privacy policy

accounts. If you sign in, we use Google OAuth and store your name, email address, profile picture, Google account id and session metadata in our database. We never store your Google password.

subscriptions. When you subscribe to Pro, our billing processor Lemon Squeezysends us your subscription's status, customer id, plan id and renewal dates. We never see your payment card details. Lemon Squeezy is the merchant of record; their privacy policy applies to payment data.

usage counters. We store a per-user monthly count of cable analyses to enforce Pro feature limits.

cookies set by otsora. Two cookies:

• An Auth.js session cookie (HTTP-only, JWT) when you're signed in.
• otsora_free — a signed daily anti-abuse counter for the free viewer.

browser local storage (stays on your device, never sent to us):

• otsora_anon — a random device id used to stitch funnel events.
• Your saved trace history — parsed results of your own analyses.
• Your theme preference.

funnel analytics.We record two server-side events: paywall impressions and upgrade clicks. Each carries a short label, the anonymous device id, the page path and your user id if you're signed in. Rows are trimmed after 90 days. We use this only to understand where people drop off in the upgrade flow.

traffic analytics. Cloudflare Web Analytics — cookieless, no personal identifiers, edge-injected. We see aggregate page views and traffic source.

.sor files. When you parse a file, it is uploaded over HTTPS to our parser, processed in memory, and the parsed result is returned to your browser. We do not persist your .sor file, the parsed result, or any of your trace data on our servers. Pro users can save parsed results to their browser's local storage; that stays on the device.

logs. Cloudflare keeps standard edge logs per its own policy. Our origin server keeps short-lived nginx access logs (IP, request line, user agent) for debugging and abuse protection.

backups. We take a daily backup of the database (containing the data above — never .sor files) and store it in a private object-storage bucket. Backups are used only for disaster recovery; rolling 14-day retention.

No analytics. No tracking. No accounts.No network requests besides Apple's StoreKit for the subscription.

.sorfiles are processed entirely on-device by a Rust library bundled with the app. Your trace files and parsed history are stored only in the app's local container on your device. Nothing is uploaded to us.

• iOS — handled by Apple. Apple's privacy policy applies to your payment data.
• Web — handled by Lemon Squeezy (merchant of record). Their privacy policy applies to your payment data.

• Google — sign-in (web).
• Lemon Squeezy — subscription billing (web).
• Apple — subscription billing and distribution (iOS).
• Cloudflare — CDN, edge analytics, DDoS protection.
• DigitalOcean — server hosting and object storage for backups.

We do not sell your data. We run no third-party advertising or tracking pixels.

• Funnel-event rows: 90 days.
• Database backups: rolling 14 days.
• Account and subscription records: kept while your account is active; removed within 30 days of a verified deletion request.

Email [email protected] for any privacy request — including access, correction or deletion of your account data. We aim to respond within 7 days.

We may update this policy as the product changes. The date above reflects the latest revision.