Privacy Policy

Last updated: 6/10/2026

1. Simple Summary

At OtterFax (owned by EthDen LLC), we respect your privacy. We only collect the data necessary to send your faxes, shorten your links, and process your payments. We don't sell your data to advertisers. Period.

2. Data We Collect

  • Account Info: Your email and name via Supabase Auth.
  • Identity Verification: Your phone number via Twilio to prevent spam.
  • Billing Info: Your payment details are processed securely by Stripe. We never store your full card number on our servers.
  • Usage Data: We log how many faxes you send and how many links you shorten to manage your plan limits.

3. How We Use It

We use your data to provide the services you've requested, notify you when a fax is sent, and protect our platform from abuse. Your documents (PDFs) are stored temporarily only long enough to transmit them; we do not keep permanent copies of your fax contents unless you specifically save them to your history.

4. Non-Anonymity & Accountability

Notice: The OtterFax service is not anonymous. To ensure professional standards and prevent illegal use of our platform, all faxes transmitted through OtterFax will include a mandatory origin footer on the cover sheet containing your verified email address and phone number. By using this service, you acknowledge and agree to this disclosure.

5. Data Retention Policy

Unless a document is electronically signed (see Section 7), all documents, files, and generated artifacts on OtterFax are retained for a maximum of 30 days. After 30 days from creation, all data is permanently and irreversibly deleted from our servers. OtterFax is not responsible for data loss after this period. Users requiring long-term storage must actively utilize our third-party integrations (such as Google Drive) to back up their files.

6. HIPAA Compliance & Protected Health Information (PHI)

OtterFax takes privacy seriously, but standard accounts are not HIPAA compliant. To transmit Protected Health Information (PHI) through our platform, you must subscribe to the Compliance tier and execute a formal Business Associate Agreement (BAA) with OtterFax prior to transmission. Transmitting PHI on Free, Lite, or Boutique tiers is a violation of our Terms of Service.

7. E-Sign Data Retention & Legal Compliance

To comply with international e-signature regulations (including the ESIGN Act, UETA, and eIDAS), OtterFax maintains a permanent audit trail of all electronic signatures.

  • Audit Hold: When a document is electronically signed, a "Certificate of Completion" is generated. To maintain the legal integrity of these documents, the signed PDF and its associated audit metadata (IP addresses, timestamps, and signer identities) are preserved in our secure storage indefinitely.
  • Deletion Exception: While you may remove a signed document from your personal dashboard, the physical file is placed on an "Audit Hold" in our backend to ensure it remains available for legal verification if required.
  • Access: Access to these archived records is strictly restricted and will only be granted for valid legal purposes, such as court orders, warrants, or verified legal inquiries.

8. Data Deletion Instructions

We believe in your right to be forgotten. If you would like to delete your account and all associated data, you can do so in two ways:

  • Directly: Navigate to your Account Settings in the Dashboard and click "Delete Account." This will immediately purge your profile, saved documents (excluding those on Audit Hold), and history.
  • By Request: Send an email from your registered address to sales@ethden.com with the subject "Data Deletion Request." We will process your request and purge all personal data within 48 hours.

Note: Legally binding E-Sign records are subject to the Retention Policy in Section 7 and are excluded from standard account deletion to ensure legal compliance for all signing parties.