Speak with us

Olis Privacy Policy

Effective as of September 1, 2025

Welcome to Olis, the very first ambient memory layer that runs privately inside your company’s environment. Protecting privacy is fundamental to how we work. This Privacy Policy explains what we collect, what we don’t, how we use information, and the choices you have. We do not hold any customer data, or use Customer Content to train Olis or any third‑party AI models. Olis offers 100% privacy through on‑prem or private cloud deployment so data stays within your environment. We collect only the product's health metrics to understand what’s needed to deliver the service, secure the system, and meet legal obligations. Client control retention. For enterprise deployments, retention and deletion follow your instructions and policies. We do not sell Personal Information or share it for targeted advertising.

Olis AI, LLC ("Olis," "we," "our") provides enterprise software and related websites, browser extensions, and support services (collectively, the “Services”).

Scope

This Policy covers Marketing Sites (e.g., olis.ai and subdomains), where Olis acts as controller/business, Product (the Olis enterprise extension, app, and back‑end components deployed in a customer‑controlled environment), where Olis acts as processor/service provider for Customer Content, and Support Interactions (e.g., emails, tickets, and diagnostic logs you share with us), where Olis acts as controller/business.

If you access Olis via your employer or another organization (an “Organization”), that Organization controls Customer Content and related settings. Our processing of Customer Content is governed by the Data Processing Addendum (DPA) with your Organization.
Key definitions

Customer Content: Data, documents, files, messages, prompts, outputs, and metadata processed by the Product inside your Organization’s tenant at your Organization’s direction.

Service Data: Limited operational data about how the Product functions (e.g., license status, version, performance metrics, audit events, role decisions) used to operate, secure, and support the Services.

Personal Information / Personal Data: Information that identifies or can reasonably be linked to an individual.

Marketing Data: Contact details and analytics collected on our Marketing Sites (e.g., form submissions, page views) separate from Customer Content.
Information we collect

On our Marketing Sites (controller/business)
• Identifiers & contact info: name, email, phone, company, job title, and your communications with us.
• Usage & device info: IP address, browser/OS, pages viewed, timestamps, referral pages, and coarse location (derived from IP).
• Cookies & similar tech: We use strictly necessary cookies and first‑party analytics. We do not use third‑party ad tech that repurposes your data for its own advertising.

In the Olis Product (processor/service provider)
• Customer Content: Only what your Organization allows via admin‑configured integrations (e.g., Slack, Microsoft 365/Google Workspace, SharePoint/Drive, Confluence, ServiceNow) and only per the scopes your administrators enable.
• Service Data (minimal): Runtime and security signals (extension/app version, feature toggles, error logs, performance counters), identity and RBAC decisions, audit events, and integration health. Where feasible, these data are pseudonymized or de‑identified and retained in your tenant.
• No keylogging, no password capture: Olis does not record keystrokes generally, and it automatically avoids fields labeled as passwords, payment cards, or other sensitive secrets.

Support Interactions (controller/business)
• If you share diagnostic logs, screenshots, or sample files with Olis Support, we process them solely to troubleshoot and resolve your request. Use secure channels and avoid including unnecessary sensitive data.
How we use information

We use Personal Information to:
• Provide and maintain the Services: authenticate users; respect RBAC and permissions; surface verified knowledge inline; deliver updates; and provide support.
• Security and abuse prevention: protect accounts and infrastructure; monitor for misuse; investigate incidents; maintain audit trails.
• Reliability and quality: measure uptime, performance, and error rates; improve resilience and user experience.
• Communications: respond to inquiries, send service notices, onboarding tips, and transactional emails. We do not use Customer Content for marketing.
• Legal compliance: meet regulatory, tax, and audit obligations; enforce agreements.

