askothrtrademark

Legal

Privacy Policy

Last updated: 21 May 2026

This Privacy Policy explains how Othr collects, uses, shares, retains and protects your personal data, and the rights you have. We've written it to be readable, but it is a formal notice issued under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and — where it applies — the EU General Data Protection Regulation (EU GDPR).

By creating an account or otherwise using Othr, you confirm that you have read and understood this policy. If you do not agree with it, please do not use the service.

1. Who we are (data controller)

The data controller for Othr is Kate Welham, a sole trader established in the United Kingdom, trading as "Othr" ("Othr", "we", "us", "our"). Our registered correspondence address is:

Kate Welham trading as Othr
7 Belward Street
Nottingham NG1 1LB
United Kingdom

For any privacy question, data subject request, or formal notice, contact contact@askothr.com or call +44 7399 360391. We aim to respond to all privacy requests within 30 days, in line with UK GDPR Article 12.

Because Othr is operated by a sole trader below the relevant thresholds, we are not required to appoint a Data Protection Officer (DPO). Privacy matters are handled directly by the controller.

2. Scope of this policy

This policy applies to personal data we collect when you:

  • Visit askothr.com or any subdomain we operate.
  • Create an Othr account, sign in, or use the chat and workspace features.
  • Subscribe to Othr Pro or interact with our billing flow.
  • Contact us by email, phone, or any support channel.
  • Receive transactional or service emails from us.

It does not cover third-party websites we link to, or services you authenticate into separately (those have their own privacy notices).

3. Personal data we collect

We collect only what we need to run Othr responsibly. In practice this includes:

3.1 Account data

  • Email address.
  • Display name (if you choose to set one).
  • Hashed authentication credentials (we never store your password in plain text).
  • Account preferences such as theme, language and "About you" notes you choose to add.
  • Account status, plan, and timestamps for creation, last sign-in and email verification.

3.2 Conversation and workspace content

  • The messages you send to Othr, and the AI responses you receive.
  • Documents, images and files you choose to upload during a conversation.
  • Conversation titles and organisational metadata you create.

3.3 Usage and technical data

  • Daily message counts (used to enforce free-tier limits).
  • Approximate region inferred from your IP address.
  • Device, browser, and operating system information.
  • Diagnostic logs (errors, latency, rate-limit events) — usually pseudonymised by user ID rather than name.
  • Cookie and analytics identifiers — see our Cookie Policy.

3.4 Billing data (handled by Stripe)

When you subscribe to Othr Pro, payment is processed through our integrated third-party payment gateway, Stripe. Stripe collects the data needed to take payment, including your name, billing address, country, payment method details, and transaction history. Othr receives a limited subset of this data (a customer identifier, subscription status, plan, renewal date, and country for tax purposes) and does not store full card numbers on its own servers.

3.5 Support correspondence

  • Messages you send to contact@askothr.com and our replies.
  • Any context you choose to share when reporting a problem.

3.6 Safety and abuse signals

Where content appears to violate our Acceptable Use Policy or applicable law, we may record the relevant request, the moderation decision, and a minimal audit trail to enforce our terms and protect other users.

3.7 What we do not collect

  • We do not knowingly collect personal data from anyone under 18.
  • We do not buy personal data from data brokers.
  • We do not run third-party advertising trackers on Othr.
  • We do not use facial recognition, biometric profiling, or automated decision-making with legal effect.

4. Sources of personal data

  • Directly from you — when you sign up, fill in a form, send a message, or upload a file.
  • Automatically — from your browser and device when you use Othr (cookies, logs, IP address).
  • From our processors — Stripe (subscription and payment status), our database/auth host (auth events), Cloudflare (security events) and Resend (email delivery events).

5. How we use your personal data (purposes and legal bases)

Under UK GDPR Article 6 we may only use your personal data where we have a lawful basis. The table below sets out each purpose and the basis we rely on.

5.1 Providing the service

  • Creating and maintaining your account.
  • Generating AI responses to your prompts.
  • Preserving conversation continuity across sessions.
  • Storing and serving files you upload.

Lawful basis: performance of a contract (Article 6(1)(b)).

