Privacy Policy
Last updated: April 2026
The short version
Your music stays on your device. We don't listen to it, store it, or transmit it unless you explicitly choose to share. Oto is built to work locally first.
What data stays on your device
The following data is stored entirely in your browser using localStorage and IndexedDB. It never leaves your machine:
- Audio files — all tracks you load are processed locally. No audio is uploaded to any server.
- Track library — metadata (BPM, key, duration, ratings) stored in IndexedDB.
- Cue points, loops, labels, and notes — stored in localStorage per track.
- Waveform data and mood grid coordinates — cached locally after analysis.
- Style Memory and Style DNA — your mixing history and fingerprint, stored locally.
- Preferences and settings — stored in localStorage.
- Session stats — mix time, tracks played, etc., stored locally.
What you choose to share
The following features involve sending data to external services. All are opt-in — they only activate when you use them:
- Google Sign-In — if you sign in with Google, your name and email are sent to Supabase (our authentication provider) to create your account. We receive your name and email. No audio data is shared.
- Cloud Sync — if configured, your library metadata, cue points, loops, and preferences are synced to Supabase. Audio files are never synced.
- Mix Sharing & Challenge Submissions — if you share a recorded mix or submit to a weekly challenge, the audio file is uploaded to Supabase Storage and accessible via a public link. You can delete your challenge submissions at any time from the leaderboard.
- Live Streaming — if you go live, your master audio output is streamed peer-to-peer via WebRTC to connected listeners. No audio is stored on our servers.
- Vibe Mode / Set Planning — if you use Claude AI for set planning, your text prompt and library metadata (not audio) are sent to the Claude API (Anthropic). This requires your own API key. Voice prompts are processed locally via your browser's SpeechRecognition API — no audio is sent to our servers.
- Spotify / SoundCloud Seeding — if you connect your Spotify or SoundCloud account, we fetch your top tracks and listening data to calibrate your library. OAuth tokens are stored locally and never sent to our servers. No audio is accessed.
- Cloud HD Stems — if configured, audio is sent to a Demucs API endpoint you provide for ML stem separation.
- Practice Rooms & B2B — mixer state (not audio) is relayed through our signaling server for real-time collaboration.
Payments
If you choose to support Oto financially, payments are processed by Stripe. We do not store your payment information. Stripe's privacy policy governs payment data handling.
What we collect automatically
When you sign up or return to Oto, we store basic account and session data in Supabase to improve the product:
- User profile — your name, email, experience level, timezone, and last visit date.
- Session data — timestamp, screen size, platform, and theme. One record per visit.
- Feature usage events — which features you use (e.g. "loaded a track", "entered Vibe Mode", "gave a direction"). No audio content is included — only action names and basic metadata like BPM/key.
This data is stored in Supabase (our database provider) and is used solely to understand how the product is used and to improve it. We do not sell, share, or monetize this data. No third-party analytics, tracking pixels, or advertising scripts are used.
Cookies
Oto does not set any cookies. All persistent data uses localStorage and IndexedDB.
Third-party services
Data deletion
Click the ↪ sign-out button in the top bar to clear your local profile. To clear all local data: open your browser's developer tools → Application → Clear Storage. All local data is immediately and permanently deleted.
For server-stored data (user profile, sessions, usage events, cloud sync), contact us at hello@useoto.io and we will delete your account and all associated data within 30 days.
Contact
Questions about this policy: hello@useoto.io or jessica@okaeri.ai