Privacy Policy

This Privacy Policy explains how otom8 collects, uses, discloses, and protects information when you visit our website, communicate with us, or use our automation platform, managed services, workflows, integrations, and related support services.

The information we process depends on how you interact with otom8, the features you use, the accounts and applications you connect, and the instructions you give us. If you do not agree with this policy, do not use the services or provide information to us.

We do not sell personal information. We do not use Google user data for advertising. We do not use Google user data to train or evaluate generalized artificial intelligence or machine learning models.

We collect information you provide directly, including name, email address, company name, job title, billing details, support messages, onboarding notes, consultation details, workspace settings, workflow instructions, uploaded files, and other information you choose to submit.

If you create an account or are invited to a workspace, we process account profile information, authentication details, role and permission information, workspace membership, project membership, and administrative settings.

If you purchase services or a subscription, payment information may be processed by a payment provider such as Stripe. We do not store full payment card numbers on our own systems.

You are responsible for ensuring that information you provide is accurate and that you have the rights and authority needed to provide it to otom8.

When you use our website or platform, we may automatically collect technical and usage information such as IP address, browser type, device characteristics, operating system, language preferences, referring URLs, pages viewed, feature usage, timestamps, log data, diagnostic events, error reports, and approximate location derived from network information.

This information is used to maintain security, prevent fraud or abuse, operate the platform, troubleshoot problems, understand product usage, improve performance, and generate internal analytics and reporting.

Like many online services, we may use cookies, local storage, web beacons, pixels, and similar technologies to keep users signed in, remember preferences, measure usage, secure sessions, and improve the website and platform. You can control cookies through your browser settings, though some features may not work correctly if cookies are disabled.

Otom8 allows users to connect third-party applications and services at their direction. When you authorize a connection, we process the access tokens, refresh tokens, permissions, configuration, metadata, and service data needed to run the automations you configure or request.

Connected app data may include emails, calendar events, files, spreadsheets, forms, contacts, messages, CRM records, tickets, tasks, documents, webhooks, and other business information depending on the apps and scopes you authorize.

We use connected app data to provide user-facing automation functionality, route information between systems, execute workflow steps, monitor reliability, troubleshoot failures, maintain auditability, and provide support. We do not access connected services for unrelated purposes.

You can disconnect apps through otom8 or revoke access directly with the third-party provider. Revoking access may stop workflows that depend on that connection.

If you connect Google services, otom8 requests only the Google API scopes needed for the features you choose to use. The exact permissions are displayed in the Google authorization flow.

Google user data may be used to read, create, update, delete, route, or synchronize information only as needed to provide and improve user-facing otom8 functionality that you configure or request, including workflow execution, troubleshooting, support, reliability monitoring, and security.

Otom8's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We do not sell Google user data, use it for advertising, transfer it to advertising platforms or data brokers, or use it to train or evaluate generalized AI or machine learning models. Google user data is not made available to train a generative AI product.

You can revoke Google access at any time from your Google Account permissions page or by disconnecting the relevant connection in otom8.

We use information to provide, operate, maintain, secure, and improve otom8; create and manage accounts; authenticate users; build, deploy, monitor, and support automations; process transactions; respond to support requests; send administrative messages; and enforce our terms and policies.

We may use information to communicate with you about products, services, onboarding, support, security notices, billing, legal updates, and service changes. Where required, we will obtain consent before sending marketing communications, and you can opt out of marketing emails at any time.

We may process information to detect, prevent, and investigate fraud, abuse, security incidents, service misuse, unauthorized access, and violations of law or our terms.

We may share information with vendors, contractors, service providers, and subprocessors that perform services for us or on our behalf. These providers are permitted to process information only as needed to provide services to us and are expected to protect information appropriately.

Categories of providers we may use include cloud hosting and infrastructure providers, database and storage providers, authentication providers, payment processors, analytics and product telemetry providers, logging and observability providers, email and messaging providers, customer support tools, error monitoring tools, security tools, and communication platforms.

Examples of providers that may support otom8 include DigitalOcean, Google Cloud Platform, Azure, Vercel, Clerk, Stripe, Sentry, Datadog, PostHog, SendGrid, Twilio, and similar infrastructure, analytics, monitoring, payment, communication, and support services. The providers used may change as the service evolves.

We may also share information in connection with business transfers, corporate transactions, legal obligations, protection of rights and safety, fraud prevention, and enforcement of agreements.

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, disclosure, alteration, or destruction. These safeguards may include encryption, access controls, audit logging, network protections, least-privilege policies, monitoring, and backup procedures.

No method of transmission or storage is completely secure. You are responsible for maintaining the security of your account credentials, connected accounts, devices, and workspace permissions.

We retain information for as long as needed to provide the services, operate workflows, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, and keep legitimate business records. When we no longer have a legitimate need to process information, we will delete, anonymize, or isolate it from further processing where feasible.

You may request access, correction, deletion, export, restriction, or objection regarding personal information where applicable. You may also request that we close your account or delete workspace data, subject to legal, security, backup, billing, and operational requirements.

You may opt out of marketing communications by using the unsubscribe link in those messages or by contacting us. We may still send transactional, security, billing, and service-related messages.

Depending on where you live, you may have additional privacy rights under laws such as the California Consumer Privacy Act, other United States state privacy laws, or data protection laws in the European Economic Area, United Kingdom, or Switzerland. We will respond to eligible requests in accordance with applicable law.

We do not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising.

Otom8 is not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided personal information to us, contact us so we can take appropriate action.

Some browsers offer Do Not Track signals. Because there is no uniform industry standard for responding to these signals, we do not currently respond to Do Not Track browser signals. If a standard is adopted that we are required to follow, we will update this policy.

We may update this Privacy Policy from time to time. If we make material changes, we will update the date above and may provide additional notice by posting on our website, sending email, or using other reasonable methods.

Your continued use of otom8 after an updated policy becomes effective means you accept the updated policy to the extent permitted by law.

For privacy questions, rights requests, or deletion inquiries, contact us at support@otom8.us.