Privacy policy

Effective Date: May 27, 2026  ·  Last Updated: May 27, 2026  ·  Open Transaction Layer, Inc.

1. Who We Are

Open Transaction Layer, Inc. ("OTL," "we," "us," or "our") is a Delaware non-stock nonprofit corporation that develops and promotes open protocol standards for coordinating onchain transactions. This Privacy Policy explains how we collect, use, and protect information when you visit our website at https://otl.network (the "Site").

For privacy-related inquiries, you may contact us at:
Email: legal@otl.network
Entity: Open Transaction Layer, Inc.

For purposes of the EU General Data Protection Regulation ("GDPR"), Open Transaction Layer, Inc. is the data controller responsible for the processing of personal data described in this Privacy Policy.

2. What Information We Collect

Our Site is informational in nature. We do not operate user accounts, login functionality, contact forms, or user-generated content submissions. Given this limited scope, the information we collect is minimal.

Analytics Data

When you consent to analytics cookies, we collect anonymous usage data through Google Analytics, including pages visited, time spent on the Site, referral sources, general geographic region (country or city level), browser type and version, device type, operating system, and screen resolution. Google Analytics 4 does not log or store full IP addresses. No personal information such as your name, email address, or account identifiers is stored through analytics.

Cookies

If you consent, Google Analytics places the following first-party cookies on your device:

If you decline cookies through our cookie preferences banner, no cookies are set and no data is transmitted to Google.

Email Communications

The Site provides a "reach out" email link as a contact mechanism. If you choose to send us an email, we will receive your email address, the content of your message, and any metadata your email client transmits (such as your name, if configured, and your IP address). We collect this information only because you have voluntarily initiated contact with us.

Server Logs

Our hosting provider generates standard access logs when you request pages from the Site. These logs contain your IP address, the date and time of your request, the CloudFront edge location that served your request, the HTTP method and URI path requested, HTTP status code, bytes transferred, referrer URL, and user-agent string. These logs are retained for no more than 30 days, after which they are automatically deleted. We use these logs solely for security monitoring, troubleshooting, and detecting abuse. We do not correlate log data with analytics data or attempt to identify individual visitors from log entries.

3. How and Why We Use Your Information

We process information for the following purposes:

Site Analytics and Improvement

We use Google Analytics to understand how visitors interact with the Site so that we can improve its content, structure, and performance. This processing is based on your consent, which you provide through our cookie preferences banner. Under the GDPR, the legal basis for this processing is Article 6(1)(a) (consent).

Security and Operational Integrity

We use server logs to detect and respond to security threats, diagnose technical issues, and maintain the availability of the Site. Under the GDPR, the legal basis for this processing is Article 6(1)(f) (legitimate interests), specifically our interest in maintaining a secure and functioning website.

Responding to Inquiries

If you contact us via email, we use the information you provide to respond to your inquiry. Under the GDPR, the legal basis is Article 6(1)(f) (legitimate interests), namely our interest in communicating with individuals who reach out to us, or Article 6(1)(b) (pre-contractual steps) if your inquiry relates to participation in the initiative.

4. Cookie Preferences

When you first visit the Site, a cookie preferences banner will appear, giving you the choice to accept or decline analytics cookies. Cookies are categorized as follows:

You may change your cookie preferences at any time by clicking the "Cookie Preferences" link in the Site footer. If you decline analytics cookies, or later withdraw your consent, no tracking data is sent to Google and no cookies are placed or retained on your device. You may also control cookies through your browser settings or by installing the Google Analytics Opt-Out Browser Add-on.

5. Third-Party Services

Google Analytics

We use Google Analytics 4, a web analytics service provided by Google LLC ("Google"). Google processes analytics data on our behalf in accordance with its data processing terms. Google may transfer data to servers in the United States. Google participates in the EU-U.S. Data Privacy Framework. For more information about how Google handles data, please review Google's Privacy Policy and the Google Analytics safeguards page.

Amazon Web Services (AWS)

The Site is hosted on AWS infrastructure, specifically Amazon CloudFront and Amazon S3. AWS acts as an infrastructure provider and, where CloudFront access logging is enabled, as a data processor for limited technical data (IP addresses and request metadata contained in access logs). AWS processes this data in accordance with the AWS Data Processing Addendum, which is incorporated into the AWS Service Terms and includes Standard Contractual Clauses for international data transfers. AWS maintains ISO 27001, ISO 27017, ISO 27018, and SOC 1/2/3 certifications. For more information, see AWS's privacy practices and the list of AWS sub-processors.

Links to Third-Party Websites

The Site may contain links to websites operated by our partners, members, or other third parties. We are not responsible for the privacy practices or content of those external websites. We encourage you to review the privacy policies of any third-party site you visit. A link from the Site does not imply endorsement of, or responsibility for, the linked site's practices.

6. Data Sharing

We do not currently sell, rent, or share personal data with partners, members, or other third parties for their own marketing or commercial purposes.

We may share limited data in the following circumstances:

We reserve the right to share data with partners or members in the future to the extent permitted by applicable law. If we materially expand our data-sharing practices, we will update this Privacy Policy and, where required by law, provide you with appropriate notice or obtain your consent before any such sharing takes effect.

7. Data Retention

8. International Data Transfers

Open Transaction Layer, Inc. is incorporated in the State of Delaware, United States. The Site is hosted using AWS infrastructure, specifically Amazon CloudFront (a content delivery network) serving content from an Amazon S3 storage origin located in the United States (us-east-1, N. Virginia).

Content delivery

Amazon CloudFront delivers Site content from a global network of over 750 edge locations across 50+ countries, including locations within the European Economic Area ("EEA"). When you visit the Site, static content is typically served from the edge location nearest to you. If the requested content is not cached at that edge location, CloudFront retrieves it from the S3 origin in the United States.

CloudFront access logs

If enabled, CloudFront access logs containing your IP address, request timestamp, edge location identifier, and user-agent string are stored in an S3 bucket in the United States.

Google Analytics

If you consent to analytics cookies, Google Analytics processes usage data on Google's infrastructure, which may include servers in the United States. Google participates in the EU-U.S. Data Privacy Framework and relies on Standard Contractual Clauses as an additional transfer mechanism. For more information, see https://policies.google.com/privacy/frameworks.

Transfer safeguards

Where personal data is transferred outside the EEA, we rely on the following mechanisms to ensure adequate protection: (a) the EU-U.S. Data Privacy Framework, under which both Google LLC and Amazon.com, Inc. are certified; and (b) Standard Contractual Clauses incorporated into the AWS Data Processing Addendum and Google's data processing terms, both of which apply automatically under their respective service terms and include the European Commission's 2021 Standard Contractual Clauses.

If you decline analytics cookies, the only data that may be transferred to the United States is the technical routing of your HTTP request through CloudFront infrastructure (which typically occurs at the edge location nearest to you) and, if CloudFront logging is enabled, the resulting access log entry.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

If you are in the EEA or United Kingdom (GDPR/UK GDPR)
If you are a California resident (CCPA/CPRA)

To exercise any of these rights, please contact us at legal@otl.network. We will respond to verifiable requests within the timeframes required by applicable law (generally 30 days under GDPR; 45 days under CCPA).

10. Children's Privacy

The Site is not directed at children under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information promptly.

11. Do Not Track / Global Privacy Control

Some browsers transmit "Do Not Track" (DNT) or Global Privacy Control (GPC) signals. If you decline cookies through our cookie preferences banner, our Site does not set analytics cookies or transmit data to Google regardless of any DNT or GPC signal. We honor GPC signals as a valid opt-out request where required by applicable law (including under the CCPA).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the functionality of the Site. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any update constitutes your acknowledgment of the revised policy, except where applicable law requires us to obtain your renewed consent, in which case we will do so before implementing the relevant changes.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Open Transaction Layer, Inc.
Email: legal@otl.network

© 2026 Open Transaction Layer, Inc. All rights reserved.