Built for Integrity. Engineered for Trust.
Safety is our starting point, not a feature. Every system, every policy, every line of code was written with your family in mind.
A note to parents: We are currently finalizing our formal third-party certifications. While the badges are coming, the engineering is already here. We build to a higher standard of care because families deserve more than just “good intentions”—they deserve defensible technology.
Aligned to Global Standards
We designed and built the HeyOtto environment to align with the most rigorous frameworks for data protection and child safety.
COPPA-First Design
Our data minimization practices ensure we never collect more than is strictly necessary. We do not track behavior for advertising, and we never sell child data.
GDPR & Privacy Principles
We honor the Right to be Forgotten and Privacy by Design. Parents have total control with the ability to export or delete their family's history at any time.
SOC2 Infrastructure Standards
Our internal processes are built on the principles of Security, Availability, and Confidentiality. From encrypted data-at-rest to secure system hardening, we maintain enterprise-grade defenses.
How We Protect Every Conversation
Three independent layers of technical protection, working together on every message.
End-to-End Encryption
Data at rest and in transit
All conversations are encrypted in transit using TLS 1.2 or higher. At rest, sensitive data is protected using AES-256 encryption. Our database architecture is isolated to prevent cross-tenant data leaks.
No Public Training
Zero-training / Zero-retention APIs
We utilize Zero-Retention and No-Training APIs. Your child's private questions never become part of a public AI's knowledge base. Your child's curiosity remains their own.
PII Scrubbing
Removing identifying info before it hits the AI
We use a secure proxy layer that strips personally identifiable information before it ever reaches a third-party model. This PII Scrubbing layer is a core part of our commitment to child privacy.
The Technical FAQ
Straight answers to the questions every privacy-conscious parent should be asking.
A Note from Our Founders
When we started HeyOtto, we didn't just want to build a better chatbot; we wanted to build a safer digital world for our own families. Having spent our careers in global privacy and cybersecurity, we know that "good intentions" aren't enough when it comes to children's data.
We believe that Security is the foundation of Sovereignty. You cannot have control over your family's values if you don't have control over your family's data. That is why we built HeyOtto to a higher standard of care—engineering for privacy, transparency, and integrity from the very first line of code.
We are committed to being the most transparent AI company in the world. Thank you for trusting us with your child's curiosity.
— Natalie Gibson & The HeyOtto Engineering Team
What This Means for Your Family
We collect only what is strictly necessary.
Your child's data is never sold or shared with advertisers.
You maintain complete control over data access and deletion.
We build systems that are defensible and auditable.
We design for full parental transparency.
We align with evolving child privacy and global protection standards.