Ottai Functions and Data Page

Effective date: 15-August-2026
Last updated: 10-July-2026

The Function and Data List describes the current Services and features, the personal data fields and app permissions required for each function, optional integrations, third-party services and SDKs, processing locations, and more detailed retention information.

It forms part of the information we provide to you under the respective Ottai Privacy Policy. We may update the Function and Data List from time to time to reflect operational or technical changes to our services.

We will not use the Function and Data List to introduce a materially new purpose for collecting, using or disclosing your personal data, or a materially different way of handling your health-related personal data, without providing any notice or obtaining any consent required by applicable law.

Account & identity

Fields: user ID, username/nickname, login account, email address, mobile number, profile photo, country/region, language, glucose unit, login method, authentication tokens and credentials

When/purpose: On registration, login and account setup — to identify you, secure your account, show your profile and apply your region/unit settings

Third-party login

Fields: Google user ID, email, nickname, photo; Apple sub/email; X (Twitter) user ID, email, username

When/purpose: When you choose social login — to authenticate you and link the third-party account

Purchase & order

Fields: product ID, SKU, product name, specification, quantity, price, cart, promo/discount code and amount, order number, order status, order amount, tax, shipping fee, order/payment/cancellation/closure times

When/purpose: When you buy a device or place an order — for the online store, order fulfilment and after-sales

Delivery & logistics

Fields: recipient name, phone, email, country, state/province, city, district, full address, postcode, building, courier, tracking number, dispatch and estimated/actual delivery times

When/purpose: When you order and we ship — for delivery, tracking and after-sales

Payment

Fields: payment channel, transaction number, payment status, receipt email, bank name, card brand, masked card number, cardholder name, expiry month/year, billing address, payment token/result

When/purpose: When you pay. Full card details are handled by the payment processors; we retain only the payment result, transaction reference and masked information

App & device

Fields: App version, OS platform and version, device brand, model and device ID, jailbreak/root status, CPU, board, network status, language, NFC support, FCM/APNs push token

When/purpose: On app start, login and push — for compatibility, diagnostics, push notifications and fraud/abuse prevention

CGM device

Fields: CGM MAC address, serial number, deviceId, device type, binding/unbinding records, activation, wear, warm-up, connection, expiry/grace and abnormal-status states

When/purpose: On device binding, activation and wear — to operate the sensor, attribute readings and handle after-sales

Glucose & monitoring (health data)

Fields: real-time glucose values, timestamps, trend, level, sequence number, curve points, max/min/average, time-in-range (TIR), AGP, daily/weekly/monthly and other glucose reports

When/purpose: While you wear a sensor — the core monitoring, statistics, reports and alerts. This is health-related personal data

Glucose thresholds & alerts

Fields: high/low/urgent-low thresholds, fast rise/fall thresholds, reminder switches, sound/vibration settings, alert records and timestamps, notification data

When/purpose: When you set goals and wear a sensor — for abnormal-reading alerts and personalised reminders

Health log & manual records

Fields: meals, fingerstick readings, weight, insulin, medication, exercise check-ins, images, time, notes, pre/post-meal glucose

When/purpose: When you log entries — for your health diary, statistics and AI-assisted recognition or analysis, where you choose to use the relevant feature. This is health-related personal data

Location & region

Fields: GPS latitude/longitude, IP address, reverse-geocoded address, country/region, and registration/login/binding/daily/GPS-type location records

When/purpose: On registration, login, binding, wear and exercise — for region matching, customer-service routing and (where enabled) activity tracking

Exercise & ecosystem

Fields: exercise start/end time, GPS track, distance, steps, calories, exercise records and goals; Apple Watch / Garmin / widget / Nightscout sync data

When/purpose: If you enable activity, a smartwatch or a third-party ecosystem feature

Customer service & AI

Fields: AI questions and answers, customer-service sessions, message history, feedback, images, service group and bot ID; data passed to our customer-service tool (userId, name, phone, email, photo, device MAC)

When/purpose: When you contact support or use the AI assistant — to answer queries and handle after-sales

After-sales & device issues

Fields: device-abnormal events, connection failures, jitter, write failures, unbinding reasons, after-sales request type, device MAC/deviceId, complaint content

When/purpose: When you report a problem — for after-sales, quality analysis and troubleshooting

Health-related personal data.

