Privacy Policy

1. Introduction

This Privacy Policy explains how BerryWell, LLC ("BerryWell," "HeyOtto!," "Otto," "we," "us," or "our") collects, uses, stores, and shares personal data in connection with the HeyOtto! application, the public website, and related services (collectively, the "Service").

HeyOtto! is an AI-powered chatbot application designed to give parents the ability to tailor their child's experience and to monitor their activity, providing a safe, educational, and fun environment for kids ages 4-18 to interact with AI.

By using the Service, you agree to this Privacy Policy, our COPPA Policy and Terms of Service. If you do not agree, do not use the Service.

For GDPR purposes, BerryWell LLC is the data controller. We are a Georgia LLC registered in the United States.

2. Information We Collect

2.1 Information You Provide Directly

Account Information

Name
Email address
Password (stored encrypted)
Phone number (optional, for notifications)
Time zone
Device Data
Financial and billing information (processed through third-party payment processors)

Child Profile Information

Child names
Ages or age ranges
Profile preferences
Family values and preferences
Restricted topics
Custom instructions for AI interactions

Communication Content

Chat messages and conversations with our AI
Feedback and support requests
User-reported content
Survey responses

2.2 Information Collected Automatically

Usage Information

General app usage data (to improve performance)
Pages and features accessed
Time spent on the Service
Interaction patterns and frequency
Device information (type, operating system, browser)
IP address
Session information
Wireless and mobile network information
Geo-location information

Technical Information

Log files
Cookies and similar technologies
Device identifiers
Performance data
Error reports and diagnostics

Other Information

Records and copies of correspondence if you contact us
Details of transactions carried out through the Service
Information when you report problems with the Service

2.3 Information from Third Parties

Authentication Providers

If you sign up using Google or Apple Sign-In, we receive basic profile information (name, email, profile picture) as permitted by your privacy settings with those providers

Payment Processors

Transaction information and payment status (we do not store full credit card numbers)

3. Children's Privacy

3.1 Parental Consent and Control

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and similar laws:

No one under age 18 may create an account
We require verifiable parental consent before collecting any personal information from children under 13 via payment verification
Children under 13 may only use the Service through a parent-managed account
Parents provide information about their children and control children's profiles
Parents can review, modify, or delete their children's information at any time
We do not knowingly collect personal information directly from children under 13 without parental consent

3.2 Children's Information

Information parents may provide about children includes:

First name or nickname
Age or age range
Biological sex (optional)
Interests, preferences, and personality traits
Parental guidance preferences

For children under age 13, you should NOT provide:

Full name, address, phone number or email address
Pictures, photos, or videos of the child

3.3 Children's Content

Children's chat messages are stored as part of the Service functionality
Parents can review and delete children's conversations
Children's data is used only to provide age-appropriate responses and improve safety features
We do not use children's personal information for marketing or advertising

3.4 Parental Rights

Parents have the right to:

Review their children's personal information
Access and manage their child's data through the app
Request correction or deletion of their children's information
Refuse further collection or use of their children's information
Receive notice of our children's privacy practices
Prevent further collection or use of their child's information by deleting account

To exercise these rights, contact us at privacy@berrywell.ai.

If we learn we have collected information from a child under 13 without parental consent, we will delete it promptly.

For our complete COPPA Policy, please see chat.heyotto.app/coppa.

