Legal & Compliance

Othra operates inside one of the most heavily regulated corners of consumer technology — biometric identity, generative-AI detection, and cross-border platform takedowns. This page is the single authoritative directory for every legal and compliance contact at Hanium LLC, the operator of Othra. If you are a regulator, a journalist, a counsel representing a user, a sub-processor, or a security researcher, you are in the right place.

Operating entity

The Othra mobile application and the website at othra.ai are operated by:

Hanium LLC
A Wyoming limited liability company
5830 E 2nd St, Ste 7000, PMB 33039
Casper, WY 82609-4308
United States

Hanium LLC is the data controller for Othra users and the publisher of record on the Apple App Store. All commercial agreements, regulatory notices, and legal correspondence should be addressed to the entity above.

Direct contacts

Use the address that matches your enquiry. We acknowledge every well-formed message within seventy-two hours.

Compliance program

Othra runs a written compliance program reviewed at least annually and after every material change to product, infrastructure, or regulatory landscape. The program is overseen by the Data Protection Officer and by Hanium LLC's senior management.

• Data Protection Impact Assessments — completed before any new processing of biometric data, takedown evidence, or cross-border transfer.
• Vendor due diligence — every sub-processor signs a Data Processing Agreement that incorporates the latest EU Standard Contractual Clauses (Module 2 or Module 3, as applicable) and the UK International Data Transfer Addendum.
• Annual third-party audit — security controls, access reviews, and key rotations.
• Incident response — breach playbook tested on a quarterly basis, with a 72-hour regulator-notification window per GDPR Article 33.
• Staff training — privacy, security, and AI-act obligations reviewed for every team member at onboarding and annually thereafter.
• AI governance — alignment with the EU AI Act risk classification, the NIST AI Risk Management Framework, and Apple's App Store guidelines for AI-generated content detection.

Regulatory framework

Othra is designed to comply with the strictest privacy and platform obligations in every jurisdiction we serve. The matrix below summarizes the principal regimes.

Law-enforcement requests

Hanium LLC receives lawful process only where validly served on the operating entity. We respond to law-enforcement requests in accordance with applicable law and our published guidelines.

• Form — written demand on official letterhead, signed by an authorized officer, and identifying the legal authority invoked (subpoena, court order, search warrant, MLAT request, or equivalent foreign instrument).
• Channel — legal@othra.ai with the subject line LERT.
• Scope — we provide only the minimum information required by the legal instrument. Biometric face vectors are stored on the user's device and are not within our possession or control.
• User notice — affected users are notified of legal demands unless we are legally prohibited from doing so or we determine that notice would create a risk of physical harm.
• Emergency disclosure — in good-faith cases involving imminent risk of death or serious bodily harm, we may respond to verified emergency requests in the manner permitted under 18 U.S.C. § 2702(b)(8) or local equivalents.
• Cost recovery — we may invoice for the reasonable cost of responding to legal process, as permitted by law.

Intellectual property

Othra respects the intellectual property of others and expects users to do the same. If you believe content available through Othra infringes your copyright, you may submit a notice that complies with 17 U.S.C. § 512(c)(3) of the Digital Millennium Copyright Act.

A complete DMCA notice must include:

1. A physical or electronic signature of the rights-holder or authorized agent.
2. Identification of the copyrighted work claimed to have been infringed.
3. Identification of the allegedly infringing material and its location, with sufficient detail to permit Othra to locate it.
4. Your contact information (address, telephone, email).
5. A statement of good-faith belief that the use is not authorized.
6. A statement, under penalty of perjury, that the information is accurate and that you are authorized to act.

Send notices to ip@othra.ai. Counter-notices are accepted in writing in accordance with § 512(g). Repeat infringers will have their accounts terminated under our published repeat-infringer policy.

Security & vulnerability disclosure

Othra welcomes coordinated disclosure of security vulnerabilities by independent researchers. Please write to security@othra.ai with a technical description, reproduction steps, and any proof-of-concept. A PGP key is available on request.

• Safe harbor — research conducted in good faith, in accordance with this policy, will not be subject to legal action by Hanium LLC. We do not authorize testing that disrupts service, accesses data of other users, or violates applicable law.
• Acknowledgement — researchers who report verified vulnerabilities will be credited in the Othra security hall of fame, unless they request anonymity.
• Out of scope — denial-of-service testing, social-engineering attacks against employees, and physical-security testing are not authorized.
• Triage SLA — initial response within seventy-two hours; remediation timeline shared once the report is validated.

Disputes

Any dispute, claim, or controversy arising out of or relating to Othra is governed by the Othra Terms of Service, which include a binding arbitration agreement administered by the American Arbitration Association in Wyoming, United States, and a class-action waiver. Users in jurisdictions where such terms are unenforceable retain the rights granted by their local law. Nothing in the Terms of Service waives any non-waivable consumer rights you may have.

Policy library

• Privacy Policy — what we collect, how we process it, and your rights.
• Terms of Service — the contract that governs your use of Othra.
• Data Protection Officer — independent privacy oversight and how to reach the DPO.

Additional internal policies (Acceptable Use, Sub-processor List, Incident Response, AI Governance) are available upon written request to legal@othra.ai and may be shared under a confidentiality agreement where appropriate.