Privacy Policy

01Introduction

OBTO Inc. ("OBTO," "we," "us," or "our") is committed to protecting your privacy and being transparent about how we handle your data. This is core to our identity as the "Glass Box AI" platform — transparency extends not just to our AI agent operations, but to our own data practices.

This Privacy Policy applies to all OBTO services, including:

The OBTO platform at www.obto.co and all subdomains (mcp.obto.co, login.obto.co).
Ecosystem products: Sofos (sofos.obto.co), Pelatis (pelatis.co), and the MCP Server Builder.
MCP server tooling connected via Claude Desktop, Cursor, VS Code, AntiGravity, or other compatible clients.
All APIs and services provided by OBTO.

By using OBTO, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our services.

02Information We Collect

Category	Data Collected	How It's Collected
Account Data	Name, email address, Google OAuth profile information, organization name (if applicable)	Registration / Google OAuth via login.obto.co
Application Artifacts	Code, routes, pages, stylesheets, server scripts, client scripts, UI templates, policies	Created by you or AI agents via MCP tool calls
Prompt & Conversation Data	Natural language prompts sent via MCP connections, conversation context, agent reasoning traces	MCP server interactions from your chat client
Usage & Telemetry	Token consumption, request counts, compute usage, Glass Receipt data, API call logs, feature usage	Automatically during platform use
Technical Data	IP address, browser type, device information, access timestamps	Automatically via server logs
Payment Data	Billing address, subscription tier, payment history (full card details are NOT stored by OBTO)	Via third-party payment processor

03How We Use Your Data

We use the information we collect for the following purposes:

To provide and operate the platform — executing your prompts, deploying your applications, storing your artifacts, and delivering the OBTO services you have requested.
To power the Hindsight Memory Fabric — retaining conversation context across sessions to improve AI agent performance and enable complex multi-step workflows.
To generate Glass Receipts — providing you with transparent, detailed breakdowns of token consumption, model costs, and compute usage.
To maintain and improve the platform — analyzing aggregate usage patterns to improve reliability, performance, and user experience. We use anonymized and aggregated data for this purpose.
To provide customer support — responding to your inquiries and resolving technical issues.
To communicate with you — sending account-related notifications, billing updates, security alerts, and service announcements.
To enforce our policies — detecting and preventing abuse, fraud, and violations of our Terms of Service.

04What We Do NOT Do

🚫 We do NOT sell your personal data to third parties.

🚫 We do NOT train any machine learning models on your application code, prompts, or artifacts.

🚫 We do NOT share your artifacts or application data with other users or tenants.

🚫 We do NOT store full credit card numbers or payment card details.

Our Pledge

Your data is yours. We built OBTO on the principle of "No Data Hostages." We provide the engine and the built-in storage, but you retain full ownership of your intellectual property, logic, and workflows.

05Multi-Model Data Routing

Important

When you select a third-party LLM, your prompts and context leave OBTO's infrastructure and are processed by that third-party provider.

OBTO is model-agnostic and supports multiple LLM providers including OpenAI, Groq, Ollama, and open-weight models. When you interact with the platform:

Your prompt and relevant context (including application code, conversation history, and error logs) are sent to the LLM provider you have selected.
OBTO does not control how third-party LLM providers process, store, or use the data they receive. Each provider operates under their own privacy policy and terms of service.
You are responsible for reviewing and accepting the privacy policies of any third-party LLM providers you choose to use through OBTO.
For self-hosted models (e.g., via Ollama or on-prem open-weight models), data remains within your infrastructure and is not routed to any third-party.

We encourage you to review the privacy policies of the LLM providers you use. OBTO will make commercially reasonable efforts to document which providers are available and link to their respective privacy policies within the platform.

06Hindsight Memory Fabric

OBTO's Hindsight Memory Fabric is a persistent memory system that retains conversation context across sessions. It is paired with high-speed inference (Groq) to enable smaller, cost-efficient models to execute complex multi-step workflows.

How Memory Works

Hindsight Memory is enabled by default for all users to maximize agent performance.
Memory includes conversation context, prompt history, agent reasoning patterns, and workflow state.
Memory is isolated per user and per application — your memories are never shared with or visible to other users.

Your Control Over Memory

You can view your stored memories at any time through your account settings.
You can delete individual memories or all memories at any time. Deletions are permanent and irreversible.
Deleted memories are purged from all active systems. Backup copies may persist in encrypted backups for up to 30 days before being permanently purged.

Best Practice

Avoid sharing sensitive credentials (passwords, API keys, private keys) directly in prompts. Use OBTO's built-in secrets management for sensitive configuration. Memory persistence means prompt content is retained across sessions.

