Skip to main content
HeyOtto Logo
Security

Security at HeyOtto

At HeyOtto, security isn't an afterthought — it's the foundation of everything we build. As parents ourselves, we understand the responsibility of creating a safe digital space for children. Our multi-layered security approach combines careful engineering with human oversight to protect your child's safety and data.

COPPA by DesignEncrypted at Every Layer95% KORA (self-reported)

Our Security Measures

Layered protection across encryption, monitoring, infrastructure, and compliance — with independent proof that it works.

Trust Center

Self-reported benchmark

95%

KORA Child Safety Score

Self-reported benchmark run performed by HeyOtto using KORA's public methodology. KORA is an independent child-safety benchmark framework — not a certification or endorsement by KORA. HeyOtto reported a score of 95%.

See the KORA benchmark

Protected at every layer

Encryption In Transit and At Rest

All conversations with Otto are encrypted using industry-standard AES-256 encryption. Messages are encrypted in transit and at rest.

  • All conversations are encrypted in transit using TLS 1.2 or higher.
  • AES-256 encryption for stored data
  • Periodic security reviews, including penetration testing conducted approximately annually

We intentionally do not use end-to-end encryption. Real-time safety monitoring, content filtering, and parent visibility all require our systems to process every conversation — that's what makes the safety features possible. We protect that access with strict encryption, access controls, and the data-minimization practices below, rather than a design that would prevent us from being able to see anything at all.

Age-appropriate by default

Real-Time Content Monitoring

Our AI-powered content filtering system analyzes every message Otto sends and receives in real-time to detect and prevent inappropriate content, ensuring age-appropriate conversations at all times.

  • Advanced profanity and inappropriate content filtering
  • Personal information detection and blocking
  • Instant alerts for concerning patterns

Enterprise-grade hosting

Secure Infrastructure

HeyOtto is hosted on enterprise-grade infrastructure with multiple layers of security and redundancy.

  • Hosted on Vercel's secure infrastructure
  • Automatic backups and disaster recovery
  • Built for high availability, with infrastructure designed to minimize downtime

COPPA by design

Data Privacy & Compliance

Your child's data is never sold, shared with advertisers, or used for any purpose beyond providing the HeyOtto service.

  • Minimal data collection — only what's necessary
  • No third-party advertising or tracking
  • Parent-controlled data access and deletion

Built with COPPA compliance as a foundation — see our COPPA Notice and Trust Center for details.

Safe harbor for researchers

Vulnerability Disclosure

We work with independent security researchers to keep HeyOtto safe. If you've found a vulnerability, we want to hear from you — and we've published clear rules of engagement, including a strict requirement that research never involve real children's accounts or data.

Read our Vulnerability Disclosure Policy

Ready when it matters

Incident Response

Our team monitors for threats and has established protocols to respond quickly to any security incidents, with transparent communication to affected families if an incident occurs.

Parental Control & Oversight

Parents have complete control and visibility over their child's Otto experience through the parent dashboard.

Parent dashboard

Full visibility

Real-Time Monitoring

View your child's conversations and activity in real-time from your parent dashboard.

Your family's rules

Custom Boundaries

Set specific topics that are off-limits and customize content filters for your family.

Stay in the loop

Instant Alerts

Receive notifications about concerning patterns or flagged content immediately.

You decide

Usage Controls

Set limits, enable or disable profiles, and manage multiple child profiles.

Our security experience

Our Security Experience

HeyOtto was co-founded by a cybersecurity professional with extensive experience in network security and data protection. Our team works to ensure HeyOtto remains a safe, well-engineered AI platform for children.

Found a vulnerability?

We work with independent security researchers and publish clear rules of engagement — including a strict requirement that research never involve real children's accounts or data.

Questions About Security?

We're transparent about our security practices and happy to answer any questions you have about keeping your child safe.