Privacy Policy

Last updated: 2026-03-30

Data Controller

The controller responsible for data processing on this website is:

Oliver Strebel-Mark
Emmericher Weg 76a
47574 Goch
Germany

Email: support@ottersight.com

Data We Collect

OAuth Authentication (GitHub / GitLab)

When you sign in using GitHub or GitLab OAuth, we receive your username, email address, and avatar URL from the OAuth provider. We do not receive your password or private repositories.

Waitlist Registration

When you join our waitlist, we collect your name and email address. This data is used solely to notify you when early access launches.

Usage Analytics

We collect anonymized page views to understand how the website is used. No personally identifiable information is collected for analytics purposes.

How We Use Your Data

  • Authentication: To verify your identity and maintain your session.
  • Waitlist management: To notify you when early access is available and to manage Founding Member offers.
  • Service improvement: Anonymized analytics help us understand which features are most useful.

Third-Party Services

Supabase

Used for authentication and the application database. Data is hosted on EU servers. Supabase Privacy Policy.

Cloudflare Turnstile

Used for bot protection on authentication forms. Turnstile issues anonymous tokens without tracking users or building profiles. No personally identifiable information is collected. Cloudflare Privacy Policy.

Vercel

Used for hosting the web frontend. Standard access logs may be retained. Vercel Privacy Policy.

Hetzner (Germany)

The API, scan engine, and all application data are hosted on Hetzner servers located in Germany. All data remains in the EU. Hetzner Privacy Policy.

Cookies

Supabase session cookies

httpOnly session cookies are set after authentication to maintain your login state. These are essential for the service to function and are not used for tracking.

Cloudflare Turnstile tokens

Session-only tokens used to verify form submissions are not automated. No personal data is stored in these tokens.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Data Retention

  • Account data is retained while your account is active. It is deleted within 30 days of account deletion.
  • Waitlist data is retained until OtterSight launches or until you request deletion, whichever comes first.

Your Rights under GDPR

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access (Art. 15 GDPR): You may request information about the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your personal data ("right to be forgotten").
  • Right to data portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format.
  • Right to restriction (Art. 18 GDPR): You may request that processing of your data be restricted in certain circumstances.
  • Right to object (Art. 21 GDPR): You may object to processing of your personal data in certain circumstances.
  • Right to lodge a complaint: You may file a complaint with your national supervisory authority. In Germany: Bundesbeauftragter für den Datenschutz (BfDI).

To exercise any of these rights, contact us at support@ottersight.com.

Data Security

  • All data is encrypted in transit using TLS.
  • Application data is stored on Hetzner servers in Germany (EU).
  • Repository code is cloned ephemerally for scanning and is never stored persistently.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify affected users via email or a prominent notice on the website before changes take effect. The date at the top of this page indicates when the policy was last updated.

Contact

For any privacy-related questions or requests, please contact us at support@ottersight.com.