Privacy Policy
This Privacy Policy explains how Frontdoor Labs Limited, trading as Otio, collects, uses, shares, stores, and protects personal data when you access or use Otio’s products and services.
Last updated: May 2026
You may access the last version of this Privacy Policy by clicking here
This Policy applies to Otio’s website at otio.ai, mobile application, desktop application, Chrome extension, application programming interfaces, account portals, AI-powered features, content-processing tools, collaboration features, support services, documentation, and any related products or services we make available from time to time, together the Services.
By using the Services, you acknowledge that your personal data will be handled as described in this Privacy Policy.
1. Who We Are
Otio is operated by Frontdoor Labs Limited, a company registered in England and Wales.
Legal entity: Frontdoor Labs Limited, trading as Otio
Company number: 14138209
Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
ICO registration number: ZB390660
Privacy contact: contact@otio.ai
Account support and security contact: support@otio.ai
For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, Otio is usually the controller of personal data processed in connection with individual accounts, billing, product use, security, support, marketing, website analytics, and app analytics.
Where Otio processes personal data on behalf of a Business Customer, Team Account, Enterprise customer, or other organisation under a Data Processing Addendum or similar agreement, Otio may act as a processor and that organisation will normally be the controller.
If your account is part of a Team Account or is provided by your employer, university, or another organisation, that organisation may control your account and associated Materials, including Inputs, Outputs, uploaded files, notes, workspace content, and usage settings.
2. Children
The Services are not intended for children or anyone under the age of 18. We do not knowingly collect personal data from children.
If you believe that a child has provided personal data to us, please contact us at contact@otio.ai and we will take appropriate steps to delete the data where required.
3. Personal data we collect
Personal data means any information about an individual from which that person can be identified. It does not include any data where the identity has been fully removed and anonymised.
As part of the Services, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
This Privacy Policy explains how Frontdoor Labs Limited, trading as Otio, collects, uses, shares, stores, and protects personal data when you access or use Otio’s products and services.
Last updated: May 2026
You may access the last version of this Privacy Policy by clicking here
This Policy applies to Otio’s website at otio.ai, mobile application, desktop application, Chrome extension, application programming interfaces, account portals, AI-powered features, content-processing tools, collaboration features, support services, documentation, and any related products or services we make available from time to time, together the Services.
By using the Services, you acknowledge that your personal data will be handled as described in this Privacy Policy.
1. Who We Are
Otio is operated by Frontdoor Labs Limited, a company registered in England and Wales.
Legal entity: Frontdoor Labs Limited, trading as Otio
Company number: 14138209
Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
ICO registration number: ZB390660
Privacy contact: contact@otio.ai
Account support and security contact: support@otio.ai
For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, Otio is usually the controller of personal data processed in connection with individual accounts, billing, product use, security, support, marketing, website analytics, and app analytics.
Where Otio processes personal data on behalf of a Business Customer, Team Account, Enterprise customer, or other organisation under a Data Processing Addendum or similar agreement, Otio may act as a processor and that organisation will normally be the controller.
If your account is part of a Team Account or is provided by your employer, university, or another organisation, that organisation may control your account and associated Materials, including Inputs, Outputs, uploaded files, notes, workspace content, and usage settings.
2. Children
The Services are not intended for children or anyone under the age of 18. We do not knowingly collect personal data from children.
If you believe that a child has provided personal data to us, please contact us at contact@otio.ai and we will take appropriate steps to delete the data where required.
3. Personal data we collect
Personal data means any information about an individual from which that person can be identified. It does not include any data where the identity has been fully removed and anonymised.
As part of the Services, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
This Privacy Policy explains how Frontdoor Labs Limited, trading as Otio, collects, uses, shares, stores, and protects personal data when you access or use Otio’s products and services.
Last updated: May 2026
You may access the last version of this Privacy Policy by clicking here
This Policy applies to Otio’s website at otio.ai, mobile application, desktop application, Chrome extension, application programming interfaces, account portals, AI-powered features, content-processing tools, collaboration features, support services, documentation, and any related products or services we make available from time to time, together the Services.
By using the Services, you acknowledge that your personal data will be handled as described in this Privacy Policy.
1. Who We Are
Otio is operated by Frontdoor Labs Limited, a company registered in England and Wales.
Legal entity: Frontdoor Labs Limited, trading as Otio
Company number: 14138209
Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
ICO registration number: ZB390660
Privacy contact: contact@otio.ai
Account support and security contact: support@otio.ai
For the purposes of UK data protection law, including the UK General Data Protection Regulation and the Data Protection Act 2018, Otio is usually the controller of personal data processed in connection with individual accounts, billing, product use, security, support, marketing, website analytics, and app analytics.
Where Otio processes personal data on behalf of a Business Customer, Team Account, Enterprise customer, or other organisation under a Data Processing Addendum or similar agreement, Otio may act as a processor and that organisation will normally be the controller.
If your account is part of a Team Account or is provided by your employer, university, or another organisation, that organisation may control your account and associated Materials, including Inputs, Outputs, uploaded files, notes, workspace content, and usage settings.
2. Children
The Services are not intended for children or anyone under the age of 18. We do not knowingly collect personal data from children.
If you believe that a child has provided personal data to us, please contact us at contact@otio.ai and we will take appropriate steps to delete the data where required.
3. Personal data we collect
Personal data means any information about an individual from which that person can be identified. It does not include any data where the identity has been fully removed and anonymised.
As part of the Services, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Technical Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Services to help improve our service offering. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We may also collect personal data included in the content you choose to upload or submit to the Services. This may include personal data about you or other people.
4. Special category data and sensitive content
We do not intentionally request special category data, such as information about health, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic data, or biometric data.
However, you may choose to upload documents, prompts, files, or other content that contains special category data or other sensitive information. If you do so, we process that data only as needed to provide, secure, support, and operate the Services, unless another lawful basis applies. Such data will not be used by us or any third party providers to train any AI tool or large language model.
You must not upload personal data, special category data, confidential information, payment-card data, government identifiers, regulated health data, trade secrets, or third-party content unless you have the necessary rights, permissions, notices, consents, safeguards, and lawful basis to do so.
Business Customers are responsible for ensuring that they have a lawful basis for personal data submitted by or on behalf of their users.
5. How we collect personal data
We use different methods to collect data from and about you. The main way we will collect your personal data is through your direct interactions with us, but we will also collect data through automated technologies and third parties or other publicly available sources.