Glucose readings, manual health logs and related monitoring data reveal information about your health. We collect and use them only to provide the monitoring Services you have asked for, to support product safety and quality matters, or as otherwise permitted or required by applicable law. We generally rely on your consent to collect and use such data. You can withdraw that consent as described in Section 11, although doing so may mean we can no longer provide the monitoring features.

Primary Hosting Location Infrastructure

Alibaba Cloud (Frankfurt) and Tencent Cloud (Frankfurt) — hosting for backend, data storage and analytics endpoints.

Analytics and diagnostics

Analytics & telemetry providers

(None are used for advertising.)

Ottai in-app analytics — self-built

Purpose: App lifecycle, page, feature, error and device-environment statistics

Data handled: userId, app name, event type/name and detail, platform, timestamp, event interval; profile attributes (username, version, device brand/model/ID, OS version, network, language, NFC support, IP, latitude/longitude, CPU/board)

Basis: Consent where required

Firebase Crashlytics — Google

Purpose: Crash and exception reporting in production

Data handled: user ID, exception information, stack traces, device/OS/app environment

Basis: Legitimate interest / consent

Firebase Cloud Messaging — Google

Purpose: Push notifications

Data handled: FCM token, APNs token, notification permission status, foreground message data

Basis: To deliver notifications you enable

umami — website analytics

Purpose: ottai.com usage analytics (logins, page views, button actions, navigation paths)

Data handled: account-identity attributes triggered by specific actions, access-device information and page-path data

Basis: Consent where required

Functional third-party services

Third-party services & sub-processors

NetEase Qiyu

Purpose: Online customer service

Data handled: userId, nickname, login account, mobile number, email, profile photo, current device MAC, service group / bot ID, language; chat content and images are processed in the service tool

Notes: Processing may occur in mainland China

Google Sign-In

Purpose: Google login

Data handled: Google user ID, email, nickname, profile photo, passed to our backend for third-party login

Notes: Authentication

Apple Sign-In

Purpose: Apple login

Data handled: email and name, passed to our backend for third-party login

Notes: Authentication

X (Twitter) Login

Purpose: X login

Data handled: X user ID, email, username, passed to our backend for third-party login

Notes: Authentication

Google Maps / Geolocator / Geocoding

Purpose: Mapping, positioning and reverse geocoding

Data handled: latitude/longitude, map interaction/requests, device network information; coordinates / IP / reverse-geocoded address may be used for region matching and your profile

Notes: Location features

Stripe, Apple Pay, Google Pay, PayPal, PingPong

Purpose: Payment processing

Data handled: merchant country/currency, product label/amount, payment status; sensitive card data is handled by the relevant payment provider

Notes: Payment processors

Garmin Connect IQ / Wear / Apple Watch

Purpose: Wearable connection and data sync

Data handled: watch connection status, glucose and device-status sync data

Notes: Only if you enable the integration

Google Speech

Purpose: AI / voice recognition

Data handled: audio you actively record, and the transcribed text or recognition result

Notes: Only when you use voice features

Provider privacy policies. You can review each provider's own privacy policy, including: Google; Apple; X (Twitter); Stripe; PayPal; YooMoney/YooKassa; Garmin; PingPong and NetEase Qiyu.

Third-Party Platform Data Access

Platform — Data you choose to share

  • xDrip+ — Glucose data
  • AAPS (AndroidAPS) — Glucose data
  • Nightscout — Glucose data

Language Precedence

Where this Agreement is provided in multiple languages, the English version prevails to the extent permitted by applicable law