Privacy Policy
Effective Date: February 3, 2026 Last Updated: February 3, 2026
1. Introduction
Otter Mate Inc. (“OtterMate,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media automation platform and related services (collectively, the “Service”).
This Privacy Policy applies to:
- Our website at ottermate.ai
- Our mobile applications (iOS and Android)
- Any other services, features, or content we offer
By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
2. Company Information
Otter Mate Inc. 27650 MESABE Drive Magnolia, Texas 77354 United States
Privacy Contact: Chandler Bowden, Chief Financial Officer Email: c.bowden@ottermate.ai
For EU residents, you may also contact us regarding data protection matters at the address above.
3. Information We Collect
We collect information in several ways: directly from you, automatically when you use our Service, and from third-party platforms you connect.
3.1 Information You Provide Directly
Account Information:
- First and last name
- Email address
- Phone number
- Password (stored in encrypted/hashed form)
- Company or business name
- Industry
- Job title or role
- Business address (optional)
Payment Information:
- When you subscribe to paid plans, payment processing is handled by Stripe, Inc. We do not directly collect or store your full credit card numbers. We may receive limited payment information from Stripe, such as the last four digits of your card, card type, and billing address, for record-keeping and customer support purposes.
Communications:
- When you contact us for support, we collect the content of your messages, your email address, and any other information you choose to provide.
3.2 Information from Connected Social Media Accounts
When you connect your social media accounts (such as Facebook, Instagram, LinkedIn, YouTube, TikTok, Pinterest, or Bluesky), we collect and store:
Authentication Data:
- OAuth access tokens and refresh tokens (stored encrypted)
- Account identifiers
Profile Information:
- Display name, username, or handle
- Profile picture
- Follower/following counts
- Account type (personal, business, creator)
Content and Engagement Data:
- Historical posts and their content
- Engagement metrics (likes, comments, shares, views)
- Comments on your posts
- Direct messages (only if you enable this feature)
- Posting history and scheduling data
Analytics Data:
- Post performance metrics
- Audience demographics (if provided by the platform)
- Best performing content identification
3.3 Information from Your Business Website
When you provide your business website URL for context building, we collect:
Scraped Content:
- Website pages converted to text/markdown format
- Images from your website
- PDF documents (brochures, guides, catalogs)
- Product and service information
- Company descriptions and about page content
- Contact information displayed on your website
This data is used to understand your business, generate marketing strategies, and create relevant social media content on your behalf.
3.4 Information Collected Automatically
Usage Data:
- Pages and features accessed within our Service
- Actions taken (content created, posts scheduled, etc.)
- Time spent on different features
- Click patterns and navigation paths
- Session duration and frequency
Device and Technical Data:
- IP address
- Browser type and version
- Device type and operating system
- Device identifiers
- Screen resolution
- Time zone setting
- Referring URL
Location Data:
- Approximate geographic location derived from IP address
- We do not collect precise GPS location
Cookies and Similar Technologies:
- See our Cookie Policy for detailed information
3.5 Information from Third Parties
Analytics Providers:
- Google Analytics provides aggregated usage data
- Social media platforms provide engagement analytics through their APIs
Payment Processor:
- Stripe provides transaction confirmations and limited payment details
4. How We Use Your Information
We use your information for the following purposes:
4.1 Providing and Improving the Service
- Creating and managing your account
- Processing payments and subscriptions
- Connecting to your social media accounts
- Analyzing your business website to build context
- Generating marketing strategies tailored to your business
- Creating and suggesting social media content
- Scheduling and posting content to your connected platforms
- Managing automated responses to comments and messages
- Providing customer support
- Analyzing usage patterns to improve our Service
4.2 AI-Powered Features
We use artificial intelligence and large language models to:
- Analyze your business context and generate marketing strategies
- Create social media post content (text, captions, hashtags)
- Suggest responses to comments and messages
- Identify high-performing content for repurposing
- Provide content recommendations based on your industry
Important Disclosure: Your business context, social media content, and related data may be processed by third-party AI providers (see Section 5.2). We do not use your data to train AI models. However, our AI service providers have their own data practices, which are described in Section 5.2.
