Otis

Effective May 4, 2026

Privacy policy

Ortelis Inc.

1. Introduction

Ortelis Inc. (“Ortelis,” “we,” “us,” or “our”) operates the Otis platform made available at runotis.com (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices and rights you have with respect to it.

This Policy applies to information we collect through the Service, our website at runotis.com, and our communications with you. It does not apply to third-party websites or services that are not operated by Ortelis.

2. Scope and audience

The Service is offered to businesses and their authorized personnel (“Customer Users”) for internal business use only. The Service is not directed to consumers, the general public, or children under the age of 16, and we do not knowingly collect personal information from children under 16.

Where Ortelis processes personal information that a Customer submits or that is generated through Customer’s use of the Service (“Customer Data”), we generally do so as a “service provider” or “processor” on behalf of that Customer. The Customer is responsible for the lawfulness of that processing and for providing notice and obtaining any required consents from its end users. If you are a Customer User and have questions about how a Customer uses the Service, please contact your Customer directly.

3. Information we collect

3.1 Information from Google Sign-In

Access to the Service requires authentication through Google Sign-In, handled on our behalf by our identity provider (Clerk). When you sign in with Google, we receive the following information from your Google account:

  • your name;
  • your primary email address;
  • your Google account ID (a unique identifier issued by Google); and
  • your profile picture, if available.

We request only the basic OpenID Connect scopes (openid, email, profile). We do not request access to your Gmail, Calendar, Drive, or other Google Workspace data. Ortelis does not store your Google password.

3.2 Information you provide

When you communicate with us (for example, by emailing us or speaking with our team), we collect the contact details and contents of your communication. When a Customer is provisioned, we may also collect business contact information for authorized personnel (such as job title and work email).

3.3 Customer Data

A Customer may submit, or direct the Service to collect, data through the Service, including prompts, code repositories, telemetry from the Customer’s own application, integration tokens, and information about the Customer’s end users (for example, end-user identifiers, emails, or names supplied through Customer’s instrumentation). We process Customer Data on the Customer’s behalf as described in our agreement with the Customer.

3.4 Information collected automatically

When you use the Service, we (and our hosting and security providers) automatically collect technical information, including:

  • IP address, device type, browser type and version, operating system, and language settings;
  • session identifiers, log timestamps, pages visited, features used, and interactions with the Service; and
  • diagnostic and performance data needed to operate the Service securely.

We use first-party cookies and similar technologies that are strictly necessary to operate the Service (for example, to keep you signed in). We do not use the Service to serve third-party advertising and we do not place advertising cookies.

4. How we use information

We use the information described above for the following purposes:

  • to authenticate users and provision accounts;
  • to provide, operate, maintain, and support the Service;
  • to communicate with you about the Service, including security alerts and administrative messages;
  • to monitor, secure, debug, and improve the Service, including by analyzing aggregated and de-identified usage data;
  • to comply with legal obligations and enforce our Terms of Service; and
  • to detect, prevent, and respond to fraud, abuse, security incidents, and harmful or illegal activity.

We do not sell personal information, we do not share personal information for cross-context behavioral advertising, and we do not use personal information to serve advertisements.

5. Google API Services and Limited Use

Ortelis’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use information obtained through Google Sign-In (your name, email, Google account ID, and profile picture) to authenticate you and to provide and improve the user-facing features of the Service.
  • We do not transfer Google-account data to third parties except (i) as necessary to provide and improve the Service through service providers acting on our behalf, (ii) to comply with applicable law or valid legal process, or (iii) as part of a merger, acquisition, or sale of assets, with notice to affected users.
  • We do not use Google-account data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read Google-account data unless we have your specific consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and de-identified.

6. How we share information

We share information with the following categories of recipients:

6.1 Service providers (sub-processors)

We rely on third-party service providers to host, operate, and support the Service. These sub-processors process information under written agreements that limit their use of that information to providing services to us. We may add or replace sub-processors from time to time. The current list can be requested by emailing privacy@runotis.com.

