Privacy policy

Updated July 2026 · Effective July 3, 2026

The short version: we collect only what OnOtto needs to work, we store it with reputable providers in the United States, we never sell your data, and you can have all of it deleted by emailing hello@onotto.com. The long version below is written to be actually readable.

What we collect, and where it lives

Your account

When you create an account we collect your email address and name. Sign-in and account credentials are managed by Amazon Cognito (part of Amazon Web Services). We never see or store your password — Cognito handles it with standard cryptographic hashing.

Your household and task data

The tasks you create, their schedules and history, your household's members and their assignments, and streak/leaderboard activity are stored in Amazon DynamoDB, in AWS data centers in the United States. This data exists so the app can do its job; we don't mine it for advertising and we don't sell it.

Documents you upload

Appliance manuals, inspection reports, and other documents you upload are stored in Amazon S3 (US), private to your household. When you use AI scanning, the document is processed to extract maintenance tasks; the document itself stays in your vault until you delete it or your account.

Payments

Billing is handled entirely by Stripe. We never see, receive, or store your card number — Stripe sends us only what we need to run your subscription: which plan you're on, its status, and the last four digits of your card so you can recognize it in your billing settings.

Email

Reminder emails, account emails, and (if you subscribed) the newsletter are sent via Amazon SES. Newsletter signups store your email address and the page you subscribed from, used only to send you the newsletter. Every newsletter includes an unsubscribe link that works immediately.

Analytics

We use PostHog and Google Analytics to understand which pages and features are useful — page views, button clicks, and feature usage, tied to a random identifier rather than your name. We configure analytics to be as anonymous as practical, and we honor browser opt-out signals: if your browser sends Global Privacy Control or Do Not Track, our sites load no analytics at all — no scripts, no requests, no cookies.

What we don't do

Who else touches your data

Only the processors named above — AWS (Cognito, DynamoDB, S3, SES), Stripe, PostHog, and Google Analytics — each of which processes data solely to provide their service to us under their own privacy and security commitments. Beyond that, we'd disclose data only if legally compelled to, and where permitted we'd tell you first.

How long we keep it

As long as your account exists, so the app can work. If you cancel a paid plan, your data stays intact on the free tier. If you delete your account — or ask us to — we delete your personal data, household data, and uploaded documents from live systems promptly, with residual copies aging out of encrypted backups on a fixed schedule. Records we're legally required to keep (like payment records held by Stripe) are kept only as long as the law requires.

Your rights

Wherever you live, we extend the same rights to everyone: ask us what we hold about you, ask for a copy, correct it, or delete it entirely. Email hello@onotto.com from the address on your account and we'll handle it — deletion requests are confirmed when complete.

Children

OnOtto is not directed at children under 13, and we don't knowingly collect their data. Household members you invite should be old enough to hold the account under the terms of our service.

Changes to this policy

If we change this policy in any way that matters, we'll update the date at the top and notify account holders by email before the change takes effect. We won't quietly weaken it.

Contact

Questions, requests, or concerns: hello@onotto.com.