4. How We Use Your Information

4.1 To Provide and Improve the Service

Create and manage your account
Process your subscription and payments
Provide AI chat functionality
Personalize responses based on family profiles
Maintain age-appropriate content filtering
Generate alerts for potentially concerning content
Store conversation history for context and continuity
Provide customer support
Send service-related communications

4.2 To Enhance Safety and Security

Maintain functionality, security, and compliance
Monitor for inappropriate content and behavior
Detect and prevent fraud, abuse, and security incidents
Enforce our Terms of Service
Protect the rights and safety of our users
Respond to parental inquiries and provide alerts and reports
Comply with legal obligations

4.3 To Improve Our AI Models

Operate, maintain, and improve the application
Train and improve AI response quality
Enhance content safety filters
Develop age-appropriate response mechanisms
Improve accuracy and helpfulness of responses
Note: Personal information is anonymized or removed before use in training

4.4 For Analytics and Research

Understand how users interact with the Service
Analyze usage patterns and trends
Conduct internal research and development
Improve user experience and features
Generate aggregated, anonymized statistics

4.5 For Marketing Communications (With Your Consent)

Send promotional materials and updates
Notify you of new features and offers
Conduct surveys and collect feedback
Note: You can opt out of marketing communications at any time

5. How We Share Your Information

We do not sell your personal information. We may share information with:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Cloud hosting providers (data storage and processing)
Payment processors
AI model providers (generating responses)
Email service providers (transactional emails)
Analytics services (understanding usage patterns)
Customer support tools

These providers are contractually obligated to protect your information and use it only for specified purposes.

5.2 AI Model Providers

We use third-party AI model providers (such as OpenAI, Anthropic, Google, and X.AI) to generate chat responses and enhance user experiences. These providers process chat inputs and related data only to deliver the AI functionality on our behalf. If a user is under 13, we require verifiable parental consent before any interaction with AI features that collect or process personal information.

Conversations are sent to these providers to generate AI responses
These providers have their own privacy policies governing their use of data
We use business-tier services with enhanced privacy protections where available
Personal information is minimized when sent to AI providers

5.3 Legal Requirements

We may disclose information if required to do so by law or in response to:

Court orders, subpoenas, or legal processes
Government or regulatory requests
Requests to protect rights, property, or safety
Investigations of potential violations of our Terms
Emergency situations involving potential harm

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5.5 With Your Consent

We may share information for other purposes with your explicit consent.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for:

Research and analysis
Marketing and promotional purposes
Public reporting
Business partnerships

6. Data Retention

6.1 Retention Periods

We retain your information for as long as necessary to:

Provide the Service to you
Comply with legal obligations
Resolve disputes
Enforce our agreements

6.2 Specific Retention

Account Information: Retained while your account is active and for a reasonable period after deletion
Chat Conversations: Retained while your account is active; deleted upon request or account deletion
Payment Information: Retained as required by law and for tax/accounting purposes
Usage Logs: Retained for 12-24 months for security and analytics purposes

6.3 Deletion

When you delete your account:

Personal information is deleted or anonymized within 90 days
Some information may be retained in backups for up to 90 additional days
Information required for legal compliance may be retained longer
Anonymized or aggregated data may be retained indefinitely

You can request deletion of specific information by contacting us.

7. Data Security

We use administrative, technical, and physical safeguards to protect your information. However, no security system is 100% effective, and we cannot guarantee absolute security.

You acknowledge that data transmission and storage carry inherent risks. Any transmission of information is at your own risk.

We are not responsible for circumvention of privacy settings or security measures.

7.1 Security Measures

We implement reasonable technical and organizational security measures to protect your information:

Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Access controls and authentication requirements
Regular security assessments and updates
Employee training on data protection
Incident response procedures

7.2 Security Limitations

Despite our efforts:

No method of transmission or storage is 100% secure
We cannot guarantee absolute security of your information
You are responsible for maintaining the security of your password and account
You should notify us immediately of any security breaches

7.3 Your Responsibility

To protect your account:

Use a strong, unique password
Do not share your password with others
Log out after using shared devices
Enable two-factor authentication if available
Review account activity regularly

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

Access your personal information
Obtain a copy of your data in a portable format
Request information about how we use your data

8.2 Correction and Updates

You can:

Update your account information through account settings
Correct inaccurate information
Request correction of information you cannot update directly

8.3 Deletion

You can:

Delete your account through account settings
Request deletion of specific information
Request deletion of children's information

8.4 Opt-Out Rights

You can opt out of:

Marketing Emails: Click unsubscribe in any marketing email or adjust settings
SMS Notifications: Reply STOP to any SMS or adjust settings
AI Training: Opt out of using your conversations for AI model training
Cookies: Adjust browser settings (may affect functionality)

8.5 Do Not Track

Our Service does not respond to Do Not Track signals because there is no industry standard for compliance.

