Updated 24 September 2024
Welcome, and thank you for your interest in etterno.io Inc, our product OTP+ (“OTP+,” “we,” or “us”), our website at OTP.Plus (the “Site”), all related websites, and other services we provide on which a link to this Privacy Policy is displayed. This Privacy Policy describes the information we collect through the Service, how we use and disclose it, and the steps we take to protect it. By visiting the Site or purchasing or using the Service, you accept the privacy practices described in this Policy.
This Policy is incorporated into and is subject to, the OTP+ Terms & Conditions.
Capitalized terms used but not defined in this Policy have the meanings given to them in the OTP+ Terms & Conditions.
Definitions
•
“Client” means a customer of OTP+.
•
“Client Data” means personal data, reports, addresses, and other files, folders, or documents in electronic form that a User of the Service stores within the Service.
•
“Personal Data” is information about an identified or identifiable natural person.
•
“Public Area” means the Site area that both Users and Visitors can access without needing to log in.
•
“Restricted Area” means the area of the Site that can be accessed only by Users, and access requires logging in.
•
“User” means an employee, agent, or representative of a Client who primarily uses the Site's restricted areas to access the Service in such a capacity.
•
“Visitor” means an individual other than a User who uses the public area but has no access to the restricted areas of the Site or Service.
What personal information do we collect from the people who visit our blog, website, or app?
We collect various types of information from or through the Service. The legal basis for OTP+’s processing of Personal Data is primarily that it is necessary for providing the Service following our Terms of Service and that it is carried out in OTP+’s legitimate interests, which are further explained in the section "How do we use your information?" of this Policy. We may also process data upon your consent, asking for it as appropriate.
Information Collected by Clients
A Client or User may store or upload Client Data into the Service. OTP+ has no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. Each Client is responsible for providing notice to its customers and third parties concerning the purpose for which Client collects their Personal Data and how it is processed through the Service as part of Client Data.
Automatically Collected Information
When a User or Visitor uses the Service, we may automatically record certain information from the User’s or Visitor’s device using various technology types, including cookies, "pixels," or “web beacons." This automatically collected information may include a mobile number, IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Service. We may also use these technologies to collect information regarding a Visitor's or User's interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is gathered from all Users and Visitors.
Integrated Services
You may be given the option to access or register for the Service through the use of your username and passwords for certain services provided by third parties (each an “Integrated Service”), such as through the use of your Google account or otherwise have the option to authorize an Integrated Service to provide Personal Data or other information to us. By authorizing us to connect with an Integrated Service, you permit us to access and store your name, email addresses, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it following this Policy.
You should check your privacy settings on each Integrated Service to understand what information it makes available to us and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.
Information from Other Sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, advertisers, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data following this Policy.
How do we use your information?
Operations
We use information other than Client Data to operate, maintain, enhance, and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions, and to support users of the Service. We process Client Data solely following the directions provided by the applicable Client or User.
Improvements
We use the information to understand and analyze our Visitors and Users' usage trends and preferences, improve the Service, and develop new products, services, features, and functionality.
Communications
We may use a Visitor’s or User’s email address or information other than Client Data to contact that Visitor or User.
for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations, or defamation issues related to the Client Data or Personal Data posted on the Service, or with updates on promotions and events relating to products and services offered by third parties we work with and by us. You can opt out of receiving any promotional communications.
Cookies and Tracking Technologies
We use automatically collected information and other information collected on the Service through cookies and similar technologies to:
Personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits.
Provide customized advertisements, content, and information.
Monitor and analyze the effectiveness of the Service and third-party marketing activities.Monitor aggregate site usage metrics such as the total number of visitors and pages viewed.
Track your entries, submissions, and status in any promotions or other activities on the Service.
Analytics
We use Google Analytics to measure and evaluate access to and traffic on the Public Area of the Site and create user navigation reports for our Site administrators. Google operates independently from us and has its own privacy policy, which we strongly suggest you review. Google may use the information collected through Google Analytics to evaluate Users' and Visitors’ activity on our Site. For more information, see Google Analytics Privacy and Data Sharing.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need-to-know basis to resolve technical issues, administer the Site, and identify visitor preferences, but in this case, the data will be in a non-identifiable form. We do not use any of this information to identify Visitors or Users.