Your interactions with us. You may give us Contact, Financial and Transactional Data by interacting directly with us through the Site or App, including when you sign up or register for Services. It also might include any information you give us when you request marketing information is sent to you or where you give us feedback or otherwise contact us.
Automated technologies or interactions. As you interact with Site and App, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites we operate which use our cookies. Details of the cookies we use can be found in our cookie policy.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources, like providers of technical and payment services that we engage. Additionally, Technical Data may be received from third-party analytics providers or advertising networks. See our Cookie Policy for further details.
From organisations. If you use Otio through a Team Account, Business Customer, Enterprise customer, employer, university, or other organisation, we may receive account, access, role, billing, and workspace information from that organisation or its Admins.
6. How we use your personal data
We will only use your personal data when we are allowed to do so under data protection law. We aim to be transparent about the personal data we collect and how we use it. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you when you register for our services or access our services through our App.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently agreed to by you. We also will not collect any personal data that is not needed for the mentioned purposes. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rule, where it is required or otherwise permitted by law.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Technical Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Services to help improve our service offering. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We may also collect personal data included in the content you choose to upload or submit to the Services. This may include personal data about you or other people.
4. Special category data and sensitive content
We do not intentionally request special category data, such as information about health, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic data, or biometric data.
However, you may choose to upload documents, prompts, files, or other content that contains special category data or other sensitive information. If you do so, we process that data only as needed to provide, secure, support, and operate the Services, unless another lawful basis applies. Such data will not be used by us or any third party providers to train any AI tool or large language model.
You must not upload personal data, special category data, confidential information, payment-card data, government identifiers, regulated health data, trade secrets, or third-party content unless you have the necessary rights, permissions, notices, consents, safeguards, and lawful basis to do so.
Business Customers are responsible for ensuring that they have a lawful basis for personal data submitted by or on behalf of their users.
5. How we collect personal data
We use different methods to collect data from and about you. The main way we will collect your personal data is through your direct interactions with us, but we will also collect data through automated technologies and third parties or other publicly available sources.
Your interactions with us. You may give us Contact, Financial and Transactional Data by interacting directly with us through the Site or App, including when you sign up or register for Services. It also might include any information you give us when you request marketing information is sent to you or where you give us feedback or otherwise contact us.
Automated technologies or interactions. As you interact with Site and App, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites we operate which use our cookies. Details of the cookies we use can be found in our cookie policy.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources, like providers of technical and payment services that we engage. Additionally, Technical Data may be received from third-party analytics providers or advertising networks. See our Cookie Policy for further details.
From organisations. If you use Otio through a Team Account, Business Customer, Enterprise customer, employer, university, or other organisation, we may receive account, access, role, billing, and workspace information from that organisation or its Admins.
6. How we use your personal data
We will only use your personal data when we are allowed to do so under data protection law. We aim to be transparent about the personal data we collect and how we use it. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you when you register for our services or access our services through our App.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently agreed to by you. We also will not collect any personal data that is not needed for the mentioned purposes. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rule, where it is required or otherwise permitted by law.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Technical Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our Services to help improve our service offering. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We may also collect personal data included in the content you choose to upload or submit to the Services. This may include personal data about you or other people.
4. Special category data and sensitive content
We do not intentionally request special category data, such as information about health, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, genetic data, or biometric data.
However, you may choose to upload documents, prompts, files, or other content that contains special category data or other sensitive information. If you do so, we process that data only as needed to provide, secure, support, and operate the Services, unless another lawful basis applies. Such data will not be used by us or any third party providers to train any AI tool or large language model.
You must not upload personal data, special category data, confidential information, payment-card data, government identifiers, regulated health data, trade secrets, or third-party content unless you have the necessary rights, permissions, notices, consents, safeguards, and lawful basis to do so.
Business Customers are responsible for ensuring that they have a lawful basis for personal data submitted by or on behalf of their users.
5. How we collect personal data
We use different methods to collect data from and about you. The main way we will collect your personal data is through your direct interactions with us, but we will also collect data through automated technologies and third parties or other publicly available sources.
Your interactions with us. You may give us Contact, Financial and Transactional Data by interacting directly with us through the Site or App, including when you sign up or register for Services. It also might include any information you give us when you request marketing information is sent to you or where you give us feedback or otherwise contact us.
Automated technologies or interactions. As you interact with Site and App, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites we operate which use our cookies. Details of the cookies we use can be found in our cookie policy.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources, like providers of technical and payment services that we engage. Additionally, Technical Data may be received from third-party analytics providers or advertising networks. See our Cookie Policy for further details.
From organisations. If you use Otio through a Team Account, Business Customer, Enterprise customer, employer, university, or other organisation, we may receive account, access, role, billing, and workspace information from that organisation or its Admins.
6. How we use your personal data
We will only use your personal data when we are allowed to do so under data protection law. We aim to be transparent about the personal data we collect and how we use it. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you when you register for our services or access our services through our App.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently agreed to by you. We also will not collect any personal data that is not needed for the mentioned purposes. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rule, where it is required or otherwise permitted by law.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
7. AI processing, Inputs, and Outputs
Otio provides AI-powered research, reading, writing, summarisation, chat, extraction, and productivity tools. To provide these features, we process your Inputs and generate Outputs.
Inputs may include prompts, questions, instructions, documents, files, links, text, images, source materials, and other content submitted to the Services.
Outputs may include summaries, answers, notes, drafts, reports, analyses, extracted content, generated text, or other materials produced by the Services.
We use Inputs and Outputs to:
provide the Services;
generate and display Outputs;
process uploaded documents and files;
maintain, secure, troubleshoot, and support the Services;
prevent abuse, fraud, or misuse;
comply with law;
enforce our Terms;
respond to your requests.
We do not use your Inputs or Outputs to train Otio’s AI tools or third-party large language models unless you expressly opt in or a separate written agreement applies.
We may use aggregated, anonymised, or statistical information that does not identify you and does not reveal your Inputs to operate, analyse, and improve the Services.
8. Third-party AI providers
We may share Inputs, Outputs, uploaded files, prompts, related metadata, technical information, and other User Content with third-party AI infrastructure providers where necessary to provide, secure, troubleshoot, and support the Services.
Where we use third-party AI providers:
they may process data only for specified purposes;
they are not permitted to use your Inputs or Outputs to train their models unless you expressly opt in or another written agreement applies;
they must handle data in accordance with contractual restrictions and applicable law;
data may be processed outside the UK or EEA, subject to appropriate safeguards where required.