5.2 Billing, subscriptions and tax

  • Processing payments and renewals (via Stripe).
  • Issuing receipts and handling refunds directly.
  • Meeting tax, accounting and statutory record-keeping duties.

Lawful basis: contract performance and legal obligation (Article 6(1)(b) and (c)).

5.3 Security, fraud prevention and abuse handling

  • Detecting and preventing fraudulent sign-ups and payment fraud.
  • Rate-limiting and bot mitigation (including Cloudflare Turnstile).
  • Investigating misuse of the service and enforcing our terms.

Lawful basis: legitimate interests in running a safe service (Article 6(1)(f)) and legal obligation.

5.4 Product improvement and analytics

  • Aggregate, anonymised usage analytics.
  • Performance and reliability monitoring.
  • Diagnosing bugs and crashes.

Lawful basis: legitimate interests (Article 6(1)(f)); consent for non-essential analytics cookies (Article 6(1)(a)).

5.5 Customer support

  • Responding to enquiries you send us.
  • Investigating reported issues.

Lawful basis: contract performance and legitimate interests.

5.6 Service communications

  • Transactional emails (sign-in, password reset, email change, billing receipts).
  • Material changes to these terms or this policy.

Lawful basis: contract performance and legal obligation.

5.7 Marketing (currently very limited)

Othr does not currently send marketing emails. If we do in future, we will rely on your explicit consent (Article 6(1)(a)) and you will be able to unsubscribe at any time with a single click.

6. AI model processing

Othr generates responses using industry-leading third-party AI models (such as those from OpenAI), accessed through a secured, enterprise-grade API routing proxy that transmits conversational data to the chosen model over encrypted channels. The set of upstream providers may change over time as we improve quality, latency and reliability; the current set is always reflected in this policy and our Cookie Policy.

When you send a message or upload a file:

  • The content of your prompt and any attached files is transmitted over encrypted channels (TLS) through the API routing proxy to the chosen AI model.
  • The model processes the content solely to generate the response you have asked for.
  • The response is returned to Othr and shown to you, and both prompt and response are stored against your account so the conversation can continue.
  • Your data is strictly confidential and is never used to train public language models. We do not use your private conversations to train Othr's own models, and the API routing proxy and upstream providers are contractually required not to use your content to train their general-purpose models.

Upstream providers may keep short-lived operational logs for safety and abuse monitoring under their own terms, subject to appropriate privacy commitments and retention limits.

7. AI accuracy and human oversight

AI-generated responses may be inaccurate, incomplete, biased or out of date. Othr is a thinking partner, not an oracle: do not rely on it for medical, legal, financial, psychological or other regulated professional advice without independent verification from a qualified human. See our Terms for the full disclaimer.

We do not make automated decisions about you that produce legal or similarly significant effects (UK GDPR Article 22). Moderation actions (such as blocking a request that violates our Acceptable Use Policy) are made with human-defined rules and can be reviewed by a human on request.

8. Your content, your ownership

You retain full ownership of the content you upload and the conversations you have with Othr. We do not claim ownership of your materials, ideas or work. We process your content only to provide and improve the service, as set out in this policy and our Terms.

9. Who we share your data with

We do not sell personal data. We share it only with the small set of trusted processors and recipients listed below. Each is bound by a written contract (or equivalent) that requires them to process data only on our instructions and to apply appropriate security measures.

9.1 Service providers (processors)

  • Managed database, authentication and file storage host — hosted in the EU.
  • Cloudflare — hosting, content delivery, DDoS protection and bot mitigation (Turnstile).
  • Secured API routing proxy — routes conversational data to upstream AI model providers (such as OpenAI) under strict confidentiality terms. Your data is never used to train public language models.
  • Stripe — payment processing for Othr Pro subscriptions. Stripe acts as an independent data controller for the payment data it collects directly from you, under its own Privacy Policy.
  • Resend — transactional email delivery (sign-in, password reset, billing notifications).

9.3 Professional advisers

  • Accountants, auditors, lawyers and insurers, where strictly necessary and under a duty of confidentiality.

9.4 Authorities

  • Law enforcement, regulators, courts and other public authorities, where we are legally compelled to disclose or where disclosure is necessary to protect our rights, your safety or the safety of others.

