Privacy Policy | Otter A/B

Otter A/B ("we", "our", or "us") operates the otterab.com website and the Otter A/B platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in with Google, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.

Usage Data

We collect information about how you use the Otter A/B dashboard, including pages visited, features used, and actions taken. This helps us improve the product.

Visitor Data (Your Website Visitors)

When you install the Otter A/B snippet on your website, our SDK collects the following about your website visitors:

A randomly generated visitor ID (stored in a first-party cookie)
Page URLs visited
Variant assignments for active A/B tests
Conversion events you configure (page views, clicks, custom events, revenue)
Basic device information (browser, operating system, screen size)
Approximate geographic location (country/region, derived from IP)

What We Do Not Collect

We do not collect or store visitor IP addresses in plain text. IPs are masked by default.
We do not use third-party tracking cookies on your visitors.
We do not fingerprint visitors.
We do not collect personal data from your visitors unless you explicitly send it via the identify SDK method.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Otter A/B platform
Assign visitors to test variants and track conversions
Calculate decision scores for your A/B tests
Send you account-related communications (confirmations, billing, security alerts)
Improve our product and develop new features
Detect and prevent fraud or abuse

3. Data Sharing

We do not sell, rent, or trade your data or your visitors' data to third parties. We may share data with:

Service providers who help us operate the platform (hosting, payment processing, email delivery). These providers are contractually bound to protect your data.
Legal authorities if required by law, court order, or to protect our rights.

4. Data Storage and Security

All data is encrypted in transit (TLS/HTTPS) and at rest.
Passwords are hashed using bcrypt and never stored in plain text.
We use database-backed sessions with signed, httponly cookies.
Our infrastructure is hosted on AWS (EU-West-1, Ireland).

5. Data Retention

Account data is retained for as long as your account is active. Visitor data for A/B tests is retained for 12 months after the test is completed, then automatically deleted. You can delete your account and all associated data at any time by contacting support.

6. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict processing of your data
Data portability (receive your data in a structured format)
Withdraw consent at any time

To exercise these rights, contact us at privacy@otterab.com.

7. Cookies

The Otter A/B dashboard uses a session cookie to keep you signed in. The A/B testing SDK uses a single first-party cookie (optimo_uuid) on your visitors' browsers to maintain consistent variant assignments. This cookie contains only a random identifier and no personal information.

8. Children's Privacy

Otter A/B is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the service after changes constitutes acceptance.

10. Contact

For privacy-related questions or requests, contact us at privacy@otterab.com.