Apple requires apps to clearly disclose where personal data is shared with third parties, including third-party AI providers, and to obtain permission where required by Apple’s rules and applicable law. We therefore make clear in this Policy and, where appropriate, in the app that content you submit may be processed by third-party AI infrastructure providers to deliver AI features.
9. Mobile app, device permissions, and Apple App Store disclosures
If you use the Otio mobile app, we may collect data from your device or request access to device features depending on the functionality you choose to use.
We only request permissions where needed to provide a feature, support app functionality, improve security, or comply with law.
7. AI processing, Inputs, and Outputs
Otio provides AI-powered research, reading, writing, summarisation, chat, extraction, and productivity tools. To provide these features, we process your Inputs and generate Outputs.
Inputs may include prompts, questions, instructions, documents, files, links, text, images, source materials, and other content submitted to the Services.
Outputs may include summaries, answers, notes, drafts, reports, analyses, extracted content, generated text, or other materials produced by the Services.
We use Inputs and Outputs to:
provide the Services;
generate and display Outputs;
process uploaded documents and files;
maintain, secure, troubleshoot, and support the Services;
prevent abuse, fraud, or misuse;
comply with law;
enforce our Terms;
respond to your requests.
We do not use your Inputs or Outputs to train Otio’s AI tools or third-party large language models unless you expressly opt in or a separate written agreement applies.
We may use aggregated, anonymised, or statistical information that does not identify you and does not reveal your Inputs to operate, analyse, and improve the Services.
8. Third-party AI providers
We may share Inputs, Outputs, uploaded files, prompts, related metadata, technical information, and other User Content with third-party AI infrastructure providers where necessary to provide, secure, troubleshoot, and support the Services.
Where we use third-party AI providers:
they may process data only for specified purposes;
they are not permitted to use your Inputs or Outputs to train their models unless you expressly opt in or another written agreement applies;
they must handle data in accordance with contractual restrictions and applicable law;
data may be processed outside the UK or EEA, subject to appropriate safeguards where required.
Apple requires apps to clearly disclose where personal data is shared with third parties, including third-party AI providers, and to obtain permission where required by Apple’s rules and applicable law. We therefore make clear in this Policy and, where appropriate, in the app that content you submit may be processed by third-party AI infrastructure providers to deliver AI features.
9. Mobile app, device permissions, and Apple App Store disclosures
If you use the Otio mobile app, we may collect data from your device or request access to device features depending on the functionality you choose to use.
We only request permissions where needed to provide a feature, support app functionality, improve security, or comply with law.
7. AI processing, Inputs, and Outputs
Otio provides AI-powered research, reading, writing, summarisation, chat, extraction, and productivity tools. To provide these features, we process your Inputs and generate Outputs.
Inputs may include prompts, questions, instructions, documents, files, links, text, images, source materials, and other content submitted to the Services.
Outputs may include summaries, answers, notes, drafts, reports, analyses, extracted content, generated text, or other materials produced by the Services.
We use Inputs and Outputs to:
provide the Services;
generate and display Outputs;
process uploaded documents and files;
maintain, secure, troubleshoot, and support the Services;
prevent abuse, fraud, or misuse;
comply with law;
enforce our Terms;
respond to your requests.
We do not use your Inputs or Outputs to train Otio’s AI tools or third-party large language models unless you expressly opt in or a separate written agreement applies.
We may use aggregated, anonymised, or statistical information that does not identify you and does not reveal your Inputs to operate, analyse, and improve the Services.
8. Third-party AI providers
We may share Inputs, Outputs, uploaded files, prompts, related metadata, technical information, and other User Content with third-party AI infrastructure providers where necessary to provide, secure, troubleshoot, and support the Services.
Where we use third-party AI providers:
they may process data only for specified purposes;
they are not permitted to use your Inputs or Outputs to train their models unless you expressly opt in or another written agreement applies;
they must handle data in accordance with contractual restrictions and applicable law;
data may be processed outside the UK or EEA, subject to appropriate safeguards where required.
Apple requires apps to clearly disclose where personal data is shared with third parties, including third-party AI providers, and to obtain permission where required by Apple’s rules and applicable law. We therefore make clear in this Policy and, where appropriate, in the app that content you submit may be processed by third-party AI infrastructure providers to deliver AI features.
9. Mobile app, device permissions, and Apple App Store disclosures
If you use the Otio mobile app, we may collect data from your device or request access to device features depending on the functionality you choose to use.
We only request permissions where needed to provide a feature, support app functionality, improve security, or comply with law.
You can manage device permissions through your device settings. Some features may not work properly if permissions are disabled.
Apple App Privacy information
For Apple App Store purposes, Otio may collect data that falls within Apple’s App Privacy categories, including:
You can manage device permissions through your device settings. Some features may not work properly if permissions are disabled.
Apple App Privacy information
For Apple App Store purposes, Otio may collect data that falls within Apple’s App Privacy categories, including:
You can manage device permissions through your device settings. Some features may not work properly if permissions are disabled.
Apple App Privacy information
For Apple App Store purposes, Otio may collect data that falls within Apple’s App Privacy categories, including:
Some data may be linked to your identity, such as account data, uploaded content, subscription data, support messages, and usage data associated with your account.
We do not use the Otio app to track you across third-party apps or websites for advertising purposes unless we first obtain any consent required by law and, where applicable, permission through Apple’s App Tracking Transparency framework.
10. App tracking and advertising
We do not sell your personal data.
We do not share your personal data with third parties for their own direct marketing purposes.
If we use advertising, attribution, analytics, or measurement technologies that qualify as tracking under Apple’s App Tracking Transparency rules, we will:
disclose this in App Store Connect;
update this Privacy Policy where required;
request permission through Apple’s App Tracking Transparency prompt where required;
provide any other consent required by applicable law.
If you deny tracking permission, we will not track you in a way that requires Apple App Tracking Transparency permission.
11. Cookies and similar technologies
We use cookies and similar technologies on our website and, where applicable, in our apps, browser extension, and other Services.
Cookies and similar technologies are small files or identifiers that are placed on, stored on, or accessed from your computer, mobile device, browser, or app when you use a website or online service. They can help us recognise your device, remember your preferences, keep you logged in, understand how the Services are used, improve security, and support analytics and marketing where permitted.
Cookies and similar technologies may be used to:
make the Services work;
keep you logged in;
remember your preferences and settings;
measure usage and performance;
understand how users interact with the Services;
detect fraud, abuse, or security issues;
improve security;
support analytics and marketing where permitted.
We may use the following types of cookies and similar technologies:
Some data may be linked to your identity, such as account data, uploaded content, subscription data, support messages, and usage data associated with your account.
