Last updated: April 23, 2026
OTONOMI is in private beta. This placeholder policy describes our current handling of customer data. A finalized policy will replace this page before general availability.
When you connect a GitHub repository, we receive a user access token scoped to the repositories you select. We use it to clone code, enumerate files, and run our security detectors. Tokens are encrypted at rest and can be revoked by disconnecting from your Settings page.
Findings (including file paths, severities, and short evidence snippets) are stored in a Supabase database scoped to your account via row-level security. We do not share findings with third parties.
Summaries and PHANTOM chat responses are generated by Anthropic's Claude API. Anthropic processes prompts to produce responses and does not train on API traffic by default. See Anthropic's privacy policy for details.
Questions? Email support@otonomi.app.