8.6 State-Specific Rights

California Residents (CCPA/CPRA)

California Civil Code Section § 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes.

To make such a request under CCPA, email us at privacy@berrywell.ai

Right to know what personal information is collected
Right to know if personal information is sold or shared
Right to opt out of sale/sharing of personal information
Right to deletion of personal information
Right to correct inaccurate information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising these rights

European Residents (GDPR)

Right to access personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with supervisory authority

Other State Laws

We comply with applicable state privacy laws including Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Utah UCPA.

8.7 Exercising Your Rights

To exercise any of these rights:

Email us at privacy@berrywell.ai
Use the account settings in the Service

We will respond to requests within the timeframe required by applicable law (typically 30-45 days).

9. GDPR Rights (EU/UK Users)

This section applies if you are located in the European Economic Area, United Kingdom, or Switzerland ("EEA Individual").

Legal Basis for Processing

We process your personal data based on:

Performance of a contract: To provide services to you and your child
Legitimate interests: To analyze and improve services, provide customer services, and conduct marketing (where not overridden by your rights)
Legal compliance: To meet legal obligations
Consent: Where required by law or in certain other cases

As an EEA Individual, you have the right to:

Access and obtain a copy of your personal data (including in portable form)
Correct inaccurate or outdated personal data
Delete personal data we hold about you (subject to legal exceptions)
Object to processing of your personal data
Restrict how we process and disclose your personal data
Withdraw consent at any time (without retroactive effect)
Prevent processing for direct marketing purposes
Transfer your personal data to a third party
Lodge a complaint with your local Data Protection Authority

France residents: You also have the right to set guidelines for retention and communication of your personal data after your death.

International Data Transfers

Data may be processed outside your country
Safeguards: Standard Contractual Clauses, legal compliance, provider safeguards EEA/UK users: GDPR rights apply, DPO contact: dpo@berrywell.ai

9.1 Data Location

Data may be processed and stored in the United States. Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction.

9.2 Safeguards

When transferring data internationally, we:

Use Standard Contractual Clauses approved by relevant authorities
Implement appropriate safeguards as required by law
Ensure service providers provide adequate protection
Comply with applicable data transfer regulations

9.3 EEA and UK Users

If you are in the European Economic Area or United Kingdom:

We process data based on legitimate interests, contractual necessity, or consent
We implement appropriate safeguards for international transfers
You have specific rights under GDPR (see Section 8.6)
Our data protection officer can be reached at [DPO email]

10. Cookies and Tracking Technologies

10.1 Types of Technologies

We use:

Cookies: Small text files stored on your device
Local Storage: Browser-based storage
Session Storage: Temporary browser storage
Analytics Tools: To understand usage patterns
Performance Tools: To monitor and improve Service performance

10.2 Cookie Categories

Essential Cookies: Required for the Service to function
Functional Cookies: Remember your preferences
Analytics Cookies: Help us understand usage
Marketing Cookies: Used for advertising (if applicable)

10.3 Managing Cookies

You can control cookies through:

Browser settings
Cookie preference tools (if provided)
Third-party opt-out tools

Note: Disabling essential cookies may affect Service functionality.

10.4 Third-Party Tracking

We may use third-party analytics services (e.g., Google Analytics) that use cookies to collect usage information. These providers have their own privacy policies.

11. Third-Party Links and Services

11.1 External Links

The Service may contain links to third-party websites or services. We are not responsible for:

Privacy practices of third-party sites
Content of third-party services
How third parties handle your information

11.2 Third-Party Integrations

If you use third-party authentication (Google, Apple):

Your use is governed by their privacy policies
We receive only information you authorize
You can revoke access through your third-party account settings

11.3 AI Model Providers

We use third-party AI services with their own privacy policies.

