Cómo funcionaPor qué OttoPlanesBlogSobre OttoFAQ
Iniciar sesiónComenzar

Privacy Policy

Last updated: 2026-05-20

Otto is a tool that automatically detects your recurring subscriptions by reading the receipts and notices in your Gmail inbox, and that optionally helps you cancel and clean up what you no longer want. This policy explains what data we collect, how we use it, who we share it with, and what rights you have. Questions go to support@ottopocket.com.

1. Who we are

Insyder LLC (Wyoming, USA) ("Otto", "we") is the controller of your data. The service is accessible at https://ottopocket.com.

2. What Otto does

Otto provides three main functions that touch your Gmail data:

  • Subscription detection — we read the receipts and billing notices in your inbox to extract your recurring subscriptions (service, amount, frequency, next renewal). This function uses read permissions.
  • Assisted cancellation — for the subscriptions you choose to cancel, Otto can send a cancellation email from your own mailbox to the service provider, and process the provider's reply to confirm the outcome. This function uses send permissions and is activated per subscription, with your explicit confirmation each time.
  • Inbox cleanup — optionally, Otto can move to trash (or permanently delete) emails that you explicitly select from the cleanup panel. This function uses modify permissions.

Each of these functions requires your explicit authorization at the moment you activate it. Subscription detection is the only one enabled by default when you connect Gmail; cancellation and cleanup are gated behind the Pro plan and individual confirmations.

3. What data we collect

3.1. Account data

When you sign in with Google we receive your name, email address and profile picture. Google provides these directly and we use them to identify you within Otto.

3.2. Gmail content (processed, not stored)

With your explicit consent, Otto accesses subscription-related emails in your Gmail inbox — receipts, invoices, auto-debit notices and renewal notifications. Access is performed through our integration provider (Composio, see section 7), which custodies the OAuth tokens on your behalf.

Minimum retention principle: your full email content crosses our servers only during analysis, in memory. It is NOT persisted to the database, NOT written to disk, NOT logged. Once we've extracted the structured subscription information, the original content is discarded.

What we do store, per detected subscription:

  • Service name (e.g. "Spotify")
  • Charge amount, currency, and billing cycle
  • Renewal and last-charge dates
  • Merchant domain (e.g. spotify.com)
  • A short AI-generated description (1–3 sentences)
  • The source email's opaque identifier (Gmail message ID, useless outside your account)
  • Only for pending subscriptions awaiting your confirmation: the email subject truncated to 80 characters

What we never store:

  • The full email body
  • Email headers (beyond the truncated subject on pending entries)
  • PDF attachments or their extracted text
  • The email addresses of your contacts
  • Any email unrelated to a subscription

3.3. Cancellation correspondence

When you use the assisted-cancellation function, Otto persists the cancellation emails it sends on your behalf and the replies received from the service provider. This is required so Otto can track the request, generate follow-up messages if the provider doesn't respond and report the outcome on your dashboard. Each cancellation thread is tied to its subscription and you can review or delete it from the cancellations panel.

3.4. Bank-statement uploads (optional)

Otto offers the option to upload bank statements as PDFs as an alternative or complement to Gmail scanning. If you use it, the statement text is processed by our AI provider to extract subscriptions. The PDF and its raw text are not persisted — only the detected subscriptions.

3.5. Payment data

If you subscribe to a paid plan, payment processing is performed by Stripe. Otto never sees or stores your full card details: we only receive an opaque customer identifier (Stripe customer ID), payment method tokens (last 4 digits, brand), billing email and the status of your subscription (active, lapsed, in trial, etc.).

3.6. Operational and analytics data

We log minimal operational metrics — when you ran a sync, how many emails we scanned, how many subscriptions we found, whether a cancellation action succeeded — to keep the service running, detect errors and surface stats in your dashboard. We additionally use an analytics provider (PostHog) to understand which parts of Otto get used and where users get stuck.

3.7. Cookies and similar technologies

Otto uses essential cookies to keep you signed in (Firebase Authentication uses these to verify your session) and analytics cookies to measure usage. We do not use third-party advertising cookies or cross-site tracking. If you want to opt out of analytics, write to support@ottopocket.com or block cookies from your browser.

4. Google permissions we request

Otto operates with the following Gmail API scopes, explicitly authorized by you on Google's consent screen:

  • Read (gmail.readonly) — read messages in your mailbox to detect subscriptions.
  • Modify (gmail.modify) — move to trash or delete messages you explicitly select in the cleanup function.
  • Send (gmail.send) — send cancellation emails from your own mailbox to service providers, only when you initiate it.

You can revoke any of these at any time from your Google account at myaccount.google.com/permissions, or by disconnecting your Gmail account in Otto's settings.

5. Compliance with Google's policy

Otto's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • Otto does not use Gmail data to train general AI models. We use it only for the features you signed up for.
  • Otto does not transfer your data to third parties, except subprocessors strictly necessary to operate the service (see section 7).
  • Otto does not sell your data and does not use it for advertising.
  • Otto does not allow human beings to read your emails. Processing is automated. Authorized personnel may exceptionally access limited data to resolve a technical issue you have specifically reported, always within applicable legal frameworks.