9.5 Business transfers

If Othr is ever sold, restructured or merged, personal data may be transferred to the relevant successor entity. You will be told in advance and offered choices where the law requires it.

10. International data transfers

Othr is operated from the United Kingdom. Some of our processors (notably AI model providers, hosting, security and email infrastructure) process data outside the UK and the European Economic Area (EEA), including in the United States.

Where data is transferred internationally, we rely on appropriate safeguards under UK GDPR Chapter V and EU GDPR Chapter V, which may include:

  • The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses (SCCs).
  • The EU Standard Contractual Clauses (2021).
  • Adequacy decisions, including the UK Extension to the EU–US Data Privacy Framework.
  • Supplementary technical and organisational measures (e.g. encryption in transit and at rest).

You can request a copy of the safeguards in place by emailing contact@askothr.com.

11. Data retention

We keep personal data only for as long as we have a clear purpose for it. The default retention windows are:

  • Account data — for as long as your account is open, and up to 30 days after deletion in routine backups.
  • Conversations and uploaded files — until you delete them or close your account; thereafter purged within 30 days, subject to backup rotation.
  • Diagnostic and security logs — typically 30–90 days.
  • Billing and tax records — kept for at least 6 years to meet HMRC and statutory obligations.
  • Support correspondence — up to 2 years from your last contact.
  • Safety / abuse audit records — up to 2 years, or longer if needed to defend a legal claim.

Long-inactive accounts (no sign-in for 24+ months) may be deleted after we email you a reasonable warning.

12. Your rights

Under UK GDPR and (where it applies) EU GDPR you have the right to:

  • Access the personal data we hold about you (Article 15).
  • Rectify data that is inaccurate or incomplete (Article 16).
  • Erase your account and associated data (Article 17 — the "right to be forgotten").
  • Restrict certain types of processing (Article 18).
  • Port your data in a structured, machine-readable format (Article 20).
  • Object to processing carried out on the basis of legitimate interests (Article 21).
  • Withdraw consent at any time, where consent was the basis for processing (Article 7).
  • Not be subject to fully automated decisions with legal or similarly significant effects (Article 22).
  • Complain to a supervisory authority.

You can exercise the access, export and erasure rights directly from your account settings (Data & Privacy). For everything else, email contact@askothr.com. We will respond within 30 days and may request reasonable proof of identity to protect your data.

In the UK you may complain to the Information Commissioner's Office (ICO) ico.org.uk. In the EEA you may complain to your local supervisory authority. We would, however, appreciate the chance to address your concerns first.

13. Cookies and similar technologies

We use a small, deliberate set of cookies and similar technologies (such as localStorage). Categories include strictly necessary cookies, analytics, preferences and (potentially) lightweight marketing attribution.

You manage your choices through the cookie banner shown on first visit, and at any time via the "Cookie preferences" link in the footer. See our Cookie Policy for the full list and your controls.

14. Security

We apply technical and organisational measures appropriate to the risk, including:

  • TLS encryption in transit for all client–server traffic.
  • Encryption at rest for databases and file storage.
  • Row-level security policies on the database so users can access only their own data.
  • Hashed credentials, session rotation and multi-factor protections on administrative access.
  • Least-privilege access for the controller and any future staff or contractors.
  • Rate-limiting, bot mitigation and audit logging for sensitive endpoints.
  • Regular review of dependencies and security advisories.

No system is perfectly secure, but we treat your data with genuine care. If we ever suffer a personal data breach likely to result in a risk to your rights, we will notify the ICO within 72 hours where required by Article 33 UK GDPR, and notify affected users without undue delay where Article 34 applies.

15. Children

Othr is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

16. Changes to this policy

We may update this policy from time to time to reflect changes in the service, the law, or the way we work. When changes are material, we will notify you by email and via a notice in the product before they take effect. The "Last updated" date at the top of this page shows when the policy was last revised.

17. Contact

For any privacy question, data subject request, or formal notice, write to contact@askothr.com or call +44 7399 360391. Postal mail can be sent to the registered correspondence address in section 1.

Questions? Write to contact@askothr.com or call +44 7399 360391.

Last updated 21 May 2026