Privacy Policy

Information We Collect

When you create an account, we collect your email address and a username you choose. If you sign up through Google, we receive your Google account email and display name. We do not collect your date of birth or birth year.

When you use Otto we collect the content you create (posts, comments, votes, messages), information about the communities you create or moderate, and reports you submit.

We collect your IP address when you interact with the platform. For most purposes (rate limiting, abuse prevention, vote manipulation detection), IP addresses are hashed with a server-side salt before storage, meaning we cannot recover the original address.

For account security, we store your unhashed IP address, approximate country, and internet service provider alongside your active login sessions. This allows you to review your sessions in Settings and detect any unauthorized access. Session data including raw IP addresses is automatically deleted after 30 days.

When you open a community's page while logged in, we record the timestamp of that visit. This data is retained for up to 90 days and is used solely to weight your own subscribed home feed under the Depth sort, so subs you've recently visited rank slightly higher. It does not affect the /all view, individual sub pages, or any other sort. It is never shared, never used for advertising, and is deleted when your account is deleted. You can disable this entirely in Settings (the Boost subs I've recently visitedtoggle under Content), in which case no further visit data is recorded and any existing visit history is deleted immediately.

Anonymity & Pseudonymity

You may browse public content on Otto without creating an account or otherwise identifying yourself. To create an account, post, comment, vote, or use any account-based features, we require a verified email address: fully anonymous operation of these features is not practicable for safety, moderation, and security reasons.

You may use a pseudonym for your account; we do not require your real name. The username you choose is the identifier visible to other users, while your email address is used only for account-related communication and is not displayed publicly.

Content Safety Scanning

We automatically scan user-generated content (including posts, comments, and profile information) using a combination of pattern-matching systems and AI-based classification to detect content that may violate our community guidelines or applicable law. This includes scanning for content related to self-harm, suicide, and eating disorders, in compliance with our obligations under applicable online safety legislation.

This processing is carried out on the basis of (a) our legal obligations under online safety legislation, and (b) our legitimate interest in maintaining a safe platform for all users, including minors who may access the service.

Our automated systems assign a confidence score to flagged content. Content flagged by automated systems is reviewed by a human moderator before any permanent action is taken on your account. Content may be temporarily hidden pending review. You will be notified if action is taken on your content or account as a result of this process.

We also scan user-generated content for signals that may indicate a user is below the minimum age for the service. This processing is necessary for compliance with age-related regulatory requirements.

Content analysed by our scanning systems is processed in accordance with the data minimisation principle. Matched text and pattern data are retained only for as long as necessary to complete the review process and maintain compliance records. Where content is sent to a third-party AI service for classification, only the content text is transmitted. No user identifiers are included in the request.

How We Use Your Information

  • To provide and operate the platform
  • To send verification emails and password reset links
  • To enforce our rules and prevent abuse through rate limiting
  • To support the moderation system (reports and enforcement actions)
  • To scan content for potential safety concerns using automated tools and AI classification
  • To generate link thumbnails for posts
  • To display your active sessions so you can detect unauthorized access
  • To determine your approximate location (country) using GeoIP lookup
  • To collect anonymous, privacy-focused usage analytics

Information Sharing

We do not sell your personal information. We do not share your data with third parties for advertising purposes. Information may be disclosed if required by law or to protect the safety of our users.

If you sign in with Google, Google may receive information about your authentication session in accordance with their own privacy policy. We use the Resend email service to deliver verification and notification emails. We use MaxMind GeoIP databases to determine approximate location from IP addresses. We use Umami for privacy-focused, cookie-free usage analytics that does not track individual users. For content safety classification, we may send the text of posts or comments to Anthropic, a US-based AI service, for analysis; only the content text is sent, with no user identifiers or account information included in the request. By using Otto, you acknowledge that this involves the transfer of content data to a recipient located outside Australia.

If Otto is involved in a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred as part of that transaction. We will give reasonable notice through the platform or by email before any such transfer takes effect, and any successor entity will be required to handle your information in a manner no less protective than this Privacy Policy until any future updates are notified to you.

Direct Marketing

We do not use your personal information for direct marketing. If this changes in the future, we will only do so where permitted by law, and with your consent where required by the Privacy Act 1988 (Cth) or the Spam Act 2003 (Cth). In every case you will be given a clear, prominent, and free opt-out, and we will provide notice before any such use begins.

Data Security

Passwords are hashed using bcrypt before storage. Authentication tokens are signed with ES512 (ECDSA) cryptography. All user-generated HTML content is sanitised to prevent cross-site scripting. Uploaded images are validated at the byte level to block malicious file types. Security headers are applied to all responses.

Data Breach Notification

In the event of an eligible data breach (as defined under Part IIIC of the Privacy Act 1988 (Cth)), we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme. Notifications will describe the nature of the breach, the kinds of personal information involved, and recommended steps you can take to protect yourself.

Cookies & Authentication

Otto uses HTTPOnly cookies to store your authentication token (JWT) and server-side session identifier. These cookies are essential for keeping you logged in and cannot be accessed by JavaScript running on the page. A non-sensitive signal cookie is also used to let the interface know whether you are logged in. We do not use cookies for tracking or advertising.

Children’s Privacy

Otto is not intended for use by anyone under 16 years of age. We do not knowingly collect personal information from anyone under 16. If we learn that we have collected personal information from a person under 16, we will delete it.

Access, Correction, and Your Rights

You can update your profile information, change your email address, or change your password from the settings page at any time. You may request deletion of your account by contacting us via our contact form.

You also have the right to request access to the personal information we hold about you, and to request correction if it is inaccurate, out-of-date, incomplete, or misleading. To make a request, contact us via our contact form. We will respond within 30 days. We may need to verify your identity before responding. Access requests are free; we will not charge a fee unless the request is unusually complex, in which case we will notify you of any reasonable charge before proceeding.

We may decline a request for access or correction in the limited circumstances permitted by the Privacy Act 1988 (Cth) (for example, where granting access would be unlawful, would unreasonably impact the privacy of others, or where the information relates to anticipated or existing legal proceedings). Where we decline a request, we will provide written reasons (where required) and information about how to complain.

Data Retention

Your account data is retained for as long as your account is active. If your account is deleted, we will remove your personal information (username, email, password). Posts and comments you created will remain visible with your username replaced by “[deleted]” so they are no longer linked to your identity. This de-identified content is retained on the basis of our legitimate interest in preserving the integrity of community discussions. You can delete individual comments before deleting your account if you wish to remove specific content. After account deletion, you may still request removal of specific comments by contacting us via our contact form.

Hashed IP addresses used for rate limiting are retained temporarily and cannot be linked back to you. Raw IP addresses stored for session security are automatically deleted after 30 days.

California Residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to: know what personal information we collect and how it is used (described above); request deletion of their personal information; and opt out of the sale of personal information. We do not sell personal information to third parties. We will not discriminate against you for exercising any of these rights. To make a request, please use our contact form.

Complaints

If you believe we have not handled your personal information in accordance with this policy or the Australian Privacy Principles, please contact us via our contact form in the first instance. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or by phone on 1300 363 992.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through a notice on the platform. Continued use of Otto after changes take effect constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, please contact us via our contact form.

Last updated: May 2026. See also our Terms of Service and Rules.