Lasted Updated October 2, 2023
[See also Terms of Service]
Where we have an Otter Business or enterprise service agreement in place with an enterprise customer who is asking you to use our Services (for example your employer), we obtain and process your Personal Information on behalf of and at the instructions of that customer. In that context, such enterprise customers are the data controllers and their privacy policies will apply to the processing of your Information. We encourage you to read their privacy policies.
For the purpose of this Policy, “Personal Information” means any information relating to an identified or identifiable individual. This includes Personal Information you provide or generate when you use: (a) Our Otter meeting assistant app (the “App”); and (b), https://otter.ai, and any other dedicated Otter.ai websites (the “Website”) (collectively, the “Services”). When you use the Services, you accept and understand that we collect, process, use, and store your Personal Information as described in this Policy.
If you are a California resident, our Privacy Notice for California Residents includes additional information about your rights and how we collect, use, and share information.
If you do not agree with this Policy, you must not use any of the Services. If you change your mind in the future you must stop using the Services and you may exercise your rights concerning your Personal Information as set out in this Policy.
1. INFORMATION WE COLLECT
We will collect and use the following Personal Information about you:
Information you provide to us
Information you provide us about others
Information we automatically collect or is generated about you when use the Services
Information received from third parties.
We also collect, and use aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Policy.
2. HOW WE USE YOUR PERSONAL INFORMATION
We use your Personal Information to:
Cookies are small files of letters and numbers that we store on your browser or on your device. They contain information that is transferred to your device.
We use the following types of Cookies and similar technologies:
You can block Cookies by setting your internet browser to block some or all or Cookies. However, if you use your browser settings to block all Cookies (including strictly necessary Cookies) you may not be able to use our Services.
4. WITH WHOM WE SHARE YOUR PERSONAL INFORMATION
Third party services are not owned or controlled by Otter.ai and third parties may have their own policies and practices for collection, use and sharing of information. Please refer to third party privacy and security policies for more information before using such services. Third parties include vendors and service providers we rely on the provision of the Services. We share your Personal Information with selected third parties, including:
5. HOW LONG WE STORE YOUR INFORMATION
Otter.ai stores all Personal Information for as long as necessary to fulfill the purposes set out in this Policy, or for as long as we are required to do so by law or in order to comply with a regulatory obligation. When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted.
6. YOUR RIGHTS
In certain circumstances you have the following rights in relation to your Personal Information that we hold.
Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may require additional information (for example, why you believe the information we hold about you is inaccurate or incomplete) and may have valid legal reasons to refuse your request. We will inform you if that is the case. For more information on how to exercise your rights, or to exercise your rights, please email firstname.lastname@example.org.
If you are a California resident, California law affords you certain rights regarding our collection and use of your personal information. To learn more about your California privacy rights, please visit our Privacy Notice for California Residents.
7. Data Privacy Framework Principles
For more information on how we comply with the DPF Principles, please see APPENDIX: Otter.ai Data Privacy Framework Principles Notice.
The Service and Website are not targeted at children, and we do not knowingly collect Personal Information from children under the age of 13. If you learn that a child has provided us with Personal Information in violation of this Policy, please contact us as indicated below.
9. CONTACT & COMPLAINTS
For inquiries or complaints regarding this Policy, please first contact us at email@example.com and we will endeavor to deal with your complaint as soon as possible. This is without prejudice to your right to launch a claim with a data protection authority.
If you are based in the EEA or the UK, you may also make a complaint to either the Irish Data Protection Commission (on +353 578 684 800 or via https://forms.dataprotection.ie/contact) or the UK’s ICO (on +44 303 123 1113 or via https://ico.org.uk/make-a-complaint/), or to the supervisory authority where you are located.
10. DATA SECURITY
Otter.ai maintains and implements physical, administrative, and technical safeguards to protect the confidentiality, integrity, and availability of personal information. However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.
The Website and Service may provide features or links to websites and services provided by third parties. Any information you provide on Apps, third-party websites or services is provided directly to the operators of such websites or services and is subject to their policies governing privacy and security, even if accessed via our Website or in connection with our Service.
11. CROSS-BORDER DATA TRANSFERS
To facilitate our global operations, Otter.ai may transfer, store and process your operations with our partners and service providers based outside of the country in which you are based. Laws in those countries may differ from the laws applicable to your country of residence. Where we transfer, store and process your Personal Information outside of the EEA or the UK we will ensure that the appropriate safeguards are in place to ensure an adequate level of protection such as through acceding to the Standard Contractual Clauses. Further details regarding the relevant safeguards can be obtained from us on request.
Where required, we will update this Policy from time to time. When we do so, we will make it available on this page and indicate the date of the latest revision. Please check this page frequently to see any updates or changes to this Policy.
