Privacy Policy
Last updated: July 3, 2026
1. Information We Collect
Account Information
When you create an account, we collect your email address and display name. If you sign in via a third-party provider (e.g., Google, GitHub), we receive the profile information you authorize.
Usage Data
We collect information about how you use our services, including projects created, models selected, token usage (input and output counts), and feature interactions. This data helps us improve the product and provide usage transparency.
Cookies
We use a session cookie (otinaru_token) for authentication across our subdomains. We also store your theme preference. We do not use third-party tracking cookies.
2. How We Use Your Information
- Provide, maintain, and improve our services
- Process credit purchases and manage your balance
- Display token usage and cost transparency
- Send service-related communications (e.g., low balance alerts)
- Ensure security and prevent abuse
3. Third-Party Services
OpenRouter
We use OpenRouter to route AI model requests. When you send a message, the conversation context is sent to OpenRouter, which forwards it to the selected model provider (e.g., Anthropic, OpenAI, Google). OpenRouter's privacy policy governs their handling of this data.
Payment Processing
Credit purchases are processed by a third-party payment processor. We do not store your full payment card details on our servers.
4. Data Retention
Your projects, files, and conversation history are retained as long as your account is active. You can delete individual projects at any time. If you delete your account, all associated data is permanently removed within 30 days.
5. Your Rights
You have the right to:
- Access and download your data
- Correct inaccurate information
- Delete your account and associated data
- Export your projects in multiple formats (PDF, HTML, ZIP, etc.)
6. BYOK Data Handling
If you use the Bring Your Own Key (BYOK) feature, your OpenRouter API key is encrypted using Fernet symmetric encryption before storage. It is never stored in plaintext and never logged. BYOK requests are routed directly through OpenRouter using your key — Otinaru does not intercept or store the content of these requests beyond what is needed for the conversation interface.
7. Contact
For questions about this privacy policy, contact us at [email protected].