Privacy Policy
We use first- and third-party cookies for analytics and to improve the platform. You can accept or reject them. Essential cookies needed for the site to work are always on. Cookie Policy
Updated: February 23, 2026
In compliance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), we inform you that the data controller for your personal data is:
We collect different categories of data depending on your user profile and interaction with the platform:
| Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|
| Provision of intermediation service | Performance of a contract (Art. 6.1.b) |
| Payment management and billing | Performance of a contract and legal obligation (Art. 6.1.b and 6.1.c) |
| KYC/AML verification and DAC7 compliance | Legal obligation (Art. 6.1.c) |
| Talent quality validation (tests, AI) | Legitimate interest (Art. 6.1.f) — ensuring marketplace quality |
| Commercial communications and updates | Explicit consent (Art. 6.1.a) |
| Technical and error monitoring | Legitimate interest (Art. 6.1.f) — platform security and stability |
| Analytical cookies | Consent (Art. 6.1.a), per LSSI-CE |
Your data may be shared with the following recipients, in all cases with the legally required safeguards:
We do not sell, rent, or share your personal data with third parties for marketing purposes without your explicit consent.
| Data Category | Period |
|---|---|
| Account and profile data | While account is active + 12 months after deletion |
| Billing and transaction data | 6 years (Spanish Commercial Code Art. 30; General Tax Law 58/2003) |
| Messages and communications | While account is active + 6 months |
| Session and connection data (Redis) | Temporary — deleted on disconnect or logout |
| Error logs (Sentry) | 90 days |
| Analytical cookies | As specified in the Cookie Policy |
In accordance with Articles 15 to 22 of the GDPR and Articles 12 to 18 of the LOPDGDD, you have the right to:
You can exercise these rights by sending an email to privacy@ottly.io, attaching a copy of your ID or equivalent identification document. Your request will be addressed within a maximum of 30 days.
If you believe that the processing of your data violates applicable regulations, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) — www.aepd.es.
Ottly implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure or destruction, including:
Ottly is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor, we will proceed to delete it immediately.
Ottly reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential, or business practice developments. In the event of substantial changes, registered users will be notified by email and a prominent notice will be published on the platform at least 15 calendar days before it takes effect.
Ottly uses Google's artificial intelligence (Gemini models) to process the content you provide during sign-up and validation: your CV text and your validation videos (audio transcription and analysis of your answers). To do so, this content is transmitted to Google LLC (USA), which adheres to the EU-U.S. Data Privacy Framework.
The validation process produces an automated score and technical profile (profiling). In accordance with Article 22 GDPR, no decision with significant effects is made on a solely automated basis: any validation that may affect your verification or visibility is subject to human review before becoming final. You have the right to obtain human intervention, express your point of view and contest the decision by writing to privacy@ottly.io.
Validation videos are deleted from our storage once the process is completed and approved; only the text transcripts needed for your professional profile are retained.
Additional processors beyond those already listed: Google LLC (AI processing of CVs and videos), Neon, Inc. (database hosting, under standard contractual clauses) and Resend (transactional email delivery).
For any inquiry related to the protection of your data, you can contact us at: