Legal

Privacy Policy

Effective: June 17, 2026 · Last updated: June 17, 2026

This Privacy Policy describes how OTG Consulting, LLC, an Illinois limited liability company (“OTG,” “we,” “us,” or “our”), collects, uses, shares, and protects information in connection with Hephanos Innovation, a software-as-a-service platform offered by OTG at https://hephanos.com (the “Service”). “Hephanos Innovation” is the trading name under which OTG operates the Service; it is not a separate legal entity. The responsible party under this Policy is OTG.

The Service is marketed to, and intended for, business customers in the United States. It is not directed to consumers, to individuals outside the United States, or to anyone under 18. By applying to use, purchasing, or using the Service, you acknowledge that you have read and understood this Policy.

In plain English

The full Policy below is the binding document; this summary is for convenience only.

  • What we collect is limited to what we need to evaluate applications and deliver the analysis you purchase — the information you type into our forms, payment metadata, and standard service logs.
  • We protect your business inputs. We do not sell them, use them across customers, or use them to train, fine-tune, or improve AI models.
  • Your analysis is delivered privately to you and is not shared with other customers.
  • Keep inputs limited. Do not submit sensitive, regulated, confidential, or proprietary information — the Service is built for limited business-context analysis only.
  • U.S. only. California residents have additional rights (Section 9).
  • No advertising tracking. We do not use cookies for cross-site tracking, retargeting, or advertising.

2. Who we are and how to reach us

  • Entity: OTG Consulting, LLC, an Illinois limited liability company
  • Trading name for the Service: Hephanos Innovation
  • Privacy contact: privacy@hephanos.com

To ask a question about this Policy or exercise a right described below, email us at the address above. We typically respond within ten (10) business days.

3. Information we collect

Application information. When you apply to our founding-cohort program or contact us through the site, we collect what you enter in the form: your full name, work email, role, company name, company website, industry, company size, and the free-text description of your situation. We use this to evaluate and administer your application and to communicate with you about it.

Account information. You may create a lightweight account to purchase and access the Service. We store only the minimum needed to operate it — such as your name, email, and a securely hashed password (we never see your plaintext password). The Service is purchased one analysis at a time; it is not a subscription, and we do not maintain an ongoing library of your past analyses on your behalf.

Analysis inputs (you provide). To run an analysis, you provide a limited description of the market, business context, strategy, constraints, and opportunity you want analyzed (a “Target Profile”). Target Profiles may include limited business contact details or references to competitors, customers, or team members; you are responsible for ensuring you have the right to share anything you submit. The Service does not require — and you should not submit — sensitive, regulated, confidential, proprietary, or highly detailed internal business information.

Payment information. Payments are processed directly by our payment processor, Stripe, Inc. We do not receive or store your full card number, CVC, or expiration date. We receive and store only transaction metadata — for example a customer identifier, amount, currency, timestamp, last-four digits, and card brand.

Service usage information (collected automatically). Standard web and application logs (including IP address, user-agent, timestamps, and requested URLs), session and authentication data, and basic feature-usage events.

Generated analyses (we produce). The analysis and report we generate from your Target Profile and from publicly available research we retrieve on your behalf. As described in our License Agreement, the generated analysis is OTG’s work product; you receive a license to use the report delivered to you.

Communications. If you email us, take part in a user interview, or otherwise contact us, we retain those communications for recordkeeping and service improvement.

What we do not collect. We do not knowingly collect health, medical, biometric, or genetic data; financial-account information beyond the Stripe-mediated payment metadata above; precise geolocation; or information from anyone under 18.

4. How we use information

  • To evaluate, administer, and communicate about applications.
  • To deliver the analysis you purchased and operate the Service.
  • To process payments, issue any applicable refunds, and prevent fraud.
  • To secure the Service, diagnose defects, and understand aggregate usage.
  • To send service notifications and legally required messages.
  • To comply with applicable law and protect against misuse.

We do not use your analysis inputs to train, fine-tune, or improve AI models. AI processing is described in Section 5.

5. AI processing

Hephanos Innovation uses artificial-intelligence systems to produce your analysis. To do so, we may transmit your inputs, publicly sourced research, intermediate artifacts, and generated analysis to one or more third-party AI processing providers, which handle that data under their own terms, security practices, and retention rules. We do not control those providers’ independent systems or policies.

  • No OTG training use. OTG does not use your inputs to train, fine-tune, or improve AI models.
  • No cross-customer use. OTG does not use one customer’s inputs to produce another customer’s analysis.
  • AI outputs are not guarantees. AI outputs are variable and may contain errors. The disclaimers governing the report are set out in our License Agreement.

