Effective April 8, 2020
[See also Terms of Service]
Where we have an Otter for Teams or enterprise service agreement in place with an enterprise customer who is asking you to use our Services (for example your employer), we obtain and process your Personal Information on behalf of and at the instructions of that customer. In that context, such enterprise customers are the data controllers and their privacy policies will apply to the processing of your Information. We encourage you to read their privacy policies.
For the purpose of this Policy, “Personal Information” means any information relating to an identified or identifiable individual. This includes Personal Information you provide or generated when you use: (a) our Otter meeting assistant app (the “App”); and (b), https://otter.ai and any other dedicated Otter.ai websites (the “Website”) (collectively, the “Services”). When you use the Services, you accept and understand that we collect, process, use and store your Personal Information as described in this Policy.
If you are a California resident, our Privacy Notice for California Residents includes additional information about your rights and how we collect, use, and share information.
If you do not agree with this Policy, you must not use any of the Services. If you change your mind in the future, you must stop using the Services and you may exercise your rights in relation to your Personal Information as set out in this Policy.
1. INFORMATION WE COLLECT
We will collect and use the following Personal Information about you:
Information you provide to us
- Registration Information. When you create an account on our Services, you will be asked to provide your name, email, and a password, you may voluntarily add a profile picture. For Premium or Team plans which are paid Services, our payment processing partner Stripe, Inc. may also collect your name, billing address, and payment information. Payment information is not shared with us and is maintained by Stripe.
- App Information. When you use the Services, you may provide us with your audio recordings (“Audio Recordings”) and any text, images or videos that you upload or provide to us in the context of the Services.
- Communication Information. When you contact us, you provide us with your phone number, email, and any other information you choose to provide over such communication, including information about your query.
Information you provide us about others
- If you choose to collaborate on a task with your co-workers or friends, or refer us to them, you provide us with the email address and contact information of your co-workers or friends.
- If you provide an Audio Recording, this may contain the Personal Information of third parties. Before you do so, please make sure you have the necessary permissions from your co-workers, friends or other third parties before sharing Personal Information or referring them to us.
Information we automatically collect or is generated about you when use the Services
- Usage Information: When you use the Services, you generate information pertaining to your use, including timestamps, such as access, record, share, edit and delete events, app use information, interactions with our team, and transaction records.
- Device Information: We assign a unique user identifier (“UUID”) to each mobile device that accesses the Services. When you use our Services, you provide information such as your IP address, UUIDs, device IDs, web beacons and other device information (such as carrier type, whether you access our Service from a desktop or mobile platform, device model, brand, web browser and operating system).
Information received from third parties.
- Information we receive from third party platforms: When you connect third party platforms, apps or providers (such as Google Calendar, iCal or other calendar programs, Google Contacts or Zoom) to our Services, or when you register through a third party account (such as Google or Microsoft), we receive Personal Information that includes your username, profile picture, email address, time, location, calendar information, contact information from such third parties and any information you choose to upload to such third party platforms (“Platform Information”).
- Information from platforms our Services relies on: We receive transaction information from our payment processor Stripe. .
We also collect, and use aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Policy.
2. HOW WE USE YOUR PERSONAL INFORMATION
We use your Personal Information to:
- Set up your account. We use your registration information, device information and information received from third parties (such as your username, email address) in order to set up an account for you to use our Services. We do so in accordance with our contractual and precontractual obligations to you in order to provide you with an account to use the Services.
- Provide you with the Services. We use your audio recordings, usage information and platform information in order to provide you with the Services. In addition, we use your communication information to facilitate support (e.g. retrieval of a forgotten password). We do so in accordance with our contractual obligations to you in order to provide you with the Services.
- Improve and monitor the Services. We use information we automatically collect or generate about you when you use the Services, as well as non-personal information about your device such as device manufacturer, model and operating system, and the amount of free space on your device, to analyze the use of and improve our Services. We train our proprietary artificial intelligence technology on aggregated, de-identified audio recordings. Only on your explicit permission we may manually review certain audio recordings to further refine our model training data.
- Communicate with you. If you contact us, we will use your contact information to communicate with you and, if applicable, your usage information to support your use of the Services.
- Send you newsletters about product news or updates that may be of interest to you. We will send you emails with news or updates pertaining to our Services. When doing so, we process your email address, name and may process your usage information. Your consent can be withdrawn at any time by following the unsubscribe mechanism at the bottom of each communication
- Prevent fraud, defend Otter.ai against legal claims or disputes, enforce our terms and to comply with our legal obligations. It is in our legitimate interest to protect our interests by (1) monitoring the use of the Services to detect fraud or any other user behavior which prejudices the integrity of our Services, (2) taking steps to remedy aforementioned fraud and behavior, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will process the Personal Information relevant in such a case, including information you provide us, information we automatically collect about you, and information which is provided to us by third parties.
