Privacy Policy
This policy explains what data OctoEmployee ("Otto", "we") collects, why, who we share it with, and your rights. We aim for plain English. If anything is unclear, email hello@octoemployee.com and we'll explain.
1. What we collect
When you sign up as a Customer:
- Your name, email, business name, timezone, Mindbody Site ID.
- Your Mindbody staff user credentials (encrypted at rest in Supabase Vault).
- Your billing details if you continue past trial (handled by Stripe — see "Third parties" below).
When Otto syncs your Mindbody account on your behalf:
- Your members' first name, last name, email, phone, Mindbody Client ID.
- Your members' visit history, package history, appointment status (last ~180 days retained).
- Risk scores Otto computes from the above.
2. What we do with it
| Data | Purpose |
|---|---|
| Your account info | Identify you, send transactional emails, bill you. |
| Mindbody credentials | Authenticate to Mindbody on your behalf during nightly sync. Stored encrypted; never displayed back to you in plain text. |
| Your members' records | Compute risk scores, generate weekly briefs, populate your member views inside Otto. |
| Risk scores + brief content | Sent to your account email weekly. Visible to you only inside Otto (Row Level Security in our database). |
3. Who we share it with
We share data with a small number of specific service providers, only for the purposes listed:
| Service provider | Why we use them | Data sent |
|---|---|---|
| Supabase | Database, authentication, secret storage. | All Customer + member data (encrypted at rest). |
| Vercel | Web hosting, scheduled jobs. | Whatever passes through HTTP requests; no persistent storage on Vercel. |
| Zoho Mail | Email delivery (transactional + weekly briefs). | Recipient email + email body content. |
| Anthropic (Claude API) | Generate weekly brief summaries, member outreach drafts, and answer questions you ask in the Otto chat. | At-risk member context (first name, last name, last visit date, coach name, risk reason). When you use Otto chat, a small studio-level summary (top 5 at-risk members, top 5 VIPs, recent counts) is sent with each message. No payment info, no email addresses sent. Anthropic does not train models on this data and processes it under their zero-data-retention policy. |
| Mindbody | Source of all member data. | We READ from Mindbody using your staff credentials. We never WRITE to Mindbody. |
| Stripe (paid plans only) | Process subscription payments. | Your business name, billing email, payment method. Card numbers go directly to Stripe — never touch Otto. |
We do not sell your data to anyone. We do not use it for advertising. We do not give it to data brokers.
4. Your members' rights
The members in your Mindbody account are your customers, not ours. Under your jurisdiction's law (CCPA, GDPR, etc.) you remain the data controller for their information. Otto acts as your data processor.
If a member asks you to delete their data, email us at security@octoemployee.com and we will delete their record from Otto within 30 days. Their record in Mindbody is separate — you delete that on the Mindbody side.
5. Security
- All data is encrypted in transit (TLS 1.2+) and at rest (Supabase storage + database encryption).
- Mindbody credentials are encrypted using Supabase Vault; never logged, never displayed back to you.
- Cross-customer isolation enforced by Postgres Row Level Security policies; tested via automated isolation tests on every deploy.
- Our deployment platform (Vercel) and database (Supabase) maintain SOC 2 Type II compliance.
6. Data retention
- Member visit data is purged after 180 days from sync.
- Risk score history is retained for 90 days then automatically purged.
- Customer account data is retained while the account is active and for up to 30 days after termination, after which it is deleted (except where law requires longer retention).
- Audit logs (system events) are retained for 1 year for security and debugging.
7. Your rights as a Customer
You have the right to:
- Access the data we hold about you and your members.
- Correct inaccurate data.
- Delete your account and have your data removed (within 30 days).
- Export your member data in a machine-readable format on request.
- Opt out of non-essential email (we send only transactional and brief emails by default — there's nothing to opt out of unless you've opted into product updates separately).
To exercise any of these, email security@octoemployee.com.
8. International transfers
Otto is operated from the United States. By using Otto, you consent to your data being processed in the US. Our subprocessors (Supabase, Vercel, Anthropic, Zoho, Stripe, Mindbody) may process data in other regions per their respective terms.
9. Children's data
Otto is not intended for children. If your studio's Mindbody account includes member records of minors (e.g. a youth sports academy), you remain responsible for ensuring you have parental consent under COPPA or your local equivalent. Otto stores those records the same way as adult records.
10. Changes
We may update this policy. We'll email you at least 14 days before any material change takes effect.
11. Contact
Questions: hello@octoemployee.com · Deletion requests & security concerns: security@octoemployee.com.