4.3 Communications
- Sending service-related notifications (posting confirmations, account alerts)
- Responding to your inquiries and support requests
- Sending product updates and feature announcements
- Marketing communications (only with your consent; you may opt out at any time)
4.4 Security and Fraud Prevention
- Detecting and preventing fraudulent activity
- Protecting against unauthorized access
- Enforcing our Terms of Service
- Investigating potential violations
4.5 Legal Compliance
- Complying with applicable laws and regulations
- Responding to legal requests and court orders
- Protecting our legal rights and interests
5. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
5.1 Social Media Platforms
When you connect social media accounts and use our Service to post content, we transmit:
- Content you create or approve (posts, images, captions)
- Scheduling instructions
- Your authentication credentials (tokens) to act on your behalf
Each platform has its own privacy policy governing how they handle this data.
5.2 AI and Machine Learning Providers
To power our AI features, we share certain data with:
| Provider | Data Shared | Purpose |
|---|---|---|
| Anthropic (Claude) | Business context, prompts, content for review | Content generation, strategy creation |
| Google (Gemini) | Business context, images, prompts | Content generation, image analysis |
| OpenAI | Business context, prompts | Content generation (if selected) |
Data Protection with AI Providers:
- We use enterprise/API agreements with data processing protections
- Data is transmitted securely via encrypted connections
- We do not permit these providers to use your data for training their models (subject to their enterprise terms)
- AI providers may temporarily process data but do not retain it long-term for their purposes
5.3 Service Providers
We use third-party service providers who process data on our behalf:
| Provider | Purpose | Data Accessed |
|---|---|---|
| Vercel | Web hosting | Application data, logs |
| Neon | Database hosting | All stored user data |
| Stripe | Payment processing | Payment and billing information |
| Google Analytics | Usage analytics | Anonymized usage patterns |
| Email service provider (TBD) | Transactional emails | Email addresses, message content |
All service providers are contractually bound to protect your data and use it only for the specified purposes.
5.4 Legal Requirements
We may disclose your information if required to:
- Comply with applicable law, regulation, or legal process
- Respond to lawful requests from public authorities
- Protect the rights, property, or safety of OtterMate, our users, or others
- Detect, prevent, or address fraud, security, or technical issues
5.5 Business Transfers
If OtterMate is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your personal information becomes subject to a different privacy policy.
5.6 With Your Consent
We may share your information for other purposes with your explicit consent.
6. Data Retention
We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
6.1 Retention Periods
| Data Type | Retention Period | Rationale |
|---|---|---|
| Account information | Until account deletion + 30 days | Allow account recovery |
| Social media tokens | Until disconnected + 24 hours | Security |
| Scraped website content | Until account deletion | Core service functionality |
| Generated content | Until account deletion | Your created content |
| Payment records | 7 years after transaction | Tax and legal requirements |
| Analytics data | 2 years (rolling) | Service improvement |
| Security/audit logs | 3 years | Legal protection |
| IP addresses | 90 days | Fraud prevention |
6.2 After Account Deletion
When you delete your account:
- Most personal data is deleted within 30 days
- Some data may be retained as required by law (tax records, fraud prevention)
- Anonymized, aggregated data may be retained indefinitely for analytics
- Backups may contain your data for up to 90 days before being purged
See our Data Deletion Policy for more information.
7. Your Privacy Rights
7.1 Rights for All Users
Regardless of your location, you have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and data
- Export your data in a portable format
- Withdraw consent for optional processing
- Object to certain processing activities
- Disconnect social media accounts at any time
7.2 Rights for European Union Residents (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
Legal Basis for Processing:
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service | Contract performance |
| Payment processing | Contract performance |
| Security and fraud prevention | Legitimate interest |
| Analytics and improvement | Legitimate interest |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
Your GDPR Rights:
- Right of Access (Article 15): Request a copy of your personal data
- Right to Rectification (Article 16): Request correction of inaccurate data
- Right to Erasure (Article 17): Request deletion of your data (“right to be forgotten”)
- Right to Restrict Processing (Article 18): Request limitation of processing
- Right to Data Portability (Article 20): Receive your data in a machine-readable format
- Right to Object (Article 21): Object to processing based on legitimate interests
- Right to Withdraw Consent (Article 7): Withdraw consent at any time for consent-based processing
International Data Transfers: Your data may be transferred to and processed in the United States, where our servers are located. We rely on Standard Contractual Clauses approved by the European Commission to protect data transferred outside the EEA.
Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have violated your data protection rights.
7.3 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request that we disclose:
- Categories of personal information collected
- Sources of personal information
- Business purposes for collection
- Categories of third parties with whom we share
- Specific pieces of personal information collected
Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories of Personal Information Collected (last 12 months):
- Identifiers (name, email, IP address)
- Commercial information (transaction history)
- Internet activity (usage data, browsing history within our Service)
- Professional information (job title, company)
- Inferences drawn from the above
Sensitive Personal Information: We do not collect “sensitive personal information” as defined under CPRA (California Civil Code §1798.121), including:
- Social Security numbers, driver’s license numbers, or passport numbers
- Financial account numbers with access credentials
- Precise geolocation data
- Racial or ethnic origin
- Religious or philosophical beliefs
- Union membership
- Genetic data
- Biometric information for identification purposes
- Health information
- Information concerning sex life or sexual orientation
If we ever collect sensitive personal information in the future, we will update this Privacy Policy and provide you with appropriate notice and choice.
Authorized Agent: You may designate an authorized agent to make requests on your behalf. We may require verification of the agent’s authority.
7.4 Rights for Other U.S. State Residents
If you reside in Virginia, Colorado, Connecticut, Utah, or Texas, you have similar rights under your state’s privacy laws, including rights to access, correct, delete, and port your data. Contact us to exercise these rights.
7.5 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: c.bowden@ottermate.ai Address: Otter Mate Inc., 27650 MESABE Drive, Magnolia, Texas 77354
We will respond to your request within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing your request.
You may also use the self-service privacy controls in your account settings to:
- Download your data
- Delete your account
- Manage connected accounts
- Update your preferences
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
Security Measures Include:
- Encryption of data in transit using TLS 1.3
- Encryption of data at rest using AES-256
- OAuth tokens encrypted with per-user encryption keys
- Passwords hashed using bcrypt with appropriate cost factors
- Role-based access controls
- Regular security assessments
- Employee access limited to those who need it
- Secure hosting with SOC 2 compliant providers
Security Incidents: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law (within 72 hours for GDPR).
While we implement these safeguards, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Children’s Privacy
Our Service is intended for users who are at least 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at c.bowden@ottermate.ai. If we learn we have collected personal information from a child under 18, we will delete that information promptly.
10. Third-Party Links and Services
Our Service may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.
Connected Social Media Platforms: When you connect social media accounts, those platforms’ privacy policies govern their handling of your data:
- Facebook/Instagram (Meta) Privacy Policy
- LinkedIn Privacy Policy
- YouTube (Google) Privacy Policy
- TikTok Privacy Policy
- Pinterest Privacy Policy
- Bluesky Privacy Policy
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy
- Notify you by email at least 30 days before the changes take effect
- Display a prominent notice within our Service
Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must stop using our Service and may request deletion of your account.
12. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Otter Mate Inc. Attn: Privacy Inquiries 27650 MESABE Drive Magnolia, Texas 77354 United States
Email: c.bowden@ottermate.ai
Response Time: We aim to respond to all privacy-related inquiries within 30 days.
13. Additional Disclosures
13.1 Do Not Track
Some browsers have a “Do Not Track” (DNT) feature that signals to websites that you do not want your online activity tracked. Our Service does not currently respond to DNT signals. You can manage your cookie preferences through our cookie consent tool.
13.2 Automated Decision-Making
We use AI to generate content suggestions and marketing strategies. These are recommendations that you review and approve before any content is posted. You maintain full control over what is published through our Service. We do not make fully automated decisions that have legal or similarly significant effects on you without human review.
Document Version: 1.0 Approved By: Chandler Bowden Next Review Date: February 3, 2027
Questions? Email support@ottermate.ai.
← Back to home