Privacy
Policy.
Privacy isn't a checkbox for us — it's a core part of how otterdo is built. Your data is yours.
What we collect
We collect only what's necessary to run the service: your email address, your username, and your password (stored as a bcrypt hash — we never see the plaintext). When you sign in, we also record your session's IP address and browser user agent for security purposes. That's it. No behavioural tracking, no device fingerprinting, no extras.
Encryption at rest
All personally identifiable information is encrypted at rest. This covers your email address, username, and the IP address and browser user agent tied to each session. Your password is never stored — only a bcrypt hash. Even with direct database access, none of this data is readable without the encryption keys, which are stored separately from the database.
How we use your data
Your email address is used to authenticate you and to send transactional messages you've requested (e.g. password resets). Your username identifies you within the service. Session data (IP address, user agent) is used only to manage active logins and detect suspicious access. We never sell your data, share it with advertisers, or use it to build profiles.
Cookies & tracking
We use a single session cookie to keep you logged in. When you sign in, your IP address and browser user agent are stored encrypted in the database alongside your session, so you can review and revoke active logins. There are no third-party trackers, analytics scripts, ad pixels, or fingerprinting of any kind on otterdo.
Data storage & transfer
All data is stored on servers located within the EU. Data in transit is protected by TLS 1.2 or higher. We do not transfer your personal data outside the EU/EEA.
Your rights (GDPR)
You have the right to access, correct, export, or permanently delete your data at any time from your account settings. You may also contact us at [email protected] to exercise any right or lodge a concern. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Changes to this policy
If we make meaningful changes to how we handle your data, we'll notify you by email at least 14 days before the changes take effect. Minor clarifications may be made without notice. The current version is always linked in the footer.