Privacy Policy

Last updated: July 3, 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address and display name. If you sign in via a third-party provider (e.g., Google, GitHub), we receive the profile information you authorize.

Usage Data

We collect information about how you use our services, including projects created, models selected, token usage (input and output counts), and feature interactions. This data helps us improve the product and provide usage transparency.

Cookies

We use a session cookie (otinaru_token) for authentication across our subdomains. We also store your theme preference. We do not use third-party tracking cookies.

2. How We Use Your Information

  • Provide, maintain, and improve our services
  • Process credit purchases and manage your balance
  • Display token usage and cost transparency
  • Send service-related communications (e.g., low balance alerts)
  • Ensure security and prevent abuse

3. Third-Party Services

OpenRouter

We use OpenRouter to route AI model requests. When you send a message, the conversation context is sent to OpenRouter, which forwards it to the selected model provider (e.g., Anthropic, OpenAI, Google). OpenRouter's privacy policy governs their handling of this data.

Payment Processing

Credit purchases are processed by a third-party payment processor. We do not store your full payment card details on our servers.

4. Data Retention

Your projects, files, and conversation history are retained as long as your account is active. You can delete individual projects at any time. If you delete your account, all associated data is permanently removed within 30 days.

5. Your Rights

You have the right to:

  • Access and download your data
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your projects in multiple formats (PDF, HTML, ZIP, etc.)

6. BYOK Data Handling

If you use the Bring Your Own Key (BYOK) feature, your OpenRouter API key is encrypted using Fernet symmetric encryption before storage. It is never stored in plaintext and never logged. BYOK requests are routed directly through OpenRouter using your key — Otinaru does not intercept or store the content of these requests beyond what is needed for the conversation interface.

7. Contact

For questions about this privacy policy, contact us at [email protected].