Cookies are small files of letters and numbers that we store on your browser or on your device. They contain information that is transferred to your device.
We use the following Cookies:
- Strictly necessary Cookies: Some Cookies are strictly necessary to make our Services available to you; for example, to provide login functionality, user authentication and security. We cannot provide you with the Services without this type of Cookie.
- Functional Cookies: These are used to recognize you when you return to our Website. This enables us to personalize our content for you and remember your preferences (for example, your choice of language).
You can block Cookies by setting your internet browser to block some or all or Cookies. However, if you use your browser settings to block all Cookies (including essential Cookies) you may not be able to use our Services.
Except for essential Cookies, all Cookies will expire after a maximum of two years.
4. WITH WHOM WE SHARE YOUR PERSONAL INFORMATION
We share your Personal Information with selected third parties, including:
- Other users who see your Personal Information (such as your username and email) and any other information you choose to share with them through the Services.
- Vendors and service providers we rely on for the provision of the Services, for example:
• Cloud service providers who we rely on for compute and data storage, including Amazon Web Services which is based in the United States.
• Platform support providers who help us manage and monitor the Services, including Amplitude, which is based in the U.S. and provides user event data for our Services.
• Mobile advertising tracking providers who help us measure our advertising effectiveness, including Appsflyer which is based in Israel.
• Analytics providers who provide analytics, segmentation and mobile measurement services and help us understand our user base. We work with a number of analytics providers, including Google LLC, which is based in the U.S. You can learn about Google’s practices by going to https://www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- Providers of integrated third party programs, apps or platforms, such as Google Calendar and Apple iCal. When you connect third party platforms to our Services, you authorize us to share designated information and data created and/or uploaded by you to our servers with these third party programs on your behalf.
We are not responsible for the content, privacy and security practices and policies of such third parties or App providers. We encourage you to learn about their privacy and security policies before integrating such platforms.
- Payment processors, such as Stripe. These payment processors are responsible for the processing of your Personal Information, and may use your Personal Information for their own purposes in accordance with their privacy policies. More information is available here: https://stripe.com/gb/privacy.
- Law enforcement agencies, public authorities or other judicial bodies and organizations. We disclose Personal Information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection).
- Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale or other transaction, we may disclose your Personal Information as part of that transaction.
5. HOW LONG WE STORE YOUR INFORMATION
Otter.ai stores all Personal Information for as long as necessary to fulfill the purposes set out in this Policy, or for as long as we are required to do so by law or in order to comply with a regulatory obligation. When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.
6. YOUR RIGHTS
In certain circumstances you have the following rights in relation to your Personal Information that we hold.
- Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and who we share it with.
- Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.
- Erasure. You have the right to request for your Personal Information to be erased or deleted.
- Object to processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.
- Restrict processing. You have a right in certain circumstances to stop us from processing your Personal Information other than for storage purposes.
- Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.
- Withdraw consent. You have the right to withdraw any consent you previously applied to us. We will apply your preferences going forward, and this will not affect the lawfulness of processing before your consent was given.
Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may require additional information (for example, why you believe the information we hold about you is inaccurate or incomplete) and may have valid legal reasons to refuse your request. We will inform you if that is the case. For more information on how to exercise your rights, or to exercise your rights, please email email@example.com.
If you are a California resident, California law affords you certain rights regarding our collection and use of your personal information. To learn more about your California privacy rights, please visit our Privacy Notice for California Residents.
7. PRIVACY SHIELD
For more information on how we comply with the Privacy Shield Principles, please see APPENDIX: Otter.ai Privacy Shield Notice.
The Service and Website are not targeted at children, and we do not knowingly collect Personal Information from children under the age of 13. If you learn that a child has provided us with Personal Information in violation of this Policy, please contact us as indicated below.
9. CONTACT & COMPLAINTS
For inquiries or complaints regarding this Policy, please first contact us at firstname.lastname@example.org and we will endeavor to deal with your complaint as soon as possible. This is without prejudice to your right to launch a claim with a data protection authority .
If you are based in the EEA or the UK, you may also make a complaint to either the Irish Data Protection Commission (on +353 578 684 800 or via https://forms.dataprotection.ie/contact) or the UK’s ICO (on +44 303 123 1113 or via https://ico.org.uk/make-a-complaint/), or to the supervisory authority where you are located.
10. DATA SECURITY
We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Information that we collect and maintain. However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.