We do not use the Otio app to track you across third-party apps or websites for advertising purposes unless we first obtain any consent required by law and, where applicable, permission through Apple’s App Tracking Transparency framework.
10. App tracking and advertising
We do not sell your personal data.
We do not share your personal data with third parties for their own direct marketing purposes.
If we use advertising, attribution, analytics, or measurement technologies that qualify as tracking under Apple’s App Tracking Transparency rules, we will:
disclose this in App Store Connect;
update this Privacy Policy where required;
request permission through Apple’s App Tracking Transparency prompt where required;
provide any other consent required by applicable law.
If you deny tracking permission, we will not track you in a way that requires Apple App Tracking Transparency permission.
11. Cookies and similar technologies
We use cookies and similar technologies on our website and, where applicable, in our apps, browser extension, and other Services.
Cookies and similar technologies are small files or identifiers that are placed on, stored on, or accessed from your computer, mobile device, browser, or app when you use a website or online service. They can help us recognise your device, remember your preferences, keep you logged in, understand how the Services are used, improve security, and support analytics and marketing where permitted.
Cookies and similar technologies may be used to:
make the Services work;
keep you logged in;
remember your preferences and settings;
measure usage and performance;
understand how users interact with the Services;
detect fraud, abuse, or security issues;
improve security;
support analytics and marketing where permitted.
We may use the following types of cookies and similar technologies:
Some data may be linked to your identity, such as account data, uploaded content, subscription data, support messages, and usage data associated with your account.
We do not use the Otio app to track you across third-party apps or websites for advertising purposes unless we first obtain any consent required by law and, where applicable, permission through Apple’s App Tracking Transparency framework.
10. App tracking and advertising
We do not sell your personal data.
We do not share your personal data with third parties for their own direct marketing purposes.
If we use advertising, attribution, analytics, or measurement technologies that qualify as tracking under Apple’s App Tracking Transparency rules, we will:
disclose this in App Store Connect;
update this Privacy Policy where required;
request permission through Apple’s App Tracking Transparency prompt where required;
provide any other consent required by applicable law.
If you deny tracking permission, we will not track you in a way that requires Apple App Tracking Transparency permission.
11. Cookies and similar technologies
We use cookies and similar technologies on our website and, where applicable, in our apps, browser extension, and other Services.
Cookies and similar technologies are small files or identifiers that are placed on, stored on, or accessed from your computer, mobile device, browser, or app when you use a website or online service. They can help us recognise your device, remember your preferences, keep you logged in, understand how the Services are used, improve security, and support analytics and marketing where permitted.
Cookies and similar technologies may be used to:
make the Services work;
keep you logged in;
remember your preferences and settings;
measure usage and performance;
understand how users interact with the Services;
detect fraud, abuse, or security issues;
improve security;
support analytics and marketing where permitted.
We may use the following types of cookies and similar technologies:
The law distinguishes between strictly necessary cookies, which are needed for websites and services to operate properly, and non-essential cookies, such as analytics, preference, marketing, and advertising cookies. We may place strictly necessary cookies on your device without your consent, provided we inform you about them. For non-essential cookies, we will request your consent where required by law.
For UK users, non-essential cookies generally require consent under the Privacy and Electronic Communications Regulations. You are free to accept or refuse non-essential cookies, including analytics cookies, and you can update your choices at any time through our cookie banner, cookie settings, or your browser settings.
You can also set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of the Services may become inaccessible or may not function properly.
Further details of the cookies we use, including how long they last and any third parties involved, are set out in our Cookie Policy.
12. Marketing communications
You may receive marketing communications from us if you have requested information from us, created an account, purchased or used the Services, or otherwise agreed to receive marketing from us, and you have not opted out.
We may use your Contact Data, Profile Data, Technical Data, Usage Data, and Communications Data to understand what services, features, updates, offers, or content may be relevant to you. We will only send marketing communications where permitted by law, including where you have given consent or where we are allowed to rely on legitimate interests.
We will not sell your personal data. We will not share your personal data with third parties for their own direct marketing purposes.
You can opt out of marketing communications at any time by:
clicking the unsubscribe link in a marketing email;
adjusting your account or communication settings, if available; or
contacting us at contact@otio.ai.
If you opt out of marketing, we may still send you service-related communications that are necessary for administrative, legal, security, billing, subscription, product, or customer support purposes. These may include security alerts, billing notices, subscription updates, policy notices, account messages, and support communications.
13. Who we share personal data with
We do not sell your personal data. We may share personal data with the following categories of recipients where necessary to provide, secure, support, improve, and operate the Services, comply with legal obligations, enforce our Terms, process payments, manage business operations, or protect our rights and legitimate interests.
The law distinguishes between strictly necessary cookies, which are needed for websites and services to operate properly, and non-essential cookies, such as analytics, preference, marketing, and advertising cookies. We may place strictly necessary cookies on your device without your consent, provided we inform you about them. For non-essential cookies, we will request your consent where required by law.
For UK users, non-essential cookies generally require consent under the Privacy and Electronic Communications Regulations. You are free to accept or refuse non-essential cookies, including analytics cookies, and you can update your choices at any time through our cookie banner, cookie settings, or your browser settings.
You can also set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of the Services may become inaccessible or may not function properly.
Further details of the cookies we use, including how long they last and any third parties involved, are set out in our Cookie Policy.
12. Marketing communications
You may receive marketing communications from us if you have requested information from us, created an account, purchased or used the Services, or otherwise agreed to receive marketing from us, and you have not opted out.
We may use your Contact Data, Profile Data, Technical Data, Usage Data, and Communications Data to understand what services, features, updates, offers, or content may be relevant to you. We will only send marketing communications where permitted by law, including where you have given consent or where we are allowed to rely on legitimate interests.
We will not sell your personal data. We will not share your personal data with third parties for their own direct marketing purposes.
You can opt out of marketing communications at any time by:
clicking the unsubscribe link in a marketing email;
adjusting your account or communication settings, if available; or
contacting us at contact@otio.ai.
If you opt out of marketing, we may still send you service-related communications that are necessary for administrative, legal, security, billing, subscription, product, or customer support purposes. These may include security alerts, billing notices, subscription updates, policy notices, account messages, and support communications.
13. Who we share personal data with
We do not sell your personal data. We may share personal data with the following categories of recipients where necessary to provide, secure, support, improve, and operate the Services, comply with legal obligations, enforce our Terms, process payments, manage business operations, or protect our rights and legitimate interests.