To whom do we disclose information?
Except as described in this Policy, we will not intentionally disclose the Personal Data or Client Data that we collect or store on the Service to third parties without the consent of the applicable Visitor, User, or Client. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
Unrestricted Information: Any information that you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.
Service Providers (Sub Processors): We work with third-party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
List of Processors
Amazon Web Services- Hosting services in the US
Stripe- Payment gateway (PCI compliant)
Paypal- Payment gateway (PCI compliant)
Razorpay- Payment gateway (PCI compliant)
FreshWork- Sales CRM tool
Hotjar- Business Analytics
Full Story- Business Analytics
Rollbar- Error Tracking
Google (Gmail)- To allow customers to send emails via Gmail
Microsoft365 (Outlook)- To allow customers to send emails via Outlook
Google (Google Analytics)- Business Analytics
Google ads- Marketing
Facebook Ads- Marketing
Twilio
Telynx
SignalWire
Message91
Telesign
Non Personally Identifiable Information
We may make certain automatically collected, aggregated, or otherwise non-personally identifiable information available to third parties for various purposes, including:
Compliance with various reporting obligations,
Business or marketing purposes, or
Assisting such parties in understanding our Clients', Users', and Visitors' interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.
Law Enforcement, Legal Process, and Compliance
In the good-faith belief that such action is necessary to comply with applicable laws, respond to a valid court order, judicial or other government subpoena, or warrant, or cooperate with law enforcement or other governmental agencies.
We may disclose Personal Data or other information if required by law or We also reserve the right to disclose Personal Data or other information that we believe, in good faith, is appropriate or necessary to:
Take precautions against liability,
Protect ourselves or others from fraudulent, abusive, or unlawful uses or activities,
Investigate and defend ourselves against any third-party claims or allegations,
Protect the security or integrity of the Service and any facilities or equipment used to make the Service available, or
Protect our property or other legal rights, enforce our contracts, or safeguard the rights, property, or safety of others.
Change of Ownership
Information about Users and Visitors, including Personal Data, may be disclosed and transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction. This also applies in the event of insolvency, bankruptcy, or receivership, in which information is transferred to one or more third parties as one of our business assets, but only if the recipient of the User or Visitor Data agrees to a Privacy Policy with terms substantially consistent with this Privacy Policy.
Client Data may be physically or electronically transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction. This also applies in the event of insolvency, bankruptcy, or receivership, in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service. Again, this is subject to the condition that the recipient of the Client Data agrees to a Privacy Policy with terms substantially consistent with this Privacy Policy.
Your Rights Regarding Use Of Personal Information
Access, Correction, Deletion
We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. If you wish to access or amend any other Personal Data we hold about you or request that we delete or transfer any information about you obtained from an Integrated Service, you can contact us at support@otp.plus to make your request. Upon your request, we will delete or block any references to you in our database.
You can update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the Service. Please note that while any changes you make will be instantly or reasonably reflected in active user databases, we may retain all information you submit for purposes such as backups, archiving, fraud and abuse prevention, analytics, compliance with legal obligations, or where we reasonably believe we have a legitimate reason to do so.
If you choose not to share certain Personal Data with us, it may impact our ability to provide you with some of the features and functionality of the Service.
We will be sending you informative and promotional notifications related to our services via SMS, Emails, WhatsApp, and RCS.
Navigation Information
You can opt out of the collection of navigation information about your visit to the Site by Google Analytics using the Google Analytics Opt-out feature.
Opting out of Commercial Communications
If you receive commercial emails from us, you can unsubscribe at any time by following the instructions within the email or by sending an email to support@otp.plus.
Please note that if you opt out of receiving commercial emails from us or change the nature or frequency of promotional communications you receive from us, it may take up to ten (10) business days to process your request. Even after opting out of receiving commercial messages, you will continue to receive administrative messages from us regarding the Service.