The Website and Service may provide features or links to websites and services provided by third parties. Any information you provide on Apps, third party websites or services is provided directly to the operators of such websites or services and is subject to their policies governing privacy and security, even if accessed via our Website or in connection with our Service.
11. CROSS-BORDER DATA TRANSFERS
To facilitate our global operations Otter.ai may transfer, store and process your operations with our partners and service providers based outside of the country in which you are based. Laws in those countries may differ from the laws applicable to your country of residence. Where we transfer, store and process your Personal Information outside of the EEA or the UK we will ensure that the appropriate safeguards are in place to ensure an adequate level of protection such as through acceding to the Standard Contractual Clauses. Further details regarding the relevant safeguards can be obtained from us on request.
Where required, we will update this Policy from time to time. When we do so, we will make it available on this page and indicate the date of the latest revision. Please check this page frequently to see any updates or changes to this Policy.
13. ABOUT US
Attn: Privacy Officer
5150 El Camino Real, Suite A-22
Los Altos, CA 94022
Otter.ai Privacy Shield Notice
Effective April 8, 2020
Otter.ai has created this Privacy Shield Notice (“Notice”) to describe our standards and procedures for handling Personal Information in accordance with the Privacy Shield Frameworks and Principles.
This Notice supplements our Policy. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Policy. In case of conflict between the Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern.
How we obtain Personal Information
We obtain and Process Personal Information from the European Economic Area (“EEA”), United Kingdom (“UK”) or Switzerland in different capacities:
- As a data controller, we collect and Process EEA, UK and Swiss Personal Information directly from individuals, either via our publicly available website https://otter.ai, or through our mobile applications, or in connection with our customer relationships.
- Where we provide our Services in connection with an enterprise agreement, we may obtain and process EEA, UK and Swiss Personal Information on behalf of and at the instructions of our enterprise customers. In that context, such customers are the data controllers and we encourage you to read their privacy policies.
Otter.ai commits to subject to the Principles all Personal Information received from the EEA, UK or Switzerland in reliance on the Privacy Shield (which includes both types of activities).
Privacy Shield Principles
1. Notice. Our Policy in combination with this Notice describes our privacy practices. When providing our Services as a Data Processor, our customers determine the categories of Personal Information we Process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals. Please see our customers’ privacy policies for more information.
2. Data Integrity and Purpose Limitation. Any Personal Information we receive may be processed by Otter.ai for the purposes indicated in our Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with Otter.ai up to date and may contact Otter.ai as indicated below or in the Policy to request that their Personal Information be updated or corrected.
We will adhere to the Principles for as long as we retain the Personal Information collected under Privacy Shield.
When providing our Services as a data processor, we process and retain Personal Information as necessary to provide our Services as permitted in our agreements, or as required or permitted under applicable law.
3. Accountability for Onward Transfer of Personal Information. Otter.ai may transfer Personal Information as described in the Policy. When providing our Services as a data processor, we disclose Personal Information as provided in our agreement with customers.
We remain responsible for the processing of Personal Information received under the Privacy Shield and subsequently transferred to a third party acting as an agent if the agent Processes such Personal Information in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
4. Security. Otter.ai takes reasonable and appropriate precautions, taking into account the risks involved in the Processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5. Access and Choice. If we intend to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a Data Controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.
Where appropriate, you have the right to access to the Personal Information we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the Principles by sending a written request as indicated in “Contact Us” below. We will review your request in accordance with the Principles, and may limit or deny access to Personal Information as permitted by the Principles.
When providing our Services as a Data Processor, we only Process and disclose the Personal Information as specified in our agreements. Our customers control how Personal Information is disclosed to us and Processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to whom you submitted your Personal Information and that uses our Services. If you provide us with the name of the company to whom you provided your Personal Information and who is our customer, we will refer your request to that customer and support them in responding to your request.
6. Recourse, Enforcement and Liability. We conduct an annual self-assessment of our practices regarding Personal Information intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.
If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.
If an issue cannot be resolved through Otter.ai internal dispute resolution mechanism, you may submit a complaint to https://www.jamsadr.com/eu-us-privacy-shield at no cost to you which serves as Otter.ai alternative dispute resolution provider. For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the Principles available here.
Otter.ai is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Changes to this Notice
This Notice may be amended consistent with the requirements of the Privacy Shield. When we update this Notice, we will also revise the “Last updated” date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.
If you have any questions, concerns or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:
- via email at email@example.com (attn: Privacy Officer)
- by mail to
Attn: Privacy Officer
5150 El Camino Real, Suite A-22
Los Altos, CA 94022