Ottai Functions and Data Page
Effective date: 15-August-2026
Last updated: 10-July-2026
The Function and Data List describes the current Services and features, the personal data fields and app permissions required for each function, optional integrations, third-party services and SDKs, processing locations, and more detailed retention information.
It forms part of the information we provide to you under the respective Ottai Privacy Policy. We may update the Function and Data List from time to time to reflect operational or technical changes to our services.
We will not use the Function and Data List to introduce a materially new purpose for collecting, using or disclosing your personal data, or a materially different way of handling your health-related personal data, without providing any notice or obtaining any consent required by applicable law.
Account & identity
Fields: user ID, username/nickname, login account, email address, mobile number, profile photo, country/region, language, glucose unit, login method, authentication tokens and credentials
When/purpose: On registration, login and account setup — to identify you, secure your account, show your profile and apply your region/unit settings
Third-party login
Fields: Google user ID, email, nickname, photo; Apple sub/email; X (Twitter) user ID, email, username
When/purpose: When you choose social login — to authenticate you and link the third-party account
Purchase & order
Fields: product ID, SKU, product name, specification, quantity, price, cart, promo/discount code and amount, order number, order status, order amount, tax, shipping fee, order/payment/cancellation/closure times
When/purpose: When you buy a device or place an order — for the online store, order fulfilment and after-sales
Delivery & logistics
Fields: recipient name, phone, email, country, state/province, city, district, full address, postcode, building, courier, tracking number, dispatch and estimated/actual delivery times
When/purpose: When you order and we ship — for delivery, tracking and after-sales
Payment
Fields: payment channel, transaction number, payment status, receipt email, bank name, card brand, masked card number, cardholder name, expiry month/year, billing address, payment token/result
When/purpose: When you pay. Full card details are handled by the payment processors; we retain only the payment result, transaction reference and masked information
App & device
Fields: App version, OS platform and version, device brand, model and device ID, jailbreak/root status, CPU, board, network status, language, NFC support, FCM/APNs push token
When/purpose: On app start, login and push — for compatibility, diagnostics, push notifications and fraud/abuse prevention
CGM device
Fields: CGM MAC address, serial number, deviceId, device type, binding/unbinding records, activation, wear, warm-up, connection, expiry/grace and abnormal-status states
When/purpose: On device binding, activation and wear — to operate the sensor, attribute readings and handle after-sales
Glucose & monitoring (health data)
Fields: real-time glucose values, timestamps, trend, level, sequence number, curve points, max/min/average, time-in-range (TIR), AGP, daily/weekly/monthly and other glucose reports
When/purpose: While you wear a sensor — the core monitoring, statistics, reports and alerts. This is health-related personal data
Glucose thresholds & alerts
Fields: high/low/urgent-low thresholds, fast rise/fall thresholds, reminder switches, sound/vibration settings, alert records and timestamps, notification data
When/purpose: When you set goals and wear a sensor — for abnormal-reading alerts and personalised reminders
Health log & manual records
Fields: meals, fingerstick readings, weight, insulin, medication, exercise check-ins, images, time, notes, pre/post-meal glucose
When/purpose: When you log entries — for your health diary, statistics and AI-assisted recognition or analysis, where you choose to use the relevant feature. This is health-related personal data
Location & region
Fields: GPS latitude/longitude, IP address, reverse-geocoded address, country/region, and registration/login/binding/daily/GPS-type location records
When/purpose: On registration, login, binding, wear and exercise — for region matching, customer-service routing and (where enabled) activity tracking
Exercise & ecosystem
Fields: exercise start/end time, GPS track, distance, steps, calories, exercise records and goals; Apple Watch / Garmin / widget / Nightscout sync data
When/purpose: If you enable activity, a smartwatch or a third-party ecosystem feature
Customer service & AI
Fields: AI questions and answers, customer-service sessions, message history, feedback, images, service group and bot ID; data passed to our customer-service tool (userId, name, phone, email, photo, device MAC)
When/purpose: When you contact support or use the AI assistant — to answer queries and handle after-sales
After-sales & device issues
Fields: device-abnormal events, connection failures, jitter, write failures, unbinding reasons, after-sales request type, device MAC/deviceId, complaint content
When/purpose: When you report a problem — for after-sales, quality analysis and troubleshooting
Health-related personal data.
Glucose readings, manual health logs and related monitoring data reveal information about your health. We collect and use them only to provide the monitoring Services you have asked for, to support product safety and quality matters, or as otherwise permitted or required by applicable law. We generally rely on your consent to collect and use such data. You can withdraw that consent as described in Section 11, although doing so may mean we can no longer provide the monitoring features.
Primary Hosting Location Infrastructure
Alibaba Cloud (Frankfurt) and Tencent Cloud (Frankfurt) — hosting for backend, data storage and analytics endpoints.
Analytics and diagnostics
Analytics & telemetry providers
(None are used for advertising.)
Ottai in-app analytics — self-built
Purpose: App lifecycle, page, feature, error and device-environment statistics
Data handled: userId, app name, event type/name and detail, platform, timestamp, event interval; profile attributes (username, version, device brand/model/ID, OS version, network, language, NFC support, IP, latitude/longitude, CPU/board)
Basis: Consent where required
Firebase Crashlytics — Google
Purpose: Crash and exception reporting in production
Data handled: user ID, exception information, stack traces, device/OS/app environment
Basis: Legitimate interest / consent
Firebase Cloud Messaging — Google
Purpose: Push notifications
Data handled: FCM token, APNs token, notification permission status, foreground message data
Basis: To deliver notifications you enable
umami — website analytics
Purpose: ottai.com usage analytics (logins, page views, button actions, navigation paths)
Data handled: account-identity attributes triggered by specific actions, access-device information and page-path data
Basis: Consent where required
Functional third-party services
Third-party services & sub-processors
NetEase Qiyu
Purpose: Online customer service
Data handled: userId, nickname, login account, mobile number, email, profile photo, current device MAC, service group / bot ID, language; chat content and images are processed in the service tool
Notes: Processing may occur in mainland China
Google Sign-In
Purpose: Google login
Data handled: Google user ID, email, nickname, profile photo, passed to our backend for third-party login
Notes: Authentication
Apple Sign-In
Purpose: Apple login
Data handled: email and name, passed to our backend for third-party login
Notes: Authentication
X (Twitter) Login
Purpose: X login
Data handled: X user ID, email, username, passed to our backend for third-party login
Notes: Authentication
Google Maps / Geolocator / Geocoding
Purpose: Mapping, positioning and reverse geocoding
Data handled: latitude/longitude, map interaction/requests, device network information; coordinates / IP / reverse-geocoded address may be used for region matching and your profile
Notes: Location features
Stripe, Apple Pay, Google Pay, PayPal, PingPong
Purpose: Payment processing
Data handled: merchant country/currency, product label/amount, payment status; sensitive card data is handled by the relevant payment provider
Notes: Payment processors
Garmin Connect IQ / Wear / Apple Watch
Purpose: Wearable connection and data sync
Data handled: watch connection status, glucose and device-status sync data
Notes: Only if you enable the integration
Google Speech
Purpose: AI / voice recognition
Data handled: audio you actively record, and the transcribed text or recognition result
Notes: Only when you use voice features
Provider privacy policies. You can review each provider's own privacy policy, including: Google; Apple; X (Twitter); Stripe; PayPal; YooMoney/YooKassa; Garmin; PingPong and NetEase Qiyu.
Third-Party Platform Data Access
Platform — Data you choose to share
- xDrip+ — Glucose data
- AAPS (AndroidAPS) — Glucose data
- Nightscout — Glucose data
Language Precedence
Where this Agreement is provided in multiple languages, the English version prevails to the extent permitted by applicable law