The law distinguishes between strictly necessary cookies, which are needed for websites and services to operate properly, and non-essential cookies, such as analytics, preference, marketing, and advertising cookies. We may place strictly necessary cookies on your device without your consent, provided we inform you about them. For non-essential cookies, we will request your consent where required by law.
For UK users, non-essential cookies generally require consent under the Privacy and Electronic Communications Regulations. You are free to accept or refuse non-essential cookies, including analytics cookies, and you can update your choices at any time through our cookie banner, cookie settings, or your browser settings.
You can also set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of the Services may become inaccessible or may not function properly.
Further details of the cookies we use, including how long they last and any third parties involved, are set out in our Cookie Policy.
12. Marketing communications
You may receive marketing communications from us if you have requested information from us, created an account, purchased or used the Services, or otherwise agreed to receive marketing from us, and you have not opted out.
We may use your Contact Data, Profile Data, Technical Data, Usage Data, and Communications Data to understand what services, features, updates, offers, or content may be relevant to you. We will only send marketing communications where permitted by law, including where you have given consent or where we are allowed to rely on legitimate interests.
We will not sell your personal data. We will not share your personal data with third parties for their own direct marketing purposes.
You can opt out of marketing communications at any time by:
clicking the unsubscribe link in a marketing email;
adjusting your account or communication settings, if available; or
contacting us at contact@otio.ai.
If you opt out of marketing, we may still send you service-related communications that are necessary for administrative, legal, security, billing, subscription, product, or customer support purposes. These may include security alerts, billing notices, subscription updates, policy notices, account messages, and support communications.
13. Who we share personal data with
We do not sell your personal data. We may share personal data with the following categories of recipients where necessary to provide, secure, support, improve, and operate the Services, comply with legal obligations, enforce our Terms, process payments, manage business operations, or protect our rights and legitimate interests.
Where we appoint third-party service providers to process personal data on our behalf, we require them to handle personal data securely, only for specified purposes, and in accordance with our instructions and applicable law. We do not allow these service providers to use personal data for their own purposes where they process it on our behalf.
Where we share data with third-party AI infrastructure providers, they may process Inputs, Outputs, uploaded files, prompts, related metadata, technical information, and other User Content only as needed to provide, secure, troubleshoot, and support the Services. We do not permit third-party AI providers to use your Inputs or Outputs to train or improve their AI tools or large language models unless you expressly opt in or another written agreement applies.
We may also disclose personal data where required or permitted by law, including to regulators, tax authorities, courts, law enforcement bodies, fraud prevention organisations, supervisory authorities such as the ICO, or other relevant public authorities.
If Otio is involved in a sale, merger, acquisition, financing, restructuring, transfer of assets, or similar transaction, personal data may be disclosed to the relevant parties and may be transferred to a successor or new owner. In that case, the new owner may use your personal data in the same way as described in this Privacy Policy.
14. Team Accounts and Business Customers
If you use Otio through a Team Account, Business Customer, Enterprise customer, employer, university, or other organisation:
that organisation may control your account and associated Materials;
Admins may be able to add, remove, restrict, monitor, access, export, transfer, or delete Materials depending on the plan and settings;
the organisation may control retention, deletion, access, and workspace settings;
Otio may act as a processor for personal data processed on behalf of that organisation;
you should contact that organisation first if you want to exercise privacy rights relating to data controlled by it.
If a Data Processing Addendum applies, it will govern Otio’s processing of personal data on behalf of the Business Customer.
15. International transfers
Otio hosts personal data within the EEA. Limited access, transfer, or processing outside the UK or EEA may occur only where necessary to provide, secure, support, improve, or operate the Services and subject to appropriate safeguards.
Otio is based in the United Kingdom and provides online services that may be accessed from different countries. Although our primary hosting of personal data is within the EEA, we may need to transfer, access, or otherwise process personal data outside the UK or EEA where necessary to provide, secure, support, improve, or operate the Services. This may include processing by or access from cloud providers, AI infrastructure providers, analytics providers, payment processors, customer support tools, app platform providers, professional advisers, and other service providers.
Where we transfer personal data outside the UK or EEA, we will ensure that an appropriate level of protection is provided in accordance with applicable data protection laws. This may include one or more of the following safeguards:
transferring personal data to countries, territories, or organisations that have been recognised as providing an adequate level of protection by the UK Government, the Information Commissioner’s Office, the European Commission, or another competent authority;
using approved contractual safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses;
relying on another lawful transfer mechanism, exemption, or derogation permitted by applicable data protection law, where appropriate.
If you are based outside the UK or EEA and use the Services, your personal data may be received from, or made available to you in, the country where you are located. Where applicable, this may involve an international transfer connected with your request to use the Services from that location.
You can contact us at contact@otio.ai if you want more information about the safeguards used for international transfers.
16. Data security and security incidents
We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
These measures may include:
encryption of data in transit;
access controls and authentication safeguards;
logging, monitoring, and security testing;
vendor review and oversight;
confidentiality obligations for employees, agents, contractors, and third parties who process personal data;
limiting access to personal data to those who have a business need to know;
incident response procedures;
backup and recovery controls.
Where employees, agents, contractors, or third-party service providers have access to personal data, they are required to process it only on our instructions, where applicable, and are subject to confidentiality obligations.
If we become aware of a security incident affecting personal data, we will take reasonable steps to investigate, contain, mitigate, and remediate the incident. Where required by law, we will notify affected users, Business Customers, regulators, or other relevant parties.
If Otio acts as a processor for a Business Customer, we will notify the Business Customer in accordance with the applicable Data Processing Addendum or data processing agreement, so that the Business Customer can meet its own legal and regulatory obligations.
No internet service, AI system, app, website, or cloud platform can be guaranteed to be completely secure. Although we take steps to protect personal data, we cannot guarantee the security of data transmitted online or through the Services.
You are responsible for maintaining strong passwords, protecting your login credentials, using appropriate access controls, and promptly notifying us of any suspected unauthorised access, compromise, misuse, vulnerability, or security incident involving your account.
If you believe your account has been compromised, contact us immediately at support@otio.ai.
17. How long we keep personal data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain security, and meet legitimate business needs.
Retention periods depend on the type of data, account status, plan type, legal requirements, and the nature of the Services used.
Where we appoint third-party service providers to process personal data on our behalf, we require them to handle personal data securely, only for specified purposes, and in accordance with our instructions and applicable law. We do not allow these service providers to use personal data for their own purposes where they process it on our behalf.
