This Policy applies when Olly acts as a "data controller" with respect to your Personal Information. When we process data solely on behalf of a customer or third party (i.e., as a "data processor"), their respective privacy policy governs.

We may issue different privacy notices for specific contexts; those notices supersede this Policy in those contexts.

If you provide Personal Information regarding others, you are responsible for ensuring you have lawful grounds to do so, including obtaining any required consents.

Personal Information We Collect

"Personal Information" means information that identifies, relates to, describes, or could be reasonably linked with a person. We collect the following categories:

Contact Information

Name, email address, phone number, mailing address.

Account Credentials

Username, password, third-party account tokens, and associated metadata.

Text Messaging Preferences

Phone number and opt-in status for AI agent text messages, including message history and interaction data.

Connected App Data

With your explicit authorization, we access limited metadata and content from connected third-party services (e.g., Gmail, Google Drive, Google Calendar, Notion), including but not limited to email subject lines, file names, calendar event titles, timestamps, and entity references. For Google services specifically, we only access data within the scope of permissions you explicitly grant during the OAuth consent process. This data is accessed temporarily to perform requested tasks and is protected using the security measures described in our Data Security and Protection section.

Usage Information

IP address, device identifiers, session identifiers, browser type, referring URLs, timestamps, interactions with the Site and Services.

Communications

Messages you send to us via email, chat, or other channels; call recordings where permitted.

Financial Information

Payment data and billing details collected through a secure third-party payment processor.

Employment Information

When applying for a role, we may collect information from your application, CV/resume, references, and background check results.

How We Collect Personal Information

Directly from You

When you create an account, connect third-party services, use Olly to perform tasks, or communicate with us.

Through Third-Party Integrations

When you link external services (e.g., Google, Notion, Slack), we collect authorized data via those services' APIs.

Automatically

Via cookies, server logs, and tracking technologies.

From Third Parties

Service providers, analytics vendors, recruiters, background check services.

How We Use Personal Information

We use your Personal Information for the following purposes:

• Service Delivery – Authenticate users, perform tasks across integrated apps, respond to prompts, process transactions, and provide support.

• Text Messaging – Send and manage AI agent text messages, track opt-in status, and maintain message history.

• Product Optimization – Analyze interactions to identify bugs, optimize UX, and improve task execution performance.

• Research and Development – Analyze aggregated, de-identified usage patterns to improve our services and develop new product features.

• Communication – Provide operational updates, respond to support inquiries, send policy notifications.

• Legal and Security – Enforce our terms, detect and prevent fraud or abuse, comply with legal obligations.

• Business Transactions – Facilitate mergers, acquisitions, or asset sales as legally permitted.

• Employment – Process job applications, conduct interviews, and manage recruiting logistics.

Data Security and Protection

Security procedures are in place to protect the confidentiality of your data. We implement comprehensive security measures to safeguard your Personal Information, including data accessed through connected services like Google Workspace.

Encryption

We use encryption to protect your information both when it is stored (at rest) and when it is being transmitted (in transit). This includes OAuth tokens, personal data, and any content accessed from third-party services.

Data Isolation

Each user's data is stored individually with no cross-pollution between accounts. Your information is isolated from other users' data through secure access controls and authentication mechanisms.

OAuth Security

OAuth tokens for connected services (such as Gmail, Google Drive, Google Calendar) are securely stored using encryption. We only request the minimum necessary permissions required to provide our services, and tokens are automatically managed with appropriate expiration policies.

Access Controls

We implement strict access controls to ensure only authorized personnel can access user data, and only when necessary for providing our services. All access is logged and monitored for security purposes.

Security Monitoring

We continuously monitor our systems for unauthorized access attempts and potential security threats. Our security procedures are regularly reviewed and updated to maintain the highest level of data protection.

Data Deletion

Upon request, we will delete your user data from our systems. You may request data deletion at any time by contacting us at the email address provided below. We will process deletion requests promptly in accordance with applicable laws.

How We Disclose Personal Information

We do not sell Personal Information. We may disclose it as follows:

• Personnel – Employees, contractors, and agents with a need to know.

• Service Providers – Infrastructure hosting (e.g., AWS), authentication services, payment processors, analytics vendors, support tools.

• Connected Third-Party Platforms – Only to the extent necessary to execute tasks on your behalf (e.g., sending email via your Gmail account).

• Legal Authorities – To comply with law enforcement or other legal obligations.

• Corporate Transactions – As part of a merger, acquisition, or bankruptcy.

• With Consent – To others when you explicitly request or authorize it.

All third-party access is governed by contracts requiring appropriate confidentiality and data handling controls.

Cookies and Tracking Technologies

We use cookies, pixel tags, and local storage to collect analytics, improve performance, remember user preferences, and secure accounts. We may use:

• Google Analytics – For traffic and usage analysis. See Google's Privacy Policy and opt-out tools.

• Session Replay Tools – To observe anonymized user behavior for product debugging and design.

You can modify cookie preferences in your browser or in our in-app settings. Some functionality may degrade if cookies are disabled.

Cross-Border Data Transfers

Olly is headquartered in the United States. If you access the Services from outside the U.S., you understand that your Personal Information will be transferred to, stored in, and processed in the U.S. and potentially other jurisdictions, where data protection laws may differ.

We rely on lawful transfer mechanisms (such as Standard Contractual Clauses) where applicable.

Data Retention

We retain Personal Information:

• As long as your account is active

• For as long as necessary to provide the Services

• To comply with legal obligations and resolve disputes

• For internal audit and security purposes

We periodically review data retention periods and delete or de-identify data no longer required.

Third-Party Services and Links

We are not responsible for the data practices of third-party websites or services that you access through Olly. Your interactions with them are governed by their privacy policies.

When you use OAuth or similar methods to link third-party apps to Olly, we may receive tokenized access. You can revoke access at any time from your third-party provider's settings dashboard or within Olly.

Your Rights

Subject to applicable laws, you may have the right to:

• Access, update, or delete your Personal Information

• Withdraw consent for certain processing

• Object to processing or request restrictions

• Request data portability

• Revoke OAuth permissions for connected services at any time

Data Deletion: You may request deletion of your personal data at any time. Upon receiving your request, we will delete your user data from our systems, including any OAuth tokens and data cached from connected services. To request data deletion, contact us at founders@getolly.ai.

Revoking Access: You can revoke Olly's access to your Google data at any time through your Google Account settings or by disconnecting the integration within Slashy. This will immediately stop our access to your Google services.

You may exercise these rights by contacting us at founders@getolly.ai. We may require identity verification before processing your request.

Children's Privacy

Our Services are not directed at children under the age of 13 (or the age defined under applicable law). We do not knowingly collect Personal Information from children.

Changes to This Policy

We may update this Policy periodically. Material changes will be communicated via email or posted on our Site with the updated effective date.

Contact Us

For questions about this Privacy Policy, email us at: founders@getolly.ai