OTP+ has no direct relationship with the Client's customers or third parties whose Personal Data it may process on behalf of the Client. An individual seeking access or requesting corrections, amendments, deletion of inaccurate data, or withdrawal of consent for further contact should direct their query to the Client or User with whom they interact directly. If the Client requests OTP+ to remove the data, we will respond to the request within thirty (30) days. We will delete, amend, or block access to any Personal Data we store only if we receive a written request from the Client responsible for such Personal Data unless we have a legal right to retain the data. We reserve the right to keep a copy of such data for archiving purposes or to defend our rights in litigation. Any request concerning Client Data should be sent to support@otp.plus with the email subject "Data Subject Request" and should include sufficient information for OTP+ to identify the Client or its customer or third party and the information to delete or amend.
How do we protect your information?
An external PCI-compliant payment gateway (Stripe, Inc., Razorpay, and PayPal) handles all credit card transactions, and we conduct regular vulnerability checks to prevent security issues.
Your personal information is securely stored behind protected networks and is only accessible by a limited number of individuals with special access rights, who are required to maintain the confidentiality of this information. Additionally, all sensitive information you provide is encrypted using industry-standard protocols and is transmitted via TLS/SSL technology. We offer 2FA (2-factor authentication) for every account, providing an extra layer of security for your personal data. This ensures the confidentiality, integrity, and availability of our customers' personal data in case of data loss or security breaches.
In the event of a security breach, we have a policy to conduct an immediate investigation of the incident and report it to the competent data protection authority within 72 hours or less. We also notify all affected data subjects of a high-risk data breach incident.
Third-party Services
The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is supplied directly to the operators of those services and is subject to the policies, if any, governing privacy and security set by those operators, even if accessed through the Service. We are not accountable for the content, privacy, security practices and policies of third-party sites or services to which links or access are provided through the Service. We recommend that you familiarize yourself with the privacy and security policies of third parties before sharing your information with them.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/6008942?hl=en
We have not enabled Google AdSense on our site and we don't plan to do so in the future.
If you use Chrome Extensions or Google add-ons developed by OTP+, we may collect data such as your name, and email address, through connecting to your Google Account (with your consent). This information won't be displayed to the public nor is it ever shared without your explicit consent. As of today, we don't use login or signup based on your Google Account.
OTP+'s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Data Transfer
We may transfer, process, and store Personal Data collected through the Services in centralized databases and with service providers located in the US. The US may not have the same data protection framework as the country from which you may be using the Services. When we transfer Personal Data to the US, we will safeguard it as described in this Privacy Policy and the Terms of Service.
The Service is hosted in the United States. Regardless of the database being hosted within the European Union, if you choose to use the Service from the EU or other regions of the world with laws governing data collection and use that may differ from US law, please note that you may be transferring your Client Data and Personal Data outside of those regions to the United States for storage and processing by our service providers listed in our Terms of Service. We will adhere to GDPR requirements to ensure adequate protection for the transfer of personal information from Europe to the US. Additionally, we may transfer your data to the US, the EEA, or other countries or regions deemed by the European Commission to provide adequate protection of personal data in connection with data storage and processing to fulfil your requests and operate the Service.
Data Controller and Data Processor
OTP+ does not own, control, or directly oversee the utilization of any of the Client Data stored or processed by a Client or User through the Service. Only the Client or Users have the authority to access, retrieve, and govern the use of such Client Data. OTP+ has limited awareness of the specific Client Data being stored or made accessible by a Client or User through the Service. OTP+ does not directly access this Client Data except when authorized by the Client or when necessary to provide Services to the Client and its Users.
As OTP+ neither collects nor determines the usage of any Personal Data within the Client Data, and because it doesn't establish the purposes, methods of collection, or the uses of this Personal Data, OTP+ is not operating as a data controller under the European Union's General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"). Thus, it does not carry the associated responsibilities stipulated by the GDPR. OTP+ should be regarded solely as a data processor on behalf of its Clients and Users concerning any Client Data containing Personal Data that falls under the GDPR's requirements. Except as outlined in this Privacy Policy, OTP+ does not independently facilitate the transfer or provision of Client Data containing Personal Data to third parties. This is only done through third-party subcontractors who may process such data on behalf of OTP+ while delivering Services to Clients. Such actions are executed or authorized solely by the respective Client or User.
The Client or the User, as per the Regulation, serves as the data controller for any Client Data containing Personal Data. This means that such a party governs the method by which Personal Data is collected and utilized, as well as determining the purposes and means of processing such Personal Data.
