Last updated: March 26, 2026
OtterButter ("we", "us", "our"), a company incorporated in the Netherlands, provides a mobile application that connects to your Grafana instances and offers AI-powered analysis of your monitoring data. This Privacy Policy describes how we collect, use, process, and protect information when you use our application and services, in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Dutch data protection law.
OtterButter is the data controller for personal data processed through the Service. For questions regarding data processing, contact our Data Protection Officer at [email protected].
We process personal data on the following legal bases under Article 6 of the GDPR: (a) performance of a contract -- to provide the Service you have requested; (b) legitimate interest -- for service improvement, security, and fraud prevention; (c) consent -- for AI analysis features that transmit your Grafana data to third-party AI providers, which you may withdraw at any time by ceasing to use those features; and (d) legal obligation -- where required by applicable law.
Your Grafana instance credentials (API tokens, usernames, passwords) are stored exclusively on your mobile device. They are never transmitted to, stored on, or accessible by OtterButter servers. All communication between the application and your Grafana instances occurs directly from your device. We have no ability to access, retrieve, or recover your Grafana credentials at any time.
When you request an AI-powered analysis (summaries, deep dives, alert explanations), data retrieved from your Grafana instance -- including but not limited to dashboard metadata, panel configurations, metric names, metric values, time-series data, alert definitions, alert states, labels, and annotations -- is transmitted to third-party AI service providers (currently OpenAI; additional providers such as Anthropic or other AI service providers may be used in the future) for processing. This data is sent through our backend servers to the AI provider.
These third-party providers may be located outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or adequacy decisions. We do not control the data handling, retention, or privacy practices of these third-party AI providers. By using the AI analysis features, you acknowledge and consent to your Grafana monitoring data being processed by third-party AI providers under their respective terms and privacy policies.
We store the following data on our servers: your authentication identity (provided by our authentication provider), subscription and billing information, AI-generated summary texts and associated metadata (instance URL, dashboard or alert identifiers, time ranges, generation timestamps), usage counts, and your alert ignore preferences. We do not store raw Grafana metric data, time-series values, or Grafana credentials on our servers.
The application stores the following data locally on your device: Grafana instance connection details and credentials, authentication tokens, dashboard variable preferences, alert ignore lists, and application configuration. This data persists until you remove it through the application settings or uninstall the application.
We use third-party analytics, error tracking, and monitoring services to improve the application and diagnose issues. These currently include, but are not limited to: Mixpanel (usage analytics), Sentry (error and crash reporting), and Google Analytics (usage analytics). Additional tools may be added in the future.
These services may collect data such as: device identifiers, operating system version, application version, feature usage events, session duration, crash reports, stack traces, and general interaction patterns. No Grafana credentials, raw metric values, or AI-generated summary content is included in data sent to these services. These third-party services may process data outside the EEA under their own privacy policies and data processing agreements.
We reserve the right to display advertisements to users on free (unpaid) plans. Third-party advertising networks may collect device identifiers, IP addresses, and interaction data to serve and measure advertisements. This data collection is governed by the respective advertising networks' privacy policies. Paid subscription plans are not subject to advertisements.
We implement appropriate technical and organizational measures to protect data in transit and at rest in accordance with Article 32 of the GDPR. However, no method of electronic transmission or storage is completely secure. You are solely responsible for maintaining the security of your device, your Grafana credentials, and your network connection.
Under the GDPR, you have the following rights regarding your personal data: (a) Right of access -- obtain confirmation of whether your data is being processed and request a copy; (b) Right to rectification -- request correction of inaccurate data; (c) Right to erasure -- request deletion of your data; (d) Right to restriction -- request restriction of processing; (e) Right to data portability -- receive your data in a structured, machine-readable format; (f) Right to object -- object to processing based on legitimate interest; (g) Right to withdraw consent -- withdraw consent at any time where processing is based on consent.
To exercise these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
You are solely responsible for ensuring that your use of OtterButter complies with your organization's data governance policies, security requirements, and any applicable regulations including the GDPR. You are responsible for determining whether the data within your Grafana instances is appropriate to be processed by third-party AI providers. If your monitoring data contains personally identifiable information (PII), protected health information, or other data subject to regulatory requirements, you must evaluate whether use of this service is permissible under applicable laws and your organization's policies. If you act as a data controller for data processed through the Service, you are responsible for ensuring a valid legal basis for such processing.
AI-generated summaries are retained on our servers until you request deletion or delete your account. We may retain anonymized or aggregated data that cannot be linked to an individual indefinitely for service improvement purposes. Data processed by third-party AI providers is subject to their respective retention policies. Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law.
Our backend infrastructure and third-party AI providers may process data outside the EEA. Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses, adequacy decisions, or other approved transfer mechanisms under Chapter V of the GDPR. You may request a copy of the relevant safeguards by contacting [email protected].
OtterButter is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
We may update this Privacy Policy at any time. Where changes are material, we will notify you through the application or by other appropriate means. Continued use of the application after changes constitutes acceptance of the revised policy. We will update the "Last updated" date at the top of this page.
OtterButter, Haarlem, the Netherlands. For privacy inquiries: [email protected]. Data Protection Officer: [email protected]. Dutch Data Protection Authority: Autoriteit Persoonsgegevens, www.autoriteitpersoonsgegevens.nl.