6. How we use the data

  • Detect recurring subscriptions in your inbox.
  • Show you the dashboard with aggregated information (monthly totals, upcoming renewals, category breakdown).
  • Execute the cancellation and cleanup actions you request.
  • Charge your Pro plan subscription and manage your billing.
  • Notify you about app operations (sync errors, important changes, receipts).
  • Improve Otto's detection accuracy using anonymized metadata — never the contents of your emails.
  • Comply with legal obligations and prevent service abuse.

7. Service providers and international transfers

Otto operates with a small set of external service providers, grouped in the following categories. Each is bound by a Data Processing Agreement (DPA) or equivalent and only processes data for the purpose listed:

  • Hosting and infrastructure — cloud platform that serves Otto's application and runs its serverless functions.
  • Authentication and database — stores your account, your detected subscriptions and your account's configuration.
  • Gmail integration (Composio) — custodies your Gmail OAuth tokens and proxies the calls Otto makes to the Gmail API. You will see "Composio" on Google's consent screen when you first connect a mailbox; that is our integration partner, not a separate company asking for your data.
  • AI inference — large-language-model providers that process subscription-related emails to extract structured information, draft cancellation messages and classify replies. Email content reaches the AI provider only during analysis and is not persisted on their side.
  • Payment processing (Stripe) — handles Pro plan subscriptions, trials and recurring charges. You will see "Stripe" on your card statement.
  • Product analytics — measures product usage, funnel completion and where users get stuck.
  • Web search — finds cancellation contact information for the services you ask Otto to cancel.

The specific provider names within each category are available on request to support@ottopocket.com.

Some of these providers operate outside your country of residence. By using Otto you authorize the international transfer of the data described in this policy to those countries, under article 49 of the GDPR (for EU users), article 12 of Ley 25.326 (Argentina) or article 33 of the LGPD (Brazil), as applicable.

If you want us to stop processing your data for product analytics, write to support@ottopocket.com and we apply the opt-out manually. Subscription detection, billing and the Gmail integration are essential to the service and cannot be disabled while keeping functionality.

If we add or replace a service provider that receives personal data, we update this section and notify active users by email at least 15 days in advance when the change is material. We do not share data with advertisers, data brokers or third parties for commercial purposes.

8. How long we keep the data

  • While your account is active: detected subscription data, cancellations and your account configuration are retained so you can view them on the dashboard.
  • When you delete your account: we delete all your data within 30 days. Encrypted backups are overwritten within 90 days.
  • Billing data: retained for up to 10 years for tax obligations applicable to Insyder LLC, in minimal form (customer identifier, amount, date, jurisdiction).
  • Operational logs: 90 days from creation.

9. Your rights

Regardless of where you are located, you have the following rights over your data:

  • Access: see all your data on the dashboard.
  • Deletion: delete your account and all associated data from this page or from Settings → Account.
  • Permission revocation: disconnect your Gmail account at any time from Settings, or from your Google account at myaccount.google.com/permissions.
  • Portability: export your data in JSON format from Settings → Account.
  • Correction: edit any subscription's data from the dashboard.
  • Objection and restriction: ask us to stop processing certain data by writing to support@ottopocket.com.
  • Complaint to authority: if you consider that we are infringing your rights, you can lodge a complaint with the data protection authority of your country.

If you are an EU or UK resident, you have rights under GDPR/UK GDPR. If you are an Argentine resident, under Ley 25.326. If you are a Brazilian resident, under LGPD. We apply the protections of whichever legislation applies to you.

9.1. California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): the right to know what data we collect, the right to delete it, the right to correct it and the right to non-discrimination for exercising these rights. Otto does not sell personal data in the CCPA sense. To exercise your rights, write to support@ottopocket.com.

10. Security

Otto encrypts data in transit (TLS 1.2+) and at rest. Application secrets are managed via encrypted environment variables at our hosting provider. Access to production systems is limited to authorized personnel with mandatory two-factor authentication. Gmail OAuth tokens are custodied by Composio (our integration provider), which holds SOC 2 Type II certification — Otto does not store them directly.

Despite these measures, no online service is 100% secure. If we detect unauthorized access to your personal data, we will notify you by email within 72 hours and report to the relevant authorities.

10.1. Staff access to your account

Authorized Otto personnel may access your account and associated data for the following narrow purposes: technical support, abuse prevention, fraud investigation, debugging product issues you report, and improving the service. When this happens, staff use a read-only shadow session — writes (sending emails on your behalf, modifying billing, deleting data) are technically blocked while shadowing. Every shadow session is recorded in an immutable internal audit log (timestamp, staff member, target account, IP, user agent). If you would like a record of any access to your account, contact us at the address in §13 and we will share what we have within 10 business days.

11. Minors

Otto is not directed to users under 18 and we do not knowingly collect data from minors. If we discover that we have collected data from a minor without their guardian's consent, we will delete it immediately.

12. Changes to this policy

If we modify this policy we will notify you by email when changes are substantive, and we will always publish the updated version here with the new "last updated" date. Continued use of Otto after notification means acceptance of the changes.

13. Contact

For any questions, complaints, or to exercise your rights, write to support@ottopocket.com.