Eligible workspace admin accounts may be able to request deletion in-product. If active Stripe-managed subscriptions are attached to workspaces you administer, you must cancel those subscriptions before deletion can be requested or completed.

Accounts with protected references, collaborator content, workspace ownership conflicts, or requests that require review may need support handling instead of immediate self-service deletion.

You may choose not to create an account, not to accept an invitation, or not to add sensitive information to a workspace.

You are responsible for deciding what workspace content is appropriate to store in Otto do it.

Contact

For privacy requests related to Otto do it, contact BKRXY, LLC at postmaster@ottodoit.com.