07Data Storage & Architecture

OBTO uses a unique database-native artifact architecture. Unlike traditional platforms that rely on filesystems or Git repositories:

All application artifacts (code, routes, pages, scripts, templates, stylesheets) are stored as database records in MongoDB.
This architecture is specifically designed for AI agents to easily read, write, and deploy code without human-centric tooling overhead.
Data is encrypted at rest using industry-standard encryption (AES-256).
Infrastructure runs on Kubernetes clusters (managed cloud by default).

08Data Retention

Data Type	Retention Period
Account Data	Retained while your account is active. Deleted within 90 days of account closure.
Application Artifacts	Retained while your account is active. Available for export for 30 days after account closure, then permanently deleted.
Prompt & Conversation Data	Retained as part of Hindsight Memory Fabric. Deletable by user at any time.
Glass Receipt / Audit Trail Data	Retained for 12 months for compliance and transparency purposes.
Usage & Telemetry	Retained in anonymized/aggregated form indefinitely for platform improvement.
Payment Data	Retained by our third-party payment processor per their retention policy.
Technical / Server Logs	Retained for up to 90 days, then automatically purged.

09Data Sharing & Third Parties

We share your data only in the following limited circumstances:

Service Providers

Cloud Infrastructure: Hosting providers and Kubernetes cluster operators that power OBTO's managed cloud.
Payment Processing: Third-party payment processors to handle subscription billing.
Analytics: Anonymized and aggregated usage data with analytics providers to improve the platform.

User-Selected LLM Providers

When you choose a third-party LLM (OpenAI, Groq, etc.), your prompts and context are routed to that provider. This is a user-initiated data transfer and is governed by the third-party's own privacy policy. See Section 05: Multi-Model Data Routing.

Legal Requirements

We may disclose your data when required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of OBTO, our users, or the public.

Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your data with third parties when you explicitly consent to such sharing.

10Your Rights

You have the following rights regarding your data on OBTO:

Access: You can access your data at any time through the OBTO dashboard, including application artifacts, Glass Receipts, and account information.
Export: You can export your full application artifacts, including all code, routes, pages, scripts, and templates. This supports OBTO's Hybrid Portability model, enabling you to port your entire runtime to your own infrastructure.
Delete: You can delete individual memories from the Hindsight Memory Fabric, individual applications and artifacts, or your entire account and all associated data.
Correction: You can update your account information and correct any inaccuracies through your account settings.
Objection: You can object to specific data processing activities by contacting us at [email protected].

To exercise any of these rights, use your account settings on the OBTO dashboard or contact us at [email protected]. We will respond to all requests within 30 days.

11Hybrid Portability & On-Prem

OBTO is containerized on Kubernetes by default, enabling seamless migration from our managed cloud to your own infrastructure.

When you port workloads to your own Kubernetes clusters (private cloud or bare metal), data governance transfers entirely to you.
OBTO ceases to process, store, or have access to data that has been migrated to your infrastructure.
You become the data controller for all data residing on your self-hosted OBTO runtime.
OBTO may retain minimal metadata (account ID, subscription status) for billing and support purposes.

12Security

We take the security of your data seriously and implement multiple layers of protection:

Encryption in Transit: All connections to OBTO services are encrypted using TLS 1.2+ (HTTPS).
Encryption at Rest: Application artifacts and user data are encrypted at rest using AES-256.
Role-Based Access Controls (RBAC): Fine-grained permissions for users, teams, and organizations.
Domain-Restricted MCP Access: MCP server connections are restricted to *.obto.co domains to prevent unauthorized access.
Tenant Isolation: Multi-tenant architecture with strict data isolation between users and organizations.
Audit Trails: The Glass Box dashboard provides full audit trails of all agent actions and deployments.

While we employ industry-standard security practices, no system is completely immune to security threats. If you discover a security vulnerability, please report it to [email protected].

13Cookies & Tracking

Essential Cookies

We use essential cookies that are required for the platform to function. These include authentication session cookies and CSRF protection tokens. These cannot be disabled.

Analytics Cookies

We may use optional analytics cookies to understand how users interact with the platform and to improve the user experience. These cookies are only set with your consent where required by law.

No Third-Party Advertising Cookies

OBTO does not use third-party advertising cookies or tracking pixels. We do not serve ads and do not share your browsing behavior with advertising networks.

14Children's Privacy

OBTO is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If we learn that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

15International Data Transfers

OBTO Inc. is based in the State of New York, United States. If you are accessing OBTO from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States.

By using OBTO, you consent to the transfer of your data to the United States. We will take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

Enterprise users with specific data residency requirements should contact us to discuss Hybrid Portability options that allow data to remain within their own infrastructure and jurisdiction.

16Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will provide at least 30 days' notice of material changes via:

Email to the address associated with your account.
A prominent notification on the OBTO dashboard.

Your continued use of OBTO after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

17Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: [email protected]
Security Reports: [email protected]
General Contact: Contact Form

We will respond to all privacy-related inquiries within 30 days.