OpenAI: https://openai.com/privacy
Anthropic: https://www.anthropic.com/privacy
Google: https://policies.google.com/privacy
X.AI: https://x.ai/privacy-policy

12. Updates to This Privacy Policy

12.1 Changes

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date
We will notify you by email
We may display a prominent notice in the Service
For material changes affecting children's privacy, we will obtain renewed parental consent

12.2 Your Acceptance

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, you should stop using the Service and may delete your account.

12.3 Version History

We maintain previous versions of this Privacy Policy, which you can request by contacting us.

13. Contact Us

13.1 Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: privacy@berrywell.ai Privacy Officer: Natalie Gibson Website: https://www.heyotto.app

13.2 Data Protection Officer (If Applicable)

For EEA or UK residents:

DPO Email: dpo@berrywell.ai

13.3 Supervisory Authority

EEA and UK residents have the right to lodge a complaint with their local data protection authority.

14. Additional Information for Specific Jurisdictions

14.1 California Residents

California Shine the Light Law: California residents can request information about personal information shared with third parties for their marketing purposes.

Categories of Personal Information: See Section 2 for detailed categories of information collected.

Business Purpose for Collection: See Section 4 for how we use information.

Categories of Third Parties: See Section 5 for how we share information.

14.2 Nevada Residents

Nevada residents may opt out of the sale of covered information. We do not sell personal information, but you can contact us to exercise this right.

14.3 European Residents

Legal Basis for Processing

Performance of contract (providing the Service)
Legitimate interests (improving Service, safety, fraud prevention)
Consent (where required)
Legal obligations (compliance with laws)

Data Controller: BerryWell LLC

15. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked with a particular individual or household
Processing: Any operation performed on personal information, including collection, storage, use, or disclosure
Service: The HeyOtto! application and all related services, websites, and applications
You/Your: The individual or entity using the Service

Survival

The policies in this Privacy Policy remain effective even if our Terms of Service are terminated and you are no longer using the Service.

By using HeyOtto!, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Email: support@heyotto.app

Website: https://www.heyotto.app

Privacy Policy

1. Introduction

By using the Service, you agree to this Privacy Policy, our COPPA Policy and Terms of Service. If you do not agree, do not use the Service.

For GDPR purposes, BerryWell LLC is the data controller. We are a Georgia LLC registered in the United States.

2. Information We Collect

2.1 Information You Provide Directly

Account Information

Name
Email address
Password (stored encrypted)
Phone number (optional, for notifications)
Time zone
Device Data
Financial and billing information (processed through third-party payment processors)

Child Profile Information

Child names
Ages or age ranges
Profile preferences
Family values and preferences
Restricted topics
Custom instructions for AI interactions

Communication Content

Chat messages and conversations with our AI
Feedback and support requests
User-reported content
Survey responses

2.2 Information Collected Automatically

Usage Information

General app usage data (to improve performance)
Pages and features accessed
Time spent on the Service
Interaction patterns and frequency
Device information (type, operating system, browser)
IP address
Session information
Wireless and mobile network information
Geo-location information

Technical Information

Log files
Cookies and similar technologies
Device identifiers
Performance data
Error reports and diagnostics

Other Information

Records and copies of correspondence if you contact us
Details of transactions carried out through the Service
Information when you report problems with the Service

2.3 Information from Third Parties

Authentication Providers

If you sign up using Google or Apple Sign-In, we receive basic profile information (name, email, profile picture) as permitted by your privacy settings with those providers

Payment Processors

Transaction information and payment status (we do not store full credit card numbers)

3. Children's Privacy

3.1 Parental Consent and Control

We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA) and similar laws:

No one under age 18 may create an account
We require verifiable parental consent before collecting any personal information from children under 13 via payment verification
Children under 13 may only use the Service through a parent-managed account
Parents provide information about their children and control children's profiles
Parents can review, modify, or delete their children's information at any time
We do not knowingly collect personal information directly from children under 13 without parental consent

3.2 Children's Information

Information parents may provide about children includes:

First name or nickname
Age or age range
Biological sex (optional)
Interests, preferences, and personality traits
Parental guidance preferences

For children under age 13, you should NOT provide:

Full name, address, phone number or email address
Pictures, photos, or videos of the child

3.3 Children's Content

Children's chat messages are stored as part of the Service functionality
Parents can review and delete children's conversations
Children's data is used only to provide age-appropriate responses and improve safety features
We do not use children's personal information for marketing or advertising

3.4 Parental Rights

Parents have the right to:

Review their children's personal information
Access and manage their child's data through the app
Request correction or deletion of their children's information
Refuse further collection or use of their children's information
Receive notice of our children's privacy practices
Prevent further collection or use of their child's information by deleting account

To exercise these rights, contact us at privacy@berrywell.ai.

If we learn we have collected information from a child under 13 without parental consent, we will delete it promptly.

For our complete COPPA Policy, please see chat.heyotto.app/coppa.

4. How We Use Your Information

4.1 To Provide and Improve the Service

Create and manage your account
Process your subscription and payments
Provide AI chat functionality
Personalize responses based on family profiles
Maintain age-appropriate content filtering
Generate alerts for potentially concerning content
Store conversation history for context and continuity
Provide customer support
Send service-related communications

4.2 To Enhance Safety and Security

Maintain functionality, security, and compliance
Monitor for inappropriate content and behavior
Detect and prevent fraud, abuse, and security incidents
Enforce our Terms of Service
Protect the rights and safety of our users
Respond to parental inquiries and provide alerts and reports
Comply with legal obligations

4.3 To Improve Our AI Models

Operate, maintain, and improve the application
Train and improve AI response quality
Enhance content safety filters
Develop age-appropriate response mechanisms
Improve accuracy and helpfulness of responses
Note: Personal information is anonymized or removed before use in training

4.4 For Analytics and Research

Understand how users interact with the Service
Analyze usage patterns and trends
Conduct internal research and development
Improve user experience and features
Generate aggregated, anonymized statistics

4.5 For Marketing Communications (With Your Consent)

Send promotional materials and updates
Notify you of new features and offers
Conduct surveys and collect feedback
Note: You can opt out of marketing communications at any time

5. How We Share Your Information

We do not sell your personal information. We may share information with:

5.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

Cloud hosting providers (data storage and processing)
Payment processors
AI model providers (generating responses)
Email service providers (transactional emails)
Analytics services (understanding usage patterns)
Customer support tools

These providers are contractually obligated to protect your information and use it only for specified purposes.

5.2 AI Model Providers

Conversations are sent to these providers to generate AI responses
These providers have their own privacy policies governing their use of data
We use business-tier services with enhanced privacy protections where available
Personal information is minimized when sent to AI providers

5.3 Legal Requirements

We may disclose information if required to do so by law or in response to:

Court orders, subpoenas, or legal processes
Government or regulatory requests
Requests to protect rights, property, or safety
Investigations of potential violations of our Terms
Emergency situations involving potential harm

5.4 Business Transfers

5.5 With Your Consent

We may share information for other purposes with your explicit consent.

5.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for:

Research and analysis
Marketing and promotional purposes
Public reporting
Business partnerships

6. Data Retention

6.1 Retention Periods

We retain your information for as long as necessary to:

Provide the Service to you
Comply with legal obligations
Resolve disputes
Enforce our agreements

6.2 Specific Retention

Account Information: Retained while your account is active and for a reasonable period after deletion
Chat Conversations: Retained while your account is active; deleted upon request or account deletion
Payment Information: Retained as required by law and for tax/accounting purposes
Usage Logs: Retained for 12-24 months for security and analytics purposes

6.3 Deletion

When you delete your account:

Personal information is deleted or anonymized within 90 days
Some information may be retained in backups for up to 90 additional days
Information required for legal compliance may be retained longer
Anonymized or aggregated data may be retained indefinitely

You can request deletion of specific information by contacting us.