6. How we share information

We share information only as needed to operate the Service, deliver your analysis, process payments, secure the platform, support customers, and comply with law. We do not sell personal information, and we do not share it for cross-context behavioral advertising.

We rely on third-party service providers in a number of operational categories, including hosting and infrastructure, payment processing, AI processing, research and web-retrieval, email delivery, application intake and customer support, and security, monitoring, and logging. Our specific providers may change over time as the Service evolves; we describe them by category rather than maintaining a public vendor list. Where we use third-party AI processing providers, those providers handle data under their own terms, security practices, and retention rules, which we do not control. Business customers who need additional information about the specific providers we use within these categories may request it at privacy@hephanos.com, and we may provide it subject to confidentiality, security, and operational considerations.

Legal and safety. We may disclose information where we believe in good faith it is necessary to comply with law or valid legal process; to protect the rights, property, or safety of Hephanos Innovation, our customers, or the public; or to investigate or prevent fraud, abuse, or violations of our License Agreement.

Business transfers. If OTG is involved in a merger, acquisition, reorganization, asset sale, or insolvency, information may be transferred as part of that transaction. Any acquirer will be bound by this Policy or will provide notice before materially changing it.

7. How long we keep information

We keep the information you submit — your application details and your Target Profile inputs — for as long as we reasonably need it to operate the Service, evaluate and administer founding-cohort applications, meet our legal and recordkeeping obligations, and protect against fraud and misuse, and no longer than necessary for those purposes. Payment and transaction metadata is retained for up to seven (7) years to comply with tax and financial-recordkeeping obligations. Raw service logs are typically retained for about ninety (90) days. Generated analyses are OTG’s work product and may be retained by us; because the Service is purchased one analysis at a time and we do not commit to indefinite hosted access, you should download and keep your own copy of any report delivered to you.

You may request deletion of the information you submitted at any time by emailing privacy@hephanos.com. We may retain copies only as required by law (for example, tax, recordkeeping, or fraud-prevention).

8. Your rights and choices

Subject to verification and applicable law, you may:

  • Access a copy of the personal information we hold about you;
  • Correct inaccuracies in that information;
  • Delete the information you submitted, except where we must retain records for legal, tax, or fraud-prevention reasons;
  • Export the information you provided in a portable format; and
  • Withdraw consent for any processing that relies on your consent.

To exercise any of these, email privacy@hephanos.com from the email address associated with your application or account. We will verify your identity before acting and respond within thirty (30) days, or sooner if required by law.

9. California residents

This section supplements the rest of this Policy for California residents. In the last twelve (12) months we have collected the following CCPA/CPRA categories of personal information: identifiers (such as name, email, account identifier, and IP address); commercial information (transaction history); internet or other network activity (service logs); professional or employment information (role, company); and limited inferences (not used for profiling). We collect this directly from you, automatically from your use of the Service, and from our payment processor. We use it for the purposes described in Section 4 and disclose it to service providers for the business purposes described in Section 6.

OTG does not sell personal information and does not share it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA, so no “Do Not Sell or Share” link is required. OTG does not intentionally collect sensitive personal information, and you should not submit it. California residents have the rights described in Section 8, plus the right to non-discrimination for exercising their rights.

10. Other state privacy laws

Residents of other U.S. states with a general consumer-privacy statute may have rights similar to those described in Section 8. To exercise any such right, contact privacy@hephanos.com and identify your state of residence; we will apply the standard of your state.

11. International users

The Service is intended for U.S. business customers, and information is processed and stored in the United States. If you access the Service from outside the United States, you do so at your own initiative and are responsible for compliance with local laws.

12. Security

We use reasonable administrative, technical, and physical safeguards to protect information against loss, theft, and unauthorized access, including TLS in transit, encryption at rest, role-based access controls, securely hashed credentials, separated development and production environments, and regular dependency patching. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you as required by law.

13. Cookies and tracking

The Service uses only the small number of cookies strictly necessary for authentication and session management. We do not use cookies for cross-site tracking, advertising, or retargeting. If we add a web analytics provider in the future, we will update this Section.

14. Children

The Service is not directed to anyone under 18, and we do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

15. Changes to this policy

We may update this Policy from time to time. Material changes will be communicated by email where appropriate and posted at https://hephanos.com/privacy with an updated “Last updated” date. Continued use of the Service after a material change constitutes acceptance. Statements about privacy made in FAQs, marketing pages, or support articles are informational only; in case of conflict, this Policy (together with the License Agreement) controls.

16. Contact

For any questions about this Policy, email privacy@hephanos.com.