Privacy

This policy covers the ota website at ota.run, related documentation pages, lightweight site APIs, and direct contact workflows. The core ota CLI is open source and primarily runs locally in your environment. Optional hosted services, third-party platforms, and repo-authored tasks can create separate data flows that are outside the narrow website policy surface described here.

• Standard request metadata processed by hosting and CDN infrastructure, which can include IP address, user agent, request path, referrer, timestamps, and delivery diagnostics.
• Operational logs needed for availability, abuse prevention, debugging, cache behavior, and security investigation.
• Information you send directly to the ota team, including email content, attachments, and contact details.

• The site stores theme preference in localStorage so light, dark, or system mode persists across visits.
• The docs shell can cache latest CLI release metadata in localStorage to avoid unnecessary re-fetching.
• If browser storage is unavailable, the site still works, but those preferences and cached values may reset between visits.

ota does not intentionally use the site for advertising profiling or cross-site behavior tracking. We may still rely on standard infrastructure behavior that is required for delivery, caching, abuse prevention, or security operations.

• The core CLI operates on repo contracts, files, and task flows in your local environment by default.
• The CLI can contact release endpoints for update checks and self-update flows, including GitHub release APIs and ota distribution endpoints.
• The CLI can cache update-check state and release information on the local machine to reduce repeated network requests.
• Repo-authored tasks, install steps, containers, remote backends, or third-party integrations can perform additional network or data operations under your repo contract and environment, not under a hidden site telemetry system.

• Operate and secure the site.
• Diagnose incidents and improve reliability.
• Respond to support, security, privacy, and legal inquiries.
• Maintain release and update surfaces for the CLI.

We keep data only for as long as reasonably necessary for operations, incident response, support handling, legal compliance, and abuse prevention. We may disclose information when required by law, to protect the service, or to investigate misuse or security incidents.

ota.run relies on managed infrastructure and external platforms for hosting, distribution, source control, and release delivery. Those providers may process request and operational data under their own policies when you use those surfaces.

For privacy or data-handling requests, email os@ota.run. Include enough context for us to locate the relevant request path, product surface, and timeframe so we can respond safely and accurately.