Privacy Policy

Last updated: 2026-06-01

What we collect

  • Account data: email, name, hashed password, billing metadata.
  • Container data: GTM config (your tags, triggers, variables), subdomain configuration.
  • Event data: events you choose to forward through our servers — we process but do not inspect payload contents beyond what's needed for delivery.
  • Operational data: request logs (IP, user-agent, timestamp) for security and rate limiting, retained for 30 days.

How we use it

  • To operate the service and route your events to the destinations you configured.
  • To detect abuse, prevent fraud, and enforce rate limits.
  • To send you service-related emails (security alerts, billing receipts).

We do not sell your data. We do not use your event payloads for advertising or share them with third parties beyond the destinations you configure.

Subprocessors

  • Coolify (hosting) — Bangladesh
  • Cloudflare (DNS, DDoS protection)
  • PostgreSQL (managed, self-hosted via Coolify)
  • Redis (managed, self-hosted via Coolify)

Your rights

You can request export or deletion of your account data at any time by emailing privacy@otut.io. We respond within 7 business days.

Cookies

otut.io itself sets only a session cookie (NextAuth). The Power Loader script sets first-party cookies on your own subdomain — these are your cookies, under your privacy policy, on a domain you control.

Contact

Data Protection Officer: privacy@otut.io

Questions? Contact us.