Welcome to Olis! The very first ambient memory layer that runs privately inside your company’s environment. Protecting privacy is fundamental to how we work. This Privacy Policy explains how we, Olis AI, LLC (“Olis,” “we,” “us,” “our”) collects, uses, and discloses information when you access our websites and when organizations use our enterprise product and related services (collectively, the “Services”). We do not hold any customer data, or use Customer Content to train Olis or any third‑party AI models.

1. Scope

   1. Marketing Sites (Olis as controller/business). Our websites and pages that link to this Policy (e.g., olis.ai and subdomains) (“Marketing Sites”). In this context, Olis acts as a controller/business for the information we collect there.

   2. Enterprise Product (Olis as processor/service provider). Olis’s enterprise extension, applications, and backend services used by an Organization (“Product”). In this context, your Organization is typically the controller/business for Customer Content, and Olis acts as a processor/service provider under the Data Processing Addendum (“DPA”).

   3. Support Interactions (Olis as controller/business). When you contact us (e.g., support tickets, email, shared diagnostics), Olis acts as a controller/business for the information you submit in those interactions.

   If you use the Product through an Organization: the Organization controls what systems are connected, what data is accessible, and how permissions are assigned. Requests about Customer Content should generally be directed to your Organization’s administrator.

2. Key Definitions

   • “Customer Content”: Data, documents, files, messages, prompts, outputs, metadata, and other information processed by the Product at an Organization’s direction through enabled integrations.

   • “Inputs”: Submissions to the Product by Customer or Users (e.g., queries/prompts and referenced materials).

   • “Outputs”: Responses generated or displayed by the Product in response to Inputs.

   • “Service Data”: Limited operational, reliability, and security data about how the Services function (e.g., license state, versions, feature flags, audit events, access-control decisions, integration health, performance metrics, and error logs).

   • “Personal Information” / “Personal Data”: Information that identifies or can reasonably be linked to an individual.

   • “Sub-processors”: Vendors that process information on Olis’s behalf, under contract.

3. Information We Collect

   1. Information collected on Marketing Sites (controller/business). We may collect:

      • Contact and inquiry information

        • Name, email address, phone number, company, job title

        • Content of messages you send to us (e.g., inquiry forms, demo requests)

      • Device and usage information

        • IP address, device identifiers, browser type, operating system

        • Pages viewed, timestamps, referring/exit pages, approximate location derived from IP

      • Cookies and similar technologies. We may use cookies and similar tools for:

        • strictly necessary functionality (e.g., security, load balancing)

        • first-party measurement/analytics to understand site performance

      We do not intentionally use third-party advertising trackers for cross-context behavioral advertising on our Marketing Sites. If we introduce materially different tracking, we will update this Policy and (where required) provide choices via a cookie banner.

   2. Information processed in the Product (processor/service provider). The Product may process:

      • Customer Content (as configured by the Organization). Only the content the Organization enables via admin-configured integrations (e.g., Slack, Microsoft 365, Google Workspace, SharePoint/Drive, Confluence, ServiceNow) and only within scopes authorized by administrators.

      • Service Data (minimal operational signals). Service Data such as:

        • runtime signals (version, feature flags, error logs, performance counters)

        • security signals (authentication events, access-control decisions, audit events)

        • integration health (connector status, latency, failures)

        Where feasible, we design Service Data to be minimized and, when appropriate, de-identified or pseudonymized. Service Data may include identifiers necessary for authentication, authorization, and auditing.

      • Data we are not designed to collect. The Product is not designed to record users’ keystrokes generally, and we take measures intended to avoid collecting data entered into fields commonly used for passwords, payment card information, or other sensitive secrets. (No system is perfect; do not submit secrets to any system.)

   3. Information collected through Support Interactions (controller/business). If you contact Olis Support, we may collect:

      • contact details and communications

      • diagnostic logs, screenshots, recordings, or sample files you choose to provide

      Please avoid sending sensitive personal data unless necessary and requested.

4. How We Use Information. We use information to:

   1. Provide, maintain, and support the Services

      • authenticate users

      • deliver functionality and updates

      • provide customer support and troubleshooting

   2. Security, safety, and abuse prevention

      • protect accounts and infrastructure

      • detect and prevent fraud, misuse, and unauthorized access

      • investigate security issues and maintain audit trails

   3. Reliability and improvement

      • measure performance, uptime, error rates, and integration health

      • improve stability, resilience, and user experience

   4. Communications

      • respond to inquiries and demo requests

      • send administrative, transactional, and service-related messages

      • send marketing communications where permitted (you can opt out)

      We do not use Customer Content to market to you.

   5. Legal and compliance

      • comply with applicable law and lawful requests

      • enforce agreements and protect rights, safety, and integrity of the Services

        
        

5. AI, Model Training, and Data Use Boundaries

   1. No model training on Customer Content by default. Olis does not use Customer Content to train Olis models or third-party AI models unless your Organization provides explicit written opt-in through the DPA, an order form, or another signed agreement.