Where we share data with third-party AI infrastructure providers, they may process Inputs, Outputs, uploaded files, prompts, related metadata, technical information, and other User Content only as needed to provide, secure, troubleshoot, and support the Services. We do not permit third-party AI providers to use your Inputs or Outputs to train or improve their AI tools or large language models unless you expressly opt in or another written agreement applies.
We may also disclose personal data where required or permitted by law, including to regulators, tax authorities, courts, law enforcement bodies, fraud prevention organisations, supervisory authorities such as the ICO, or other relevant public authorities.
If Otio is involved in a sale, merger, acquisition, financing, restructuring, transfer of assets, or similar transaction, personal data may be disclosed to the relevant parties and may be transferred to a successor or new owner. In that case, the new owner may use your personal data in the same way as described in this Privacy Policy.
14. Team Accounts and Business Customers
If you use Otio through a Team Account, Business Customer, Enterprise customer, employer, university, or other organisation:
that organisation may control your account and associated Materials;
Admins may be able to add, remove, restrict, monitor, access, export, transfer, or delete Materials depending on the plan and settings;
the organisation may control retention, deletion, access, and workspace settings;
Otio may act as a processor for personal data processed on behalf of that organisation;
you should contact that organisation first if you want to exercise privacy rights relating to data controlled by it.
If a Data Processing Addendum applies, it will govern Otio’s processing of personal data on behalf of the Business Customer.
15. International transfers
Otio hosts personal data within the EEA. Limited access, transfer, or processing outside the UK or EEA may occur only where necessary to provide, secure, support, improve, or operate the Services and subject to appropriate safeguards.
Otio is based in the United Kingdom and provides online services that may be accessed from different countries. Although our primary hosting of personal data is within the EEA, we may need to transfer, access, or otherwise process personal data outside the UK or EEA where necessary to provide, secure, support, improve, or operate the Services. This may include processing by or access from cloud providers, AI infrastructure providers, analytics providers, payment processors, customer support tools, app platform providers, professional advisers, and other service providers.
Where we transfer personal data outside the UK or EEA, we will ensure that an appropriate level of protection is provided in accordance with applicable data protection laws. This may include one or more of the following safeguards:
transferring personal data to countries, territories, or organisations that have been recognised as providing an adequate level of protection by the UK Government, the Information Commissioner’s Office, the European Commission, or another competent authority;
using approved contractual safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses;
relying on another lawful transfer mechanism, exemption, or derogation permitted by applicable data protection law, where appropriate.
If you are based outside the UK or EEA and use the Services, your personal data may be received from, or made available to you in, the country where you are located. Where applicable, this may involve an international transfer connected with your request to use the Services from that location.
You can contact us at contact@otio.ai if you want more information about the safeguards used for international transfers.
16. Data security and security incidents
We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
These measures may include:
encryption of data in transit;
access controls and authentication safeguards;
logging, monitoring, and security testing;
vendor review and oversight;
confidentiality obligations for employees, agents, contractors, and third parties who process personal data;
limiting access to personal data to those who have a business need to know;
incident response procedures;
backup and recovery controls.
Where employees, agents, contractors, or third-party service providers have access to personal data, they are required to process it only on our instructions, where applicable, and are subject to confidentiality obligations.
If we become aware of a security incident affecting personal data, we will take reasonable steps to investigate, contain, mitigate, and remediate the incident. Where required by law, we will notify affected users, Business Customers, regulators, or other relevant parties.
If Otio acts as a processor for a Business Customer, we will notify the Business Customer in accordance with the applicable Data Processing Addendum or data processing agreement, so that the Business Customer can meet its own legal and regulatory obligations.
No internet service, AI system, app, website, or cloud platform can be guaranteed to be completely secure. Although we take steps to protect personal data, we cannot guarantee the security of data transmitted online or through the Services.
You are responsible for maintaining strong passwords, protecting your login credentials, using appropriate access controls, and promptly notifying us of any suspected unauthorised access, compromise, misuse, vulnerability, or security incident involving your account.
If you believe your account has been compromised, contact us immediately at support@otio.ai.
17. How long we keep personal data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain security, and meet legitimate business needs.
Retention periods depend on the type of data, account status, plan type, legal requirements, and the nature of the Services used.
Where we appoint third-party service providers to process personal data on our behalf, we require them to handle personal data securely, only for specified purposes, and in accordance with our instructions and applicable law. We do not allow these service providers to use personal data for their own purposes where they process it on our behalf.
Where we share data with third-party AI infrastructure providers, they may process Inputs, Outputs, uploaded files, prompts, related metadata, technical information, and other User Content only as needed to provide, secure, troubleshoot, and support the Services. We do not permit third-party AI providers to use your Inputs or Outputs to train or improve their AI tools or large language models unless you expressly opt in or another written agreement applies.
We may also disclose personal data where required or permitted by law, including to regulators, tax authorities, courts, law enforcement bodies, fraud prevention organisations, supervisory authorities such as the ICO, or other relevant public authorities.
If Otio is involved in a sale, merger, acquisition, financing, restructuring, transfer of assets, or similar transaction, personal data may be disclosed to the relevant parties and may be transferred to a successor or new owner. In that case, the new owner may use your personal data in the same way as described in this Privacy Policy.
14. Team Accounts and Business Customers
If you use Otio through a Team Account, Business Customer, Enterprise customer, employer, university, or other organisation:
that organisation may control your account and associated Materials;
Admins may be able to add, remove, restrict, monitor, access, export, transfer, or delete Materials depending on the plan and settings;
the organisation may control retention, deletion, access, and workspace settings;
Otio may act as a processor for personal data processed on behalf of that organisation;
you should contact that organisation first if you want to exercise privacy rights relating to data controlled by it.
If a Data Processing Addendum applies, it will govern Otio’s processing of personal data on behalf of the Business Customer.
15. International transfers
Otio hosts personal data within the EEA. Limited access, transfer, or processing outside the UK or EEA may occur only where necessary to provide, secure, support, improve, or operate the Services and subject to appropriate safeguards.
Otio is based in the United Kingdom and provides online services that may be accessed from different countries. Although our primary hosting of personal data is within the EEA, we may need to transfer, access, or otherwise process personal data outside the UK or EEA where necessary to provide, secure, support, improve, or operate the Services. This may include processing by or access from cloud providers, AI infrastructure providers, analytics providers, payment processors, customer support tools, app platform providers, professional advisers, and other service providers.
