Privacy Policy

1. Introduction

OttoWorks ("we," "our," or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, and share information when you use our auto shop management platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you register for OttoWorks, we collect your name, email address, business name, phone number, and a password. This information is required to create and manage your account.

2.2 Business Data

To provide the Service, we store data you input including vehicle records, customer information, job orders, parts inventory, and employee records. This data belongs to your business and is stored on your behalf.

2.3 Usage Data

We automatically collect information about how you interact with the Service — including log data, device information, IP address, browser type, pages visited, and timestamps. This helps us improve performance and troubleshoot issues.

2.4 Payment Information

Subscription payments are processed by Paystack. We do not store your card details. Paystack's use of your payment data is governed by their Privacy Policy.

2.5 AI-Generated Data

When you use Otto, our AI assistant, your queries and the AI-generated responses may be logged to improve the quality of the service. We do not use your business data to train third-party AI models without your explicit consent.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related information (invoices, receipts)
• Send transactional and administrative messages (account notifications, security alerts)
• Respond to customer support requests
• Monitor and analyze usage to improve the Service
• Detect and prevent fraud or security incidents
• Comply with legal obligations

We will not send you marketing emails without your explicit consent. You may opt out of any marketing communications at any time.

4. Third-Party Services

We share your data with third parties only as necessary to provide the Service:

• Paystack — payment processing
• Anthropic / OpenAI — AI diagnostic features (anonymized, aggregated queries only)
• Railway — cloud hosting and infrastructure
• Resend — transactional email delivery

We do not sell your personal data to third parties for marketing purposes. Each third-party processor is bound by data processing agreements that limit their use of your data.

5. Data Retention

We retain your account and business data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow for reactivation, after which it is permanently deleted unless required by law.

Log data and analytics are retained for up to 12 months. Aggregated, anonymized data may be retained indefinitely.

6. Your Rights (Ghana Data Protection Act, 2012)

Under the Ghana Data Protection Act (Act 843), you have the following rights with respect to your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data, subject to legal obligations.
• Right to object: Object to processing of your data for certain purposes.
• Right to data portability: Request an export of your business data in a machine-readable format.

To exercise any of these rights, please contact us at privacy@ottoworks.app. We will respond within 30 days.

7. Security

We implement industry-standard security measures to protect your data — including encryption at rest and in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

8. Cookie Policy

OttoWorks uses cookies and similar technologies to maintain your session, remember your preferences, and analyze usage. We use:

• Essential cookies: Required for the Service to function (session tokens, CSRF protection).
• Analytics cookies: Help us understand how users interact with the Service. These can be disabled via your cookie preferences.

You can manage cookie preferences at any time using the Cookie Preferences link in our footer.

9. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us immediately.

10. International Transfers

Your data may be transferred to and processed in countries outside Ghana (including the United States and European Union) where our infrastructure providers operate. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions about this Privacy Policy, please contact:

OttoWorks
Email: privacy@ottoworks.app
Address: Accra, Ghana