OTP+ is not accountable for the content of the Personal Data within the Client Data or other information stored on its servers (or subcontractors' servers) based on the Client's or User's discretion. OTP+ is also not responsible for how the Client or User manages, discloses, distributes, or otherwise processes such information.
Data Retention
We only retain the Personal Data collected from a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it unless otherwise required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements as follows:
The contents of closed accounts are deleted within 6 months of the date of closure.
Backups are kept for 2 months.
Information on legal transactions between the Client and OTP+ is retained for a period of 5 years.
Third-party cookies
We permit third parties, with whom we have a separate agreement, to use cookies and other technologies for collecting information about your use of the Site. These third parties consist of two categories:
1. Business partners who gather information when you view or engage with one of their advertisements on the Site.
Advertising networks that collect information about your interests when you view or engage with one of their advertisements.
The data collected by these third parties is employed to make predictions about your interests or preferences. This enables them to display advertisements or promotional material on this Site and on other websites across the Internet, customized to your apparent interests. Business partners and advertising networks that serve interest-based ads on the Services have limited access to a small amount of information regarding your profile and your device. This information is necessary to provide you with advertisements tailored to your apparent interests. They may potentially reuse this limited information on other websites or services.
We do not share any information that could readily identify you, such as your email address, with these third parties. However, these third parties may have access to information related to your device, like your IP or MAC address. We do not possess access to or control over the technologies these third parties use to gather information about your interests. The information practices of these third parties are not covered by this Privacy Policy. Apart from what is discussed in this document, we have no authority over these third parties.
The Following Types of Cookies Are Used in the Site:
Strictly necessary/essential cookies: These cookies are indispensable for enabling you to navigate the website and utilize its features, such as accessing secure areas of the site. Without these cookies, the services you've requested cannot be provided. These cookies do not collect information that can identify a visitor.
Functionality cookies: These cookies enable the website to remember choices you make, like your username, language, or your current region, providing enhanced and more personalized features. For example, a website may offer local weather reports or traffic updates by storing your current region in a cookie. These cookies can also remember alterations you've made to text size, fonts, and other aspects of web pages that you can customize. They may also be used to provide services you've requested, such as watching a video or commenting on a blog. The information collected by these cookies may be anonymized, and they cannot track your browsing activity on other websites.
Behaviorally targeted advertising cookies: These cookies are employed to deliver advertisements that are more relevant to your interests. They are also used to limit the frequency of advertisement displays and measure the effectiveness of advertising campaigns. Typically, these cookies are placed by advertising networks with the website operator's permission. They remember that you've visited a website, and this information is shared with other organizations, such as advertisers. Often, targeting or advertising cookies are associated with site functionality provided by other organizations.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and INDIA, and the concepts they encompass have played a significant role in shaping data protection laws worldwide. Understanding the Principles and how to implement them is crucial for complying with the various privacy laws that safeguard personal information.
To align with the Fair Information Practices, we will take the following responsive actions in the event of a data breach: We will notify you via email or through an in-site notification within 7 business days. We also commit to the Individual Redress Principle, which grants individuals the right to legally pursue enforceable rights against data collectors and processors who fail to comply with the law. This principle not only ensures that individuals have enforceable rights against data users but also provides them with recourse to pursue legal action through courts or government agencies to investigate and prosecute non-compliance by data processors.
Modifications
We may update this Privacy Policy periodically without prior notice. However, it's important to note that we will not introduce changes leading to significant additional uses or disclosures of your personal information without notifying you via email. In addition, we may implement non-significant changes to this Privacy Policy that generally won't have a significant impact on how we use your personal information, and such changes won't require an email notification.
We recommend checking this page regularly for any updates. If you find any non-significant changes to this Privacy Policy unacceptable, please reach out to us immediately. Until the matter is resolved, please refrain from using the OTP+ website and any services we provide. Your continued use of our services and the OTP+ website after non-significant changes to this Privacy Policy are posted indicates your acceptance of those changes.
Contact Information
If you have any questions or comments about this Privacy Policy or feel that we are not abiding by the terms of this Privacy Policy, please contact our Privacy Agent in any of the following ways:
By emailing us at support@otp.plus
By postal mail:
6381 Almaden Road, San Jose, CA 95120
Last Updated: This Privacy Policy was last updated on 12/03/2024