Where we transfer personal data outside the UK or EEA, we will ensure that an appropriate level of protection is provided in accordance with applicable data protection laws. This may include one or more of the following safeguards:
transferring personal data to countries, territories, or organisations that have been recognised as providing an adequate level of protection by the UK Government, the Information Commissioner’s Office, the European Commission, or another competent authority;
using approved contractual safeguards, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses;
relying on another lawful transfer mechanism, exemption, or derogation permitted by applicable data protection law, where appropriate.
If you are based outside the UK or EEA and use the Services, your personal data may be received from, or made available to you in, the country where you are located. Where applicable, this may involve an international transfer connected with your request to use the Services from that location.
You can contact us at contact@otio.ai if you want more information about the safeguards used for international transfers.
16. Data security and security incidents
We use appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
These measures may include:
encryption of data in transit;
access controls and authentication safeguards;
logging, monitoring, and security testing;
vendor review and oversight;
confidentiality obligations for employees, agents, contractors, and third parties who process personal data;
limiting access to personal data to those who have a business need to know;
incident response procedures;
backup and recovery controls.
Where employees, agents, contractors, or third-party service providers have access to personal data, they are required to process it only on our instructions, where applicable, and are subject to confidentiality obligations.
If we become aware of a security incident affecting personal data, we will take reasonable steps to investigate, contain, mitigate, and remediate the incident. Where required by law, we will notify affected users, Business Customers, regulators, or other relevant parties.
If Otio acts as a processor for a Business Customer, we will notify the Business Customer in accordance with the applicable Data Processing Addendum or data processing agreement, so that the Business Customer can meet its own legal and regulatory obligations.
No internet service, AI system, app, website, or cloud platform can be guaranteed to be completely secure. Although we take steps to protect personal data, we cannot guarantee the security of data transmitted online or through the Services.
You are responsible for maintaining strong passwords, protecting your login credentials, using appropriate access controls, and promptly notifying us of any suspected unauthorised access, compromise, misuse, vulnerability, or security incident involving your account.
If you believe your account has been compromised, contact us immediately at support@otio.ai.
17. How long we keep personal data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud or abuse, maintain security, and meet legitimate business needs.
Retention periods depend on the type of data, account status, plan type, legal requirements, and the nature of the Services used.
We may retain certain personal data for up to six years after the end of our relationship with you where needed for legal, tax, accounting, reporting, dispute, or contractual purposes. We may retain data for longer where required by law, where there is an ongoing dispute, or where we reasonably believe litigation or regulatory action may arise.
Free plans, inactive accounts, and expired trials
If you use a free plan, legacy free account, expired trial, or otherwise do not maintain an active paid subscription, we may delete, archive, restrict access to, or anonymise some or all of your Materials after inactivity, after a change to free-plan storage limits, or where continued storage is no longer supported.
Where reasonably practicable, we will provide advance notice by email, in-product notice, or another reasonable method before deleting Materials from free, legacy, or inactive accounts.
Cancelled or expired paid subscriptions
If you cancel your paid subscription, allow it to expire, fail to pay fees, or otherwise lose active paid subscription status, we are not required to store your Materials indefinitely.
We may delete, archive, restrict access to, or anonymise Materials after your subscription ends or after any applicable grace period. You are responsible for exporting or backing up Materials you wish to keep before your subscription ends.
Backups and residual copies
Deletion may not be immediate across all systems. Copies may remain for a limited period in backups, logs, security records, archival systems, or other technical systems, but we will handle those copies in accordance with our retention practices and applicable law.
18. Account deletion
You may delete your account or request account deletion through:
the customer portal;
account settings;
the mobile app settings, where available;
by emailing support@otio.ai.
If you create an account in the Otio mobile app, we will provide an account deletion option in the app where required by Apple’s App Store rules.
When your account is deleted, we will delete or anonymise personal data associated with your account unless we need to retain certain information for legal, security, fraud prevention, accounting, tax, dispute resolution, compliance, backup, or legitimate business purposes.
Deleting the app from your device does not automatically cancel any Subscription, delete your Otio account, or delete data stored in the Services.
If your account is controlled by a Business Customer or Team Account, account deletion may be managed by that organisation or its Admins. In that case, you may need to contact the organisation directly.
19. Your legal rights
You have a number of rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
You also have the absolute right to object at any time to the processing of your personal data for direct marketing purposes by emailing contact@otio.ai.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
If you want us to establish the data's accuracy;
Where our use of the data is unlawful but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us at contact@otio.ai.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
20. Complaints
If you have any concerns or complaints about how we handle your personal data, please contact us first at contact@otio.ai. We take privacy complaints seriously and will investigate and respond to your concern as soon as reasonably possible.
We will aim to resolve your complaint directly with you. If you are not satisfied with our response, or if you believe that we have not handled your personal data properly, you have the right to complain to the UK data protection supervisory authority, the Information Commissioner’s Office.
You can find more information about the ICO at ico.org.uk.
21. Third-party links and services
The Services may contain links to third-party websites, apps, plug-ins, integrations, platforms, models, databases, payment processors, cloud services, or other services that we do not control.
If you click a third-party link or enable a third-party integration, those third parties may collect or process your data under their own terms and privacy policies.
We are not responsible for third-party privacy practices. You should review the privacy policy of any third-party service you use.
22. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Services, law, security requirements, business practices, third-party providers, App Store requirements, or data processing activities.
Where changes are material, we will take reasonable steps to notify you, which may include email, in-product notice, website notice, or another reasonable method.
The updated Privacy Policy will identify the date it was last updated.
23. Contact us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Frontdoor Labs Limited, trading as Otio
71-75 Shelton Street
Covent Garden
London
United Kingdom
WC2H 9JQ
Privacy enquiries: contact@otio.ai
Account support and security: support@otio.ai
We may retain certain personal data for up to six years after the end of our relationship with you where needed for legal, tax, accounting, reporting, dispute, or contractual purposes. We may retain data for longer where required by law, where there is an ongoing dispute, or where we reasonably believe litigation or regulatory action may arise.
Free plans, inactive accounts, and expired trials
If you use a free plan, legacy free account, expired trial, or otherwise do not maintain an active paid subscription, we may delete, archive, restrict access to, or anonymise some or all of your Materials after inactivity, after a change to free-plan storage limits, or where continued storage is no longer supported.
Where reasonably practicable, we will provide advance notice by email, in-product notice, or another reasonable method before deleting Materials from free, legacy, or inactive accounts.
Cancelled or expired paid subscriptions
If you cancel your paid subscription, allow it to expire, fail to pay fees, or otherwise lose active paid subscription status, we are not required to store your Materials indefinitely.
