Skip to main content
HeyOtto Logo
Trust Center
Last updated: July 2026

Built for Privacy. Engineered for Trust.

Safety is our starting point, not a feature. Every system, every policy, every line of code was written with your family in mind.

95% KORA (self-reported)SafeWise 2026 Award WinnerCOPPA-First Design

A note to parents: We are currently finalizing our formal third-party certifications. While the badges are coming, the engineering is already here. We build to a higher standard of care because families deserve more than just “good intentions”—they deserve defensible technology.

Awards & Benchmarks

We don't just tell you HeyOtto is safe for kids — we cite third parties who tested it and said so themselves.

KORA benchmark

KORA Benchmark

95%

Child Safety Score

The highest publicly reported score for an AI platform serving children — 19 points ahead of frontier models like ChatGPT, Claude, and Gemini on the same independent test.

See the details
2026
Winner

SafeWise — 2026 Kids Safety Awards

Best Kid-Friendly AI

"Created specifically for kids — with age-adaptive responses, real-time parent alerts, and a 95% independent safety rating — HeyOtto! is AI designed to inform and educate, not manipulate." — SafeWise

Aligned to Global Standards

We designed and built the HeyOtto environment to align with the most rigorous frameworks for data protection and child safety.

Security overview

COPPA-First Design

Our data minimization practices ensure we never collect more than is strictly necessary. We do not track behavior for advertising, and we never sell child data.

GDPR & Privacy Principles

We honor the Right to be Forgotten and Privacy by Design. Parents have total control with the ability to export or delete their family's history at any time.

SOC2 Infrastructure Standards

Our internal processes are built on the principles of Security, Availability, and Confidentiality. From encrypted data-at-rest to secure system hardening, we maintain enterprise-grade defenses.

Subprocessors

We work with a small number of vetted service providers to operate HeyOtto. Here are the categories of subprocessors we rely on:

Cloud Hosting & Infrastructure

Servers, storage, and application hosting

AI Model Providers

Zero-training, zero-retention LLM APIs

Communications

Transactional email and customer support tooling

Analytics & Monitoring

Aggregated usage and uptime monitoring

The complete, current list of named subprocessors is available in our Data Processing Agreement — request a copy at privacy@berrywell.ai.

For Educators

For Schools & Districts

The same architecture that protects families at home is built to meet the compliance bar districts require in the classroom.

  • FERPA-aligned practices

    Our data handling for school deployments is designed to align with FERPA's requirements around education records and directory information.

  • DPA available on request

    District IT and legal teams can request our Data Processing Agreement by emailing privacy@berrywell.ai.

  • State student-privacy law alignment

    We build toward state student data privacy laws (such as California's SOPIPA and similar statutes) that restrict targeted advertising and the sale of student data.

How We Protect Every Conversation

Three independent layers of technical protection, working together on every message.

Protected at every layer

Encryption In Transit and At Rest

All conversations are encrypted in transit using TLS 1.2 or higher. At rest, sensitive data is protected using AES-256 encryption. Our database architecture is isolated to prevent cross-tenant data leaks.

Zero-training / Zero-retention APIs

No Public Training

We utilize Zero-Retention and No-Training APIs. Your child's private questions never become part of a public AI's knowledge base. Your child's curiosity remains their own.

Removing identifying info before it hits the AI

PII Scrubbing

We use a secure proxy layer that strips personally identifiable information before it ever reaches a third-party model. This PII Scrubbing layer is a core part of our commitment to child privacy.

The Founder's Pledge

A Note from Our Founders

When we started HeyOtto, we didn't just want to build a better ai assistant; we wanted to build a safer digital world for our own families. Having spent our careers in global privacy and cybersecurity, we know that "good intentions" aren't enough when it comes to children's data.

We believe that Security is the foundation of Sovereignty. You cannot have control over your family's values if you don't have control over your family's data. That is why we built HeyOtto to a higher standard of care—engineering for privacy, transparency, and integrity from the very first line of code.

We are committed to being the most transparent AI company in the world. Thank you for trusting us with your child's curiosity.

Natalie Gibson & The HeyOtto Engineering Team

What This Means for Your Family

We collect only what is strictly necessary.

Your child's data is never sold or shared with advertisers.

You maintain complete control over data access and deletion.

We build systems that are defensible and auditable.

We design for full parental transparency.

We align with evolving child privacy and global protection standards.

The Technical FAQ

Straight answers to the questions every privacy-conscious parent should be asking.

Does HeyOtto use child data to train its AI models?

No, HeyOtto is designed to protect your child’s privacy. Our system relies on secure, enterprise-grade AI services that explicitly forbid using customer data for model training. Your child’s interactions stay private.

How is data encrypted within the HeyOtto ecosystem?

We follow a "Defense in Depth" strategy. All data is encrypted in transit using TLS 1.2 or higher. At rest, sensitive data is protected using AES-256 encryption. Our database architecture is isolated to prevent cross-tenant data leaks.

What is your data retention policy for child conversations?

We practice "Data Minimization." We only retain conversation history to provide the Parent Dashboard functionality. Parents have the Right to Erasure at any time; if you delete a child profile or your account, all associated conversational data is purged from our active systems in accordance with GDPR and COPPA standards.

Are your systems audited for vulnerabilities?

While we are in the process of pursuing formal SOC2 Type II certification, we currently perform regular internal security audits, continuous system hardening, and dependency scanning to proactively mitigate emerging threats. Our infrastructure is built on the same secure-system principles used by enterprise-level financial and healthcare platforms.

Start your safe AI journey today.

Join thousands of families who trust HeyOtto to be the safest AI platform for their children.