Privacy Policy

Last updated: January 20, 2026

Overview

OTP is a B2B traceability and operations management platform. We take your privacy seriously and comply with GDPR and other data protection regulations.

Data We Collect

  • Account Information: Name, email, role
  • Activity Logs: Login history, actions performed, IP addresses
  • Content: Dashboards, queries, files you create
  • Device Information: Push notification tokens (if enabled)

How We Use Your Data

  • Service Delivery: To provide the OTP platform to your organization
  • Security & Compliance: Audit logs for SOC 2, security monitoring
  • Communication: System notifications, alerts

Legal Basis (GDPR):

  • Contract Performance (Article 6(1)(b)) - Service delivery
  • Legal Obligation (Article 6(1)(c)) - Compliance requirements
  • Legitimate Interest (Article 6(1)(f)) - Security and operational needs

Account Deletion & Your Rights

What Happens When You Delete Your Account

When you delete your account, we anonymize your personal information:

  • ✓ Your email is changed to deleted-xxxxx@iotready.com
  • ✓ Your name is changed to "Deleted User"
  • ✓ Your username, display name, and phone number are removed
  • ✓ Your profile image is removed
  • ✓ Your device tokens are deleted
  • ✓ Your API keys are deleted
  • ✓ Your login sessions are terminated

What We Keep:

  • 📊 Dashboards and queries you created (owned by your organization)
  • 📄 Files you uploaded (owned by your organization)
  • 📋 Audit logs (anonymized, retained for compliance)

Why? These resources are part of the service your organization contracted for. Deleting them would disrupt service for your colleagues. Your personal information is removed (anonymized), so they no longer identify you.

Your GDPR Rights

  • Right to Access: View your data at /audit
  • Right to Rectification: Update your profile
  • Right to Erasure: Delete your account (anonymization) - see above
  • Right to Data Portability: Export your data in CSV/XLSX format
  • Right to Object: Contact us at privacy@iotready.com

Data Retention

  • Audit Logs: 2-7 years (compliance requirements)
  • Operational Logs: 90 days
  • User Content: Until deleted by organization or account termination

Security

  • TLS encryption in transit
  • Role-based access control (RBAC)
  • Audit logging of all actions
  • Regular security updates

Organization-Level Deletion

If your organization terminates the contract with OTP, all data (including shared resources) will be permanently deleted within 30 days.

Contact & Data Protection Officer

For privacy inquiries, data subject access requests, or to exercise your rights:

  • Email: privacy@iotready.com

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or system notification.