We may delete, archive, restrict access to, or anonymise Materials after your subscription ends or after any applicable grace period. You are responsible for exporting or backing up Materials you wish to keep before your subscription ends.
Backups and residual copies
Deletion may not be immediate across all systems. Copies may remain for a limited period in backups, logs, security records, archival systems, or other technical systems, but we will handle those copies in accordance with our retention practices and applicable law.
18. Account deletion
You may delete your account or request account deletion through:
the customer portal;
account settings;
the mobile app settings, where available;
by emailing support@otio.ai.
If you create an account in the Otio mobile app, we will provide an account deletion option in the app where required by Apple’s App Store rules.
When your account is deleted, we will delete or anonymise personal data associated with your account unless we need to retain certain information for legal, security, fraud prevention, accounting, tax, dispute resolution, compliance, backup, or legitimate business purposes.
Deleting the app from your device does not automatically cancel any Subscription, delete your Otio account, or delete data stored in the Services.
If your account is controlled by a Business Customer or Team Account, account deletion may be managed by that organisation or its Admins. In that case, you may need to contact the organisation directly.
19. Your legal rights
You have a number of rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
You also have the absolute right to object at any time to the processing of your personal data for direct marketing purposes by emailing contact@otio.ai.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
If you want us to establish the data's accuracy;
Where our use of the data is unlawful but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us at contact@otio.ai.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
20. Complaints
If you have any concerns or complaints about how we handle your personal data, please contact us first at contact@otio.ai. We take privacy complaints seriously and will investigate and respond to your concern as soon as reasonably possible.
We will aim to resolve your complaint directly with you. If you are not satisfied with our response, or if you believe that we have not handled your personal data properly, you have the right to complain to the UK data protection supervisory authority, the Information Commissioner’s Office.
You can find more information about the ICO at ico.org.uk.
21. Third-party links and services
The Services may contain links to third-party websites, apps, plug-ins, integrations, platforms, models, databases, payment processors, cloud services, or other services that we do not control.
If you click a third-party link or enable a third-party integration, those third parties may collect or process your data under their own terms and privacy policies.
We are not responsible for third-party privacy practices. You should review the privacy policy of any third-party service you use.
22. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Services, law, security requirements, business practices, third-party providers, App Store requirements, or data processing activities.
Where changes are material, we will take reasonable steps to notify you, which may include email, in-product notice, website notice, or another reasonable method.
The updated Privacy Policy will identify the date it was last updated.
23. Contact us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Frontdoor Labs Limited, trading as Otio
71-75 Shelton Street
Covent Garden
London
United Kingdom
WC2H 9JQ
Privacy enquiries: contact@otio.ai
Account support and security: support@otio.ai
We may retain certain personal data for up to six years after the end of our relationship with you where needed for legal, tax, accounting, reporting, dispute, or contractual purposes. We may retain data for longer where required by law, where there is an ongoing dispute, or where we reasonably believe litigation or regulatory action may arise.
Free plans, inactive accounts, and expired trials
If you use a free plan, legacy free account, expired trial, or otherwise do not maintain an active paid subscription, we may delete, archive, restrict access to, or anonymise some or all of your Materials after inactivity, after a change to free-plan storage limits, or where continued storage is no longer supported.
Where reasonably practicable, we will provide advance notice by email, in-product notice, or another reasonable method before deleting Materials from free, legacy, or inactive accounts.
Cancelled or expired paid subscriptions
If you cancel your paid subscription, allow it to expire, fail to pay fees, or otherwise lose active paid subscription status, we are not required to store your Materials indefinitely.
We may delete, archive, restrict access to, or anonymise Materials after your subscription ends or after any applicable grace period. You are responsible for exporting or backing up Materials you wish to keep before your subscription ends.
Backups and residual copies
Deletion may not be immediate across all systems. Copies may remain for a limited period in backups, logs, security records, archival systems, or other technical systems, but we will handle those copies in accordance with our retention practices and applicable law.
18. Account deletion
You may delete your account or request account deletion through:
the customer portal;
account settings;
the mobile app settings, where available;
by emailing support@otio.ai.
If you create an account in the Otio mobile app, we will provide an account deletion option in the app where required by Apple’s App Store rules.
When your account is deleted, we will delete or anonymise personal data associated with your account unless we need to retain certain information for legal, security, fraud prevention, accounting, tax, dispute resolution, compliance, backup, or legitimate business purposes.
Deleting the app from your device does not automatically cancel any Subscription, delete your Otio account, or delete data stored in the Services.
If your account is controlled by a Business Customer or Team Account, account deletion may be managed by that organisation or its Admins. In that case, you may need to contact the organisation directly.
19. Your legal rights
You have a number of rights under data protection laws in relation to your personal data.
You have the right to:
Request access to your personal data (commonly known as a "subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
You also have the absolute right to object at any time to the processing of your personal data for direct marketing purposes by emailing contact@otio.ai.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
If you want us to establish the data's accuracy;
Where our use of the data is unlawful but you do not want us to erase it;
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us at contact@otio.ai.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
20. Complaints
If you have any concerns or complaints about how we handle your personal data, please contact us first at contact@otio.ai. We take privacy complaints seriously and will investigate and respond to your concern as soon as reasonably possible.
We will aim to resolve your complaint directly with you. If you are not satisfied with our response, or if you believe that we have not handled your personal data properly, you have the right to complain to the UK data protection supervisory authority, the Information Commissioner’s Office.
You can find more information about the ICO at ico.org.uk.
21. Third-party links and services
The Services may contain links to third-party websites, apps, plug-ins, integrations, platforms, models, databases, payment processors, cloud services, or other services that we do not control.
If you click a third-party link or enable a third-party integration, those third parties may collect or process your data under their own terms and privacy policies.
We are not responsible for third-party privacy practices. You should review the privacy policy of any third-party service you use.
22. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the Services, law, security requirements, business practices, third-party providers, App Store requirements, or data processing activities.
Where changes are material, we will take reasonable steps to notify you, which may include email, in-product notice, website notice, or another reasonable method.
The updated Privacy Policy will identify the date it was last updated.
23. Contact us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Frontdoor Labs Limited, trading as Otio
71-75 Shelton Street
Covent Garden
London
United Kingdom
WC2H 9JQ
Privacy enquiries: contact@otio.ai
Account support and security: support@otio.ai
Go home
© 2026 Frontdoor Labs Ltd.
© 2026 Frontdoor Labs Ltd.
© 2026 Frontdoor Labs Ltd.