Every asset verified. Every dataset auditable.
Every dataset available through oto is backed by a public audit trail recording contributor consent, policy acceptance, provenance signals, and compensation status. Verify any asset. Review any dataset. Audit the full chain of custody.
We work with
What we hold, and when it was last verified.
Frameworks oto operates under and the third-party audits that stand behind them. Each row links to the underlying evidence — the same evidence procurement, legal, and regulators see.
California Consumer Privacy Act
EU General Data Protection Regulation
Article 53 conformity statement on file
Independent security & privacy audit of oto
Audit window in progress
Every receipt onchain via Trace
What we audit, openly.
- Data minimization
Only metadata needed for provenance is collected. Sensitive values stay with oto.
In place - Retention policy
Retained while consent is active. Auditable beyond that as receipt-only.
Consent-boundIn place - Right to deletion
Contributor-initiated. Asset removed from active datasets; audit record preserved.
30-day SLAIn place - Right to access
JSON export of all data held against a contributor's account.
7-day SLAIn place - Data residency
AWS eu-west-1 for EU contributors, us-east-1 for North America.
In place
Receipts in motion.
Every contribution oto accepts surfaces here within seconds. Click any hash for the full receipt.
| Event | App | Address | Activity | Date |
|---|---|---|---|---|
| Registration | oto | sha256:08ff49…a8c3 | image receipt registered | 1s ago |
| Registration | oto | sha256:5be0a3…e211 | document receipt registered | 3s ago |
| Registration | oto | sha256:9df7e7…8567 | image receipt registered | 5s ago |
| Registration | oto | sha256:1511f2…654f | video receipt registered | 9s ago |
| Registration | oto | sha256:e40565…ca5b | image receipt registered | 12s ago |
| Metadata update | oto | sha256:b4f5db…b8a5 | metadata updated · seq 2 | 14s ago |
| Registration | oto | sha256:9df7e7…8567 | image receipt registered | 17s ago |
| Registration | oto | sha256:894e7f…5827 | document receipt registered | 19s ago |
| Registration | oto | sha256:db0651…22b4 | document receipt registered | 20s ago |
| Registration | oto | sha256:1511f2…654f | video receipt registered | 21s ago |
Download
For your compliance file.
Public versions are downloadable directly — content-addressed and verifiable against the same Trace ledger your team audits.
Public
Download directly
oto Terms of Service · v3.2
Content-addressed · all historical versions retained
oto Privacy Policy · v2.4
IPFS-pinned · cryptographically verifiable
oto Sub-Processor Disclosure
Updated quarterly · 30-day change notice
oto EU AI Act Conformity Statement
Provider obligations under Article 53
F.A.Q.
If your team has a question we haven't covered, your account manager can answer it — and we'll add it here.
Is oto GDPR-compliant?
Yes. oto operates GDPR-compliant flows for all contributors with EU regional metadata, and exposes the operative TOS / privacy policy version on every receipt. EU contributors retain the right to revoke consent — visible on the lifecycle of the affected receipt.
How can a contributor revoke consent?
Through their oto account at any time. Revocation produces a new lifecycle event on each affected receipt and removes the asset from active datasets. The receipt itself remains visible on Trace as a permanent audit record.
What sub-processors does oto use?
Identity verification: Persona. Payments: USDC / Stripe Connect. Cloud infrastructure: AWS (eu-west-1, us-east-1). Public audit layer: Trace / The Data Foundation. A live sub-processor list is maintained in the disclosure PDF above.
Why is the audit trail on a separate, public layer?
Building an audit surface in-house creates a permanent target for accusations of bias. Trace is the impartial alternative — a public, onchain ledger that customers, regulators, and contributors all check on the same terms. oto contributes receipts to it; we don't control its visibility.
How are sensitive metadata values handled?
Sensitive signals like EXIF, GPS, IP addresses, and device fingerprints stay in oto's own systems. Trace stores existence flags — present or absent — never the values. This preserves the integrity signal labs need without making the audit layer a deanonymization tool.
Where can I see the underlying data?
oto does not expose the underlying assets through this portal — receipts and consent posture only. Labs evaluating a dataset for licensing are given access through oto's commercial channels.