13. ABOUT US
Attn: Privacy Officer
800 W El Camino Real,
Mountain View, CA 94040
Effective October 2, 2023
Otter.ai has created this Data Privacy Framework Principles Notice (“Notice”) to describe our standards and procedures for handling Personal Information in accordance with the Data Privacy Framework (“DPF”) Principles.
This Notice supplements our Policy. Unless specifically defined in this Notice, the terms in this Notice have the same meaning as in our Policy. In case of conflict between the Policy and this Notice, this Notice prevails. In case of conflict between this Notice and the Principles, the Principles will govern.
How we obtain Personal Information
We obtain and Process Personal Information from the European Union (“EU”), United Kingdom (“UK”) (and Gibraltar), or Switzerland in different capacities:
Otter.ai commits to subject to the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), all Personal Information received from the EU, the UK (and Gibraltar), or Switzerland in reliance on the DPF Principles (which includes both types of activities).
Data Privacy Framework Principles
1. Notice. Our Policy in combination with this Notice describes our privacy practices. When providing our Services as a Data Processor, our customers determine the categories of Personal Information we Process and the purposes of the processing. Accordingly, our customers are responsible for providing notice to individuals. Please see our customers’ privacy policies for more information.
2. Data Integrity and Purpose Limitation. Any Personal Information we receive may be processed by Otter.ai for the purposes indicated in our Policy or as otherwise notified to you. We will not process Personal Information in a way that is incompatible with these purposes unless subsequently authorized by you.
We take reasonable steps to limit the collection and usage of Personal Information to that which is relevant for the purposes for which it was collected, and to ensure that such Personal Information is reliable, accurate, complete and current. Individuals are encouraged to keep their Personal Information with Otter.ai up to date and may contact Otter.ai as indicated below or in the Policy to request that their Personal Information be updated or corrected.
We will adhere to the DPF Principles for as long as we retain the Personal Information collected under DPF Principles.
When providing our Services as a data processor, we process and retain Personal Information as necessary to provide our Services as permitted in our agreements, or as required or permitted under applicable law.
3. Accountability for Onward Transfer of Personal Information. Otter.ai may transfer Personal Information as described in the Policy. When providing our Services as a data processor, we disclose Personal Information as provided in our agreement with customers.
We remain responsible for the processing of Personal Information received under the DPF Principles and subsequently transferred to a third party acting as an agent if the agent Processes such Personal Information in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage.
4. Security. Otter.ai takes reasonable and appropriate precautions, taking into account the risks involved in the Processing and the nature of the Personal Information, to help protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
5. Access and Choice. If we intend to use your Personal Information for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized, or if we intend to disclose it to a third party acting as a Data Controller not previously identified, we will offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt in where sensitive information is involved.
Where appropriate, you have the right to access to the Personal Information we maintain about you and to correct, amend or delete that information when it is inaccurate or has been processed in violation of the DPF Principles by sending a written request as indicated in “Contact Us” below. We will review your request in accordance with the DPF Principles, and may limit or deny access to Personal Information as permitted by the DPF Principles.
When providing our Services as a Data Processor, we only Process and disclose the Personal Information as specified in our agreements. Our customers control how Personal Information is disclosed to us and Processed, and how it can be modified. Accordingly, if you want to request access, or to limit use or disclosure of your Personal Information, please contact the company to whom you submitted your Personal Information and that uses our Services. If you provide us with the name of the company to whom you provided your Personal Information and who is our customer, we will refer your request to that customer and support them in responding to your request.
6. Recourse, Enforcement and Liability. We conduct an annual self-assessment of our practices regarding Personal Information intended to verify that the assertions we make about our practices are true and that such practices have been implemented as represented.
If you have any questions or concerns, we encourage you to first write to us as indicated below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the DPF Principles.
If an issue cannot be resolved through Otter.ai’s internal dispute resolution mechanism, you may submit a complaint to https://www.jamsadr.com/eu-us-privacy-shield, who serves as Otter.ai’s alternative dispute resolution provider, at no cost to you.
For residual complaints not fully or partially resolved by other means, you may be able to invoke binding arbitration as detailed in the DPF Principles available here.
Otter.ai is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Changes to this Notice
This Notice may be amended consistent with the requirements of the DPF Principles. When we update this Notice, we will also revise the “Last updated” date at the top of this document. Any changes to this Notice will become effective when we post the revised version on our website.
If you have any questions, concerns or complaints regarding our privacy practices, or if you’d like to exercise your choices or rights, you can contact us:
Attn: Privacy Officer
800 W El Camino Real,
Mountain View, CA 94040