Last updated · May 9, 2026
Privacy notice
This notice explains what data we collect when you use otlta and how we use it. We are Jodi Anoorabh LLP, an Indian limited liability partnership, and we're the data controller for everything below.
What we collect
- Account data: name, email, password hash, profile photo (optional). Required for authentication.
- Workspace content: wiki pages, tasks, sprints, comments, attachments, AI conversation history. Stored on your behalf.
- Usage events: AI request type, model used, input/output token counts, cost in INR micros. Used to enforce fair-use limits and bill you correctly.
- Operational logs: request paths, IP addresses (transient), error stack traces. 30-day retention.
- Payment metadata: Razorpay subscription ids and billing-period status. We never see your card number.
How we use it
- Run the service: authenticate you, route your requests, store your content.
- Bill you: calculate seat counts, generate invoices, charge via Razorpay.
- Improve the service: aggregate, anonymized usage trends. We don't analyze your individual content.
- Communicate with you: account email, billing receipts, security notices.
What we don't do
- We don't sell your data. We've never received an offer to.
- We don't train AI models on your content.
- We don't share your content with third parties except the sub-processors listed on the security page, and only as needed to run the service.
- We don't have a customer-support tool that can read your wiki or tasks. The platform-admin route exists for incidents (e.g. comp accounts, internal debugging) and is allowlisted to two engineers; every action is audit-logged.
Cookies
We use a single auth cookie set by Supabase to keep you signed in. We don't use third-party analytics tracking on the marketing site. The app surfaces basic usage telemetry to Cloudflare Analytics Engine, anonymized at the org level.
Your rights
You can export your data, correct your account info, or delete your account at any time from Settings. India's Digital Personal Data Protection Act, the GDPR, and the CCPA all apply where they do; if you're a resident covered by one of those, the rights you have under that law are yours regardless of what this notice says.
Email privacy@otlta.com to make a request. We respond within 30 days; usually faster.
Retention
We keep your content while your account is active. If you delete your organization, we hold the data for 30 days (in case you change your mind) and then permanently remove it. Operational logs are pruned after 30 days. Backups are encrypted and rolled forward weekly.
Children
otlta is not for children under 13. Don't create an account if you're younger than that.
Changes
If we make a meaningful change, we'll email account owners 30 days before it takes effect.
Contact
Privacy questions: privacy@otlta.com. Anything else: hello@otlta.com.