   2. Runtime inference and third-party providers. Depending on Customer configuration and deployment, the Product may use model providers for runtime inference. Where third-party providers are used, Olis requires contractual restrictions intended to prevent such providers from using Customer Content to train their models, and treats such providers as sub-processors where applicable.

   3. Outputs and accuracy. Outputs may be incorrect, incomplete, or misleading. Customer and Users are responsible for verifying Outputs before relying on them, especially for high-stakes decisions.

6. How We Disclose Information

   1. Service providers and sub-processors. We may share information with vendors that help us operate the Services (e.g., hosting, logging/monitoring, security tooling, customer support systems), under confidentiality and data-protection terms. A current list of sub-processors may be available on our Trust page or upon request.

   2. Organizations and administrators. In enterprise deployments, the Organization controls Customer Content and may access administrative controls, audit logs, and usage reporting, subject to its own policies.

   3. Legal and safety. We may disclose information to comply with law or legal process, or to protect rights, safety, and integrity of the Services.

   4. Business transfers. If Olis is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

   5. With consent or direction. We may disclose information when you instruct us or consent.

      
      

      We do not authorize sub-processors to use Customer Content for their independent purposes.

   
   

7. Legal Bases (EEA/UK/Switzerland)

   Where applicable, we process personal data under these legal bases:

   • Contract: to provide and secure the Services

   • Legitimate interests: to maintain and improve security and reliability and communicate about the Services

   • Consent: where required (e.g., certain cookies/marketing)

   • Legal obligations: compliance with applicable law

   
   

8. International transfers. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses and implement technical and organizational measures designed to protect information. Customer Content is processed consistent with Organization configuration and region/tenant selection where feasible.

   
   

9. Security. We maintain technical and organizational measures designed to protect information, which may include:

   • identity-based access controls aligned to Customer identity providers

   • encryption in transit and at rest for components we operate

   • least-privilege access controls and auditing

   • secure development practices and vulnerability management

   • incident response procedures and, where applicable, customer notification

   No system is perfectly secure. If you believe you’ve found a vulnerability, contact contact@olis-ai.com

   
   

10. Data Retention. We retain information only as long as necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

    • Customer Content: retained and deleted according to the Organization’s instructions and the DPA.

    • Service Data: retained as needed for security, audit, troubleshooting, and legal obligations, then deleted or de-identified where feasible.

    • Marketing Data and Support Data: retained to manage our relationship, provide support, and meet legal obligations.

    
    

11. Your Rights and Choices. Depending on your location, you may have rights to access, correct, delete, object, restrict processing, or port your Personal Information.

    1. Customer Content requests. For Customer Content processed in the Product, contact your Organization’s administrator. Olis supports such requests as required by the DPA.

    2. Marketing and Support requests. For Marketing Sites or Support Interactions, contact contact@olis-ai.com. We may verify identity and jurisdiction before responding.

    3. Cookies and tracking. You can control cookies via browser settings and (where required) our cookie banner. We honor Global Privacy Control (GPC) signals where legally required.

    4. Marketing opt-out. You can unsubscribe from marketing emails at any time using the link in the message or by contacting us.

    
    

12. U.S. State Privacy Disclosures. We do not sell Personal Information and do not share Personal Information for cross-context behavioral advertising.

    Categories of Personal Information we may collect (past 12 months) include:

    • identifiers (e.g., name, email)

    • commercial information (e.g., billing/subscription data)

    • internet/electronic activity (e.g., site usage telemetry)

    • inferences (e.g., approximate location from IP)

    Purposes: provide and secure the Services, support, first-party analytics, and legal compliance.

    Recipients: service providers/sub-processors, the Organization (for enterprise accounts), and lawful authorities.

    Retention: as described in Section 10.

    Rights: access/know, correct, delete, portability, and non-discrimination. To exercise: contact@olis-ai.com

    
    

13. Children. Our Services are not directed to children under 13, and we do not knowingly collect Personal Information from them. If you believe a child has provided Personal Information, contact contact@olis-ai.com and we will take appropriate action.

    
    

14. Third‑party services and links. Marketing Sites may contain links to third-party websites. The Product may connect to third-party tools at Organization direction. Third parties’ privacy practices are governed by their own policies, and Olis is not responsible for those third-party practices. When you connect Olis to third‑party tools (e.g., Slack, Microsoft 365, Google Workspace, ServiceNow), our terms will remain only between Olis and Enterprise. Olis accesses those tools only within the scopes you authorize.

    
    

15. Changes to this Policy. We may update this Policy to reflect operational, legal, or regulatory changes. If we make material changes, we will provide notice (e.g., via the Service or email). Your continued use after an update signifies acceptance of the revised Policy.