7. Data Security

We use administrative, technical, and physical safeguards to protect your information. However, no security system is 100% effective, and we cannot guarantee absolute security.

You acknowledge that data transmission and storage carry inherent risks. Any transmission of information is at your own risk.

We are not responsible for circumvention of privacy settings or security measures.

7.1 Security Measures

We implement reasonable technical and organizational security measures to protect your information:

Encryption of data in transit (TLS/SSL)
Encryption of sensitive data at rest
Access controls and authentication requirements
Regular security assessments and updates
Employee training on data protection
Incident response procedures

7.2 Security Limitations

Despite our efforts:

No method of transmission or storage is 100% secure
We cannot guarantee absolute security of your information
You are responsible for maintaining the security of your password and account
You should notify us immediately of any security breaches

7.3 Your Responsibility

To protect your account:

Use a strong, unique password
Do not share your password with others
Log out after using shared devices
Enable two-factor authentication if available
Review account activity regularly

8. Your Rights and Choices

8.1 Access and Portability

You have the right to:

Access your personal information
Obtain a copy of your data in a portable format
Request information about how we use your data

8.2 Correction and Updates

You can:

Update your account information through account settings
Correct inaccurate information
Request correction of information you cannot update directly

8.3 Deletion

You can:

Delete your account through account settings
Request deletion of specific information
Request deletion of children's information

8.4 Opt-Out Rights

You can opt out of:

Marketing Emails: Click unsubscribe in any marketing email or adjust settings
SMS Notifications: Reply STOP to any SMS or adjust settings
AI Training: Opt out of using your conversations for AI model training
Cookies: Adjust browser settings (may affect functionality)

8.5 Do Not Track

Our Service does not respond to Do Not Track signals because there is no industry standard for compliance.

8.6 State-Specific Rights

California Residents (CCPA/CPRA)

California Civil Code Section § 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes.

To make such a request under CCPA, email us at privacy@berrywell.ai

Right to know what personal information is collected
Right to know if personal information is sold or shared
Right to opt out of sale/sharing of personal information
Right to deletion of personal information
Right to correct inaccurate information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising these rights

European Residents (GDPR)

Right to access personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with supervisory authority

Other State Laws

We comply with applicable state privacy laws including Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Utah UCPA.

8.7 Exercising Your Rights

To exercise any of these rights:

Email us at privacy@berrywell.ai
Use the account settings in the Service

We will respond to requests within the timeframe required by applicable law (typically 30-45 days).

9. GDPR Rights (EU/UK Users)

This section applies if you are located in the European Economic Area, United Kingdom, or Switzerland ("EEA Individual").

Legal Basis for Processing

We process your personal data based on:

Performance of a contract: To provide services to you and your child
Legitimate interests: To analyze and improve services, provide customer services, and conduct marketing (where not overridden by your rights)
Legal compliance: To meet legal obligations
Consent: Where required by law or in certain other cases

As an EEA Individual, you have the right to:

Access and obtain a copy of your personal data (including in portable form)
Correct inaccurate or outdated personal data
Delete personal data we hold about you (subject to legal exceptions)
Object to processing of your personal data
Restrict how we process and disclose your personal data
Withdraw consent at any time (without retroactive effect)
Prevent processing for direct marketing purposes
Transfer your personal data to a third party
Lodge a complaint with your local Data Protection Authority

France residents: You also have the right to set guidelines for retention and communication of your personal data after your death.

