Ottto for ChatGPT - Privacy Policy
Last updated: 2026-06-10
This policy describes the data the Ottto app for ChatGPT ("the App") accesses, why, how long it is kept, and the controls you have. It covers the App only. Your use of the Ottto product and website is governed by the Ottto Terms of Service; this document is the App-specific privacy policy required for the OpenAI App Directory submission. A site-wide Ottto privacy policy is in preparation and will be linked here when published.
The App is read-only and strictly data-minimized. It can show you aggregated cost, usage, and source-health information about your own Ottto account inside ChatGPT. It cannot change anything in your account, and it never exposes the raw content Ottto observes.
Who this applies to
The App is available, free, to any signed-in Ottto user who chooses to connect it in ChatGPT. Connecting is entirely optional and requires an explicit OAuth consent step.
What the App can access
When you connect the App and approve the consent screen, ChatGPT can call a small set of read-only tools on your behalf. Those tools return aggregated, sanitized figures derived from the data already in your Ottto account:
| Category | Examples of what is shared | Granularity |
|---|---|---|
| Cost | Total spend over a period (USD); top cost drivers by model or source (label + amount + share %); whether the figure is estimated from a pricing catalog or billed. | Aggregated totals and ranked rows only |
| Usage | Session counts, token counts over a period; week-over-week change and the top driver. | Aggregated counts only |
| Source health | Per-source connection status (healthy / degraded), last-seen time, recent record counts, and how many sources are healthy vs degraded. | Per-source status, no payloads |
| Freshness & confidence | A data-freshness indicator (latest-seen time, coverage), a confidence signal, and short plain-language caveats. | Derived signals only |
| Reviewed recommendations (reserved) | Explanations for recommendations you have already reviewed and opened in Ottto. This scope (ottto.advisor.read) is defined but not active at launch. | Reserved; not granted today |
Every figure above is computed by a mandatory minimization step (the "projector") at the App's boundary before it is returned to ChatGPT. The same hard floor is enforced on every response.
What the App never shares
The App never returns, and a defense-in-depth scrub guard actively blocks:
- Raw prompts, completions, transcripts, or any model input/output content
- File paths, local filesystem locations, or working directories
- API keys, key prefixes, secrets, tokens, or passwords
- Machine names, device identifiers, or device UUIDs
- Email addresses or user/account identifiers
- Internal IDs (organization IDs, user IDs, session/trace/request IDs, payload hashes)
- Cloud credentials (e.g. AWS access keys) or JWTs
If any of these were ever to appear in a projected response, the response is blocked rather than returned - this is treated as a launch-blocking privacy regression and is monitored continuously (the guardrail target is zero such events).
How the data is accessed and authorized
- OAuth 2.1 with PKCE. Connecting the App runs a standard authorization-code flow. You sign in to Ottto and approve a consent screen that lists, in plain language, exactly which read-only scopes ChatGPT is requesting.
- Scopes are read-only and narrow. The available scopes are
ottto.account.read,ottto.costs.read,ottto.sources.read,ottto.apps.read, andottto.reports.read. No write, delete, or administrative scope can be granted to the App.ottto.advisor.readis reserved for a future, separately-reviewed capability and is not granted at launch. - Tokens are scoped, audience-bound, and revocable. Access tokens are issued only for the App's endpoint and expire. They can be revoked immediately (see "Your controls" below).
- Your data only. The App can only read data belonging to your own Ottto account, gated by your authenticated session at consent time.
What is logged
Two minimal, non-content records are kept so the service can be operated and audited:
- Product analytics (aggregated): which read tool was called, the result status (ok / partial), a confidence level, a coarse error category, and tool latency. These never include account data, prompts, or identifiers beyond your Ottto user/organization association used for aggregation.
- Security audit trail: durable records of security-relevant lifecycle events - when the App was connected, each successful read, and any revocation - so a reviewer can reconstruct what a connection did. These records carry only coarse, non-sensitive fields (tool name, requested scopes, a status/confidence value, a revocation reason). They never carry a token, prompt, path, machine name, email, or raw datum.
Neither record stores the content the App returned to you or any raw observed data.
Data retention
- Aggregated analytics are retained to operate and improve the service and are moved to lower-cost cold storage after 90 days.
- Security audit records are retained as the integrity trail for connections and revocations.
- The App introduces no new store of raw content: it reads existing, already-minimized Ottto data at request time and returns an aggregated answer. Retention of the underlying Ottto telemetry is governed by your Ottto account settings and the Ottto terms and privacy documentation, unchanged by the App.
Data residency
The App's data is processed in Ottto's existing production region (non-EU). The App does not introduce a separate data-residency surface; it reuses the same backend, storage, and processing as the Ottto product.
Your controls
- Consent: the App accesses nothing until you complete the OAuth consent screen and approve the specific read-only scopes shown.
- Revoke at any time: you can disconnect the App from ChatGPT, and you can revoke all Ottto connections from your Ottto account settings. Revocation takes effect immediately - outstanding tokens stop working at once.
- Token expiry: access tokens expire and must be refreshed, so access does not persist indefinitely without your continued connection.
- Account-level controls: because the App reads only your existing Ottto data, the data-management and deletion controls in your Ottto account also govern what the App can ever surface.
Changes to this policy
If the App's data practices change - for example, if a new scope or capability is introduced - this policy will be updated before that change ships, and material changes will be reflected in the consent screen.
Contact
For privacy questions about the Ottto app for ChatGPT, contact hello@ottto.net.