Privacy Policy

Last updated: February 26, 2026

Overview

OttoAuth provides agent authentication, paired browser device routing, and browser automation tools. The OttoAuth Browser Agent Chrome extension lets users pair a browser with OttoAuth and run local AI-assisted browser tasks.

Data We Process

  • OttoAuth account and agent data (for example usernames, public/private key-derived authentication requests, and service usage metadata).
  • Extension pairing data (for example browser token, device identifier, pairing state, and task routing metadata).
  • Computer-use task data (for example task prompts, run status, run events, and completion summaries).
  • Local extension settings stored in the browser (for example selected model, provider/API keys entered by the user, approval mode, and UI preferences).

How Website Content Is Used

When the user runs the local browser agent, the extension reads page state (such as URL, visible text, interactive elements, and form controls) to plan and execute actions.

Depending on the selected mode and provider configuration, portions of that page state may be sent to a model provider (for example OpenAI, Anthropic, or Google) to generate plans or next actions. Users control when runs start and which provider/API key is used.

BYOK (Bring Your Own Key) Providers

The extension supports BYOK model providers. API keys entered in the extension are stored locally in the user's browser using Chrome extension storage and are used to make requests directly to the selected provider from the extension.

OttoAuth does not need the user's model provider API keys to route paired-device computer-use jobs.

Cloud Pairing and Task Routing

The extension can pair with OttoAuth using a browser token/device token flow. OttoAuth uses this pairing to route authorized tasks to the user's browser. OttoAuth may store task metadata, run status, and event logs to support retries, debugging, and audit history.

Data Sharing

  • Model providers selected by the user may receive prompts and page-state excerpts needed to perform browser-agent planning/execution.
  • Infrastructure providers (for example hosting/database providers) may process data as part of operating OttoAuth.
  • We do not sell personal information.

User Controls

  • Users can clear extension chat history and local session logs from the extension UI.
  • Users can regenerate browser pairing tokens.
  • Users can choose plan approval mode (ask before acting vs. act without asking).
  • Users can remove/uninstall the extension to stop local storage and execution.

Security

We use authentication and device pairing controls to limit who can route tasks to a paired browser. No system is perfectly secure, and users should avoid running browser automation on highly sensitive pages unless they understand the risks and provider data handling.

Contact

For questions about this policy, use the support/contact method listed on the OttoAuth site or Chrome Web Store listing.