International Data Transfers

Data may be processed outside your country
Safeguards: Standard Contractual Clauses, legal compliance, provider safeguards EEA/UK users: GDPR rights apply, DPO contact: dpo@berrywell.ai

9.1 Data Location

9.2 Safeguards

When transferring data internationally, we:

Use Standard Contractual Clauses approved by relevant authorities
Implement appropriate safeguards as required by law
Ensure service providers provide adequate protection
Comply with applicable data transfer regulations

9.3 EEA and UK Users

If you are in the European Economic Area or United Kingdom:

We process data based on legitimate interests, contractual necessity, or consent
We implement appropriate safeguards for international transfers
You have specific rights under GDPR (see Section 8.6)
Our data protection officer can be reached at [DPO email]

10. Cookies and Tracking Technologies

10.1 Types of Technologies

We use:

Cookies: Small text files stored on your device
Local Storage: Browser-based storage
Session Storage: Temporary browser storage
Analytics Tools: To understand usage patterns
Performance Tools: To monitor and improve Service performance

10.2 Cookie Categories

Essential Cookies: Required for the Service to function
Functional Cookies: Remember your preferences
Analytics Cookies: Help us understand usage
Marketing Cookies: Used for advertising (if applicable)

10.3 Managing Cookies

You can control cookies through:

Browser settings
Cookie preference tools (if provided)
Third-party opt-out tools

Note: Disabling essential cookies may affect Service functionality.

10.4 Third-Party Tracking

We may use third-party analytics services (e.g., Google Analytics) that use cookies to collect usage information. These providers have their own privacy policies.

11. Third-Party Links and Services

11.1 External Links

The Service may contain links to third-party websites or services. We are not responsible for:

Privacy practices of third-party sites
Content of third-party services
How third parties handle your information

11.2 Third-Party Integrations

If you use third-party authentication (Google, Apple):

Your use is governed by their privacy policies
We receive only information you authorize
You can revoke access through your third-party account settings

11.3 AI Model Providers

We use third-party AI services with their own privacy policies.

OpenAI: https://openai.com/privacy
Anthropic: https://www.anthropic.com/privacy
Google: https://policies.google.com/privacy
X.AI: https://x.ai/privacy-policy

12. Updates to This Privacy Policy

12.1 Changes

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last Updated" date
We will notify you by email
We may display a prominent notice in the Service
For material changes affecting children's privacy, we will obtain renewed parental consent

12.2 Your Acceptance

12.3 Version History

We maintain previous versions of this Privacy Policy, which you can request by contacting us.

13. Contact Us

13.1 Privacy Questions

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: privacy@berrywell.ai Privacy Officer: Natalie Gibson Website: https://www.heyotto.app

13.2 Data Protection Officer (If Applicable)

For EEA or UK residents:

DPO Email: dpo@berrywell.ai

13.3 Supervisory Authority

EEA and UK residents have the right to lodge a complaint with their local data protection authority.

14. Additional Information for Specific Jurisdictions

14.1 California Residents

California Shine the Light Law: California residents can request information about personal information shared with third parties for their marketing purposes.

Categories of Personal Information: See Section 2 for detailed categories of information collected.

Business Purpose for Collection: See Section 4 for how we use information.

Categories of Third Parties: See Section 5 for how we share information.

14.2 Nevada Residents

Nevada residents may opt out of the sale of covered information. We do not sell personal information, but you can contact us to exercise this right.

14.3 European Residents

Legal Basis for Processing

Performance of contract (providing the Service)
Legitimate interests (improving Service, safety, fraud prevention)
Consent (where required)
Legal obligations (compliance with laws)

Data Controller: BerryWell LLC

15. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked with a particular individual or household
Processing: Any operation performed on personal information, including collection, storage, use, or disclosure
Service: The HeyOtto! application and all related services, websites, and applications
You/Your: The individual or entity using the Service

Survival

The policies in this Privacy Policy remain effective even if our Terms of Service are terminated and you are no longer using the Service.

By using HeyOtto!, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Email: support@heyotto.app

Website: https://www.heyotto.app