6.2 Customer-initiated sharing

Some features (such as Slack and GitHub integrations) are activated by a Customer and route information to the third-party services those Customers select. Information shared with those services is governed by the Customer’s agreement with those third parties.

6.3 Compliance and protection

We may disclose information if we have a good-faith belief that doing so is necessary to (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect against harm to the rights, property, or safety of Ortelis, our users, or the public.

6.4 Business transfers

If Ortelis is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections. We will notify affected users and provide choices where required by law.

7. Data retention

We retain personal information for as long as necessary to provide the Service and for the legitimate business purposes described in this Policy, including to comply with our legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer needed, we delete or de-identify it. Backups and logs may persist for a limited period in accordance with our retention schedules.

8. Security

We use commercially reasonable technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, secrets management, network segmentation, and logging. No method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

If you suspect unauthorized access to your account or have a security concern, please contact us at security@runotis.com.

9. Your choices and rights

Because access to the Service is provisioned by a Customer, the Customer typically administers your account. You can sign out of the Service at any time, and you can revoke our access to your Google account at myaccount.google.com under “Security › Third-party apps with account access.” Subject to applicable law, you may have the right to request access to, correction of, or deletion of personal information that we hold about you, to object to or restrict certain processing, and to receive a portable copy of certain information. To exercise these rights, contact privacy@runotis.com or your Customer administrator. We will respond within the time required by applicable law and may need to verify your identity before acting on your request.

10. California privacy rights (CCPA / CPRA)

This section applies to California residents whose personal information we process other than as a service provider to a Customer. It supplements the rest of this Policy.

10.1 Categories of personal information we collect

In the preceding twelve (12) months, we have collected the following categories of personal information from California residents who interact with the Service or our website:

  • Identifiers (e.g., name, email address, Google account ID, IP address);
  • Customer records information (e.g., business contact details);
  • Internet or other electronic network activity (e.g., usage logs, device and session information); and
  • Inferences drawn from the above to operate and improve the Service.

We do not knowingly collect Sensitive Personal Information beyond account credentials processed through Google Sign-In, and we do not use such credentials for any purpose beyond authenticating you.

10.2 Sources, purposes, and disclosures

We collect personal information from you (when you sign in or communicate with us), automatically as you use the Service, and from our service providers and integrations. We use it for the purposes described in Section 4 (How we use information). We disclose it to the categories of recipients described in Section 6 (How we share information). We do not sell personal information and we do not share personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.

10.3 Your California rights

Subject to certain exceptions, California residents have the right to:

  • know the categories and specific pieces of personal information we have collected about them, the sources, the purposes for collection, and the categories of recipients;
  • request deletion of personal information we have collected from them;
  • request correction of inaccurate personal information;
  • opt out of any “sale” or “sharing” of personal information (we do not engage in either);
  • limit our use of Sensitive Personal Information to permitted purposes; and
  • not be discriminated against for exercising any of these rights.

To exercise your rights, email privacy@runotis.com. We will verify your request using information already in our possession (such as your account email) and may ask for additional information if needed. You may designate an authorized agent in writing.

Retention of personal information is described in Section 7 (Data retention).

11. Other U.S. state privacy rights

Residents of certain other U.S. states may have similar rights under their state laws. To exercise any such right, please contact privacy@runotis.com.

12. Children’s privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it.

13. International users

The Service is operated in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data-protection laws may differ from those in your jurisdiction. We do not currently offer the Service in regions where doing so would require us to make data-residency or other regulatory commitments we have not undertaken.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” above and, if the changes are material, provide additional notice (for example, by email or through the Service). Your continued use of the Service after the Effective Date constitutes acceptance of the updated Policy.

15. Contact us

Questions or requests regarding this Privacy Policy may be directed to:

Ortelis Inc.
2261 Market Street STE 85186
San Francisco, CA 94114

Email: