OTA NETWORK · TRUST CENTER · UPDATED 21 JUNE 2026

Your data. Your control.
Your record.

We hold what you authorise, where you can find it, for as long as you want. The OTA Network is built so the operator stays in control of the operator’s own record.

End-to-end encrypted by default.

UK and EU data residency.

Voice cloning is opt-in only.

Stripe Identity face KYC for verification.

Export anything. Delete everything.

Civil Service-grade Black Box Mode.

01DATA RESIDENCY

Where your data lives.

All operator data lives in the United Kingdom and European Union. Supabase Postgres (London), Vercel Edge Functions (London, Frankfurt, Dublin), and Storage in the same residency. We do not transfer operator data outside this region.

The one exception: when we call LLM and TTS providers (Anthropic, NVIDIA, ElevenLabs), the request payload leaves residency for the duration of the inference. Those calls are stateless. None of those providers retain the request, the response, or any operator identifier under our contract terms.

02ENCRYPTION

Encrypted on your device. Verified on the rail.

Every message on Send Li is end-to-end encrypted on your device before it leaves. Session keys are Ed25519, derived from your Curve25519 identity key via HKDF domain separation. Send Li delegations carry a cryptographic signature from your device, verified server-side before any session opens.

Black Box Mode goes further. Ephemeral session keys. Screenshots terminate the session. Conversation data exists only briefly in memory and is never written to disk. The peer sees a rotating session code, not your handle. Designed to government and Civil Service-grade security standards.

03VOICE & BIOMETRICS

Your voice clone is opt-in. Yours to delete.

Send Li can render Voice Preview messages in your own voice using NVIDIA Magpie zeroshot. To use it, you provide a single five- second audio sample at onboarding. The sample lives in Supabase Storage (UK) and is deletable at any time from Settings → Voice.

Voice cloning is opt-in only. Default is off. We never use your voice for anything other than rendering your own Voice Preview messages, and never share the voice asset with another operator or third party.

04IDENTITY VERIFICATION

We never see your passport.

Send Li operators verify identity through Stripe Identity face KYC before joining the network. Stripe holds the identity documents and selfie under their own retention policy. We receive a verification status only.

Your verified status appears as a green badge on your operator profile. We never see your passport, driver’s licence, or the selfie used to verify. The handle on the network is your chosen @, never your legal name unless you set it as your display name yourself.

05RETENTION & DELETION

Export anything. Delete everything. 24-hour hard delete.

You can export every message, broadcast, assessment result, and Send Li session via Settings → Data → Export. The export is a single zip in operator-readable JSON.

You can delete your entire account, including all messages and the voice clone sample, via Settings → Data → Delete Account. Hard deletion completes within 24 hours. We do not retain “deleted” data for analytics, training, or anything else. Once it’s gone, it’s gone.

06SUB-PROCESSORS

Every vendor that touches operator data.

The companies that process operator data on our behalf, what they do, where they live:

  • SupabaseDatabase, auth, storageUK
  • VercelApplication hosting + Edge FunctionsUK + EU
  • AnthropicLLM inference (Send Li drafting, Hello Li chat)US, stateless
  • NVIDIATTS inference (Magpie zeroshot Voice Preview)US, stateless
  • ElevenLabsTTS inference (fallback)US, stateless
  • OpenAIWhisper STT for Hello Li voice modeUS, stateless
  • Stripe IdentityIdentity verification (face KYC)US + EU
  • ApolloOptional LinkedIn enrichment (opt-in)US
  • RevenueCatiOS subscription managementUS
  • AppleApp Store distribution + paymentsUS

CONTACT · QUESTIONS · DISCLOSURE

Security questions

Email security@otamediagroup.com for vulnerability disclosure, security review requests, and any technical question about the posture on this page.

Data + privacy

Email privacy@otamediagroup.com for data export requests, deletion confirmations, sub-processor questions, and GDPR / UK GDPR enquiries.

The formal Privacy Policy covers the legal long-form. Anything stated on this page is also true in the policy; if you find a contradiction, this page is the operating commitment and the policy will be corrected to match. Last reviewed 21 June 2026.