Back to Otto
Privacy

How Otto handles your information.

Last updated June 23, 2026. This policy covers the Otto iOS app and ottokeep.com.

Who runs Otto

Otto is operated by Mehmet Erturk, trading as Otto (the “data controller”). For privacy questions, write to privacy@ottokeep.com.

What Otto stores on your device

Otto is local-first. Your ledger is stored on your iPhone. App data can include:

  • Transactions, receipts, attachments, imported files, and notes.
  • Accounts, categories, rules, budgets, goals, and recurring items.
  • Household names, preferences, app settings, and conversation history.
  • Local AI model status if you choose to download a model.

We do not operate a finance-data server for your ledger. We do not receive your receipts, transaction history, budgets, AI prompts, or AI answers.

When data can leave your device

  • App Store billing. Apple processes purchases. RevenueCat receives App Store receipt and entitlement data so Otto can unlock Otto Pro.
  • Exchange rates. Foreign currency conversion may request a currency pair and date from Frankfurter. Your full ledger is not sent.
  • Opt-in diagnostics. Diagnostics and analytics are off unless you opt in. If enabled, Otto sends redacted event names, counts, timings, device diagnostics, and crash/performance data tied to a device-scoped identifier. It does not send merchants, amounts, receipt text, notes, or AI message content.
  • Local model downloads. On supported devices, you may explicitly download an optional local model from Hugging Face CDN. The model weights stay on your phone after download.
  • Support email. If you contact us, we receive what you choose to send.

What the website collects

When you submit your email at ottokeep.com, the site records:

  • Email address — what you typed into the form.
  • Timestamp — when you submitted.
  • Browser user-agent — e.g. Chrome on macOS. Sent automatically by every browser.
  • Country code — e.g. TR, US. Derived from the network edge by Cloudflare; we do not store your IP address.
  • Referrer URL — if you arrived from another site, the address that linked here.

The website sets no analytics cookies, uses no ad tracking, and does not fingerprint visitors.

Why we use this data

We use app data to provide the features you ask Otto to perform: receipt capture, categorisation, budgeting, local Q&A, export, deletion, subscriptions, and support.

We use website email submissions to send Otto availability and product updates. We use diagnostics, if you opt in, to improve reliability and fix crashes.

Lawful bases under GDPR include contract performance, consent, legitimate interest in operating and improving Otto, and legal obligations for purchase and tax records handled by Apple.

Where it is processed

Website email submissions land in a private Google Sheet via Google Apps Script. App diagnostics, when you opt in, are processed by PostHog. Purchase entitlements are processed by RevenueCat.

International transfers. Processors may process data outside your country. Transfers rely on standard data protection terms and safeguards offered by those providers, including Google’s Standard Contractual Clauses where applicable.

How long we keep it

  • Local app data stays on your device until you delete it.
  • Email update records stay until you unsubscribe or ask us to delete them.
  • Support emails are kept only as long as needed to handle the request.
  • Purchase records are retained by Apple and RevenueCat according to their policies and legal duties.

Your choices and rights

  • Export your app ledger as CSV from Security & Privacy.
  • Delete all local app data from Security & Privacy.
  • Turn diagnostics and analytics on or off from Security & Privacy.
  • Ask us for a copy, correction, or deletion of website/support records tied to your email.
  • Unsubscribe from product emails any time.

Email privacy@ottokeep.com from the address involved. We aim to action requests within 7 days.

Filing a complaint

We’d rather hear from you first — email privacy@ottokeep.com and we’ll resolve it. If you’re in the EU/EEA, you also have the right to lodge a complaint with your national data protection supervisory authority. UK residents can complain to the Information Commissioner’s Office.

Cookies

The marketing site sets no cookies and runs no third-party analytics. The browser may store your submitted email address and timestamp in localStorage, so the form can show your saved state on return visits. That local record never leaves your device after the original waitlist submission.

Children

Otto is designed for households and adult finance management. We do not knowingly collect data from anyone under 16.

Changes

If this policy changes materially, we’ll update the date above and provide reasonable notice through the website, app, or email.