Research & improvements (Product): We analyze Service Data to enhance performance and safety. We do not use Customer Content to train models unless your Organization provides an explicit, written opt‑in in the DPA or a separate signed agreement.
What we don’t do

• No sale or “sharing” for cross‑context behavioral advertising.
• No training on Customer Content by default. Any third‑party model providers used for runtime inference are contractually prohibited from training on your data.
• No scraping or copying beyond scope. Olis only accesses sources and scopes your administrators enable and only returns results the signed‑in user is permitted to see.
Disclosure of information

We disclose information only as Service providers (processors/sub‑processors): Infrastructure, security, QA, email delivery, and support tooling—bound by confidentiality and data‑protection terms. A current list of sub‑processors is available on our Trust page or on request, Organization & administrators: In enterprise deployments, your Organization controls Customer Content and may receive audit logs and usage reports. Legal & safety: To comply with law, enforce agreements, or protect rights, safety, and the integrity of the Services. Business transfers: In a merger, acquisition, or corporate reorganization, data may transfer subject to existing contractual protections. With consent: When you direct us to share data.

We do not grant sub‑processors the right to use Customer Content for their own purposes or to train their models.
Roles and responsibilities

For Customer Content in enterprise deployments, the Organization is the controller and Olis is the processor/service provider under the DPA. For Marketing Data and Support Interactions, Olis is the controller/business. If you want to exercise rights regarding Customer Content, contact your Organization’s admin; we will assist them under the DPA.
Legal bases (EEA/UK/Switzerland)

When applicable privacy laws (e.g., GDPR/UK GDPR) apply, we process data on the following bases:
• Contractual necessity: To provide, maintain, and secure the Services.
• Legitimate interests: To improve reliability and security, prevent abuse, and communicate about the Services (balanced against your rights).
• Consent: Where required (e.g., non‑essential cookies on Marketing Sites). You may withdraw consent at any time.
• Legal obligations: To comply with applicable laws and requests from competent authorities.
International transfers

Customer Content is processed within your Organization’s chosen region/tenant wherever feasible. Where Olis processes Marketing Data or Support Interactions outside your country, we rely on appropriate safeguards (e.g., EU Standard Contractual Clauses with UK Addendum) and implement technical and organizational measures to protect data. If we self‑certify to frameworks such as the EU‑U.S. Data Privacy Framework, we will update this Policy and our Trust page.
Security

We maintain administrative, technical, and organizational measures designed to protect information, including:
• Tenant‑level isolation and permissioned retrieval aligned to your identity provider
• Encryption in transit and at rest (for components we operate)
• Least‑privilege access controls with audited admin actions
• Secure development lifecycle and vulnerability management
• Incident response and customer notification processes
• No system is perfectly secure. Report issues to security@olis.ai (responsible disclosure encouraged).
Retention

Customer Content: Retained according to your Organization’s configuration and instructions. On termination or request, we delete or return Customer Content consistent with the DPA.

Service Data: Retained only as long as needed for security, audit, troubleshooting, and legal obligations, then deleted or de‑identified.

Marketing Data & Support Interactions: Retained for the period needed to fulfill the purposes outlined here and comply with legal obligations.
Your rights and choices

Depending on your location, you may have rights to access, correct, delete, port, or object to certain processing of your Personal Information.
• Customer Content: Contact your Organization administrator; Olis will support their request under the DPA.
• Marketing Data / Support Interactions: Email privacy@olis.ai with your request. We may verify identity and residency before acting.

Cookies & tracking (Marketing Sites): Control cookies via your browser and our site banner (where required). We honor Global Privacy Control (GPC) signals where legally required.

Marketing communications: You can opt out of non‑transactional emails at any time via the unsubscribe link or by contacting us.
U.S. state privacy disclosures (e.g., CA/VA/CO/CT/UT/TX and others)

We do not sell Personal Information and do not share Personal Information for cross‑context behavioral advertising. Categories collected (past 12 months): identifiers (name, email), commercial information (subscription/billing data), internet/electronic activity (site telemetry), and limited inferences (approximate location from IP). Sensitive data is processed only as necessary to provide the Services or with consent.

• Purposes: provide and secure the Services, support, first‑party analytics, and legal compliance.
• Recipients: your Organization (enterprise accounts), service providers/sub‑processors, and lawful authorities.
• Retention: as described in Section 11.
• Rights: access/know, correct, delete, portability, and non‑discrimination. To exercise: privacy@olis.ai or available in‑product mechanisms. We verify requests and honor authorized‑agent submissions as required by law.
Children

Our Services are not directed to children under 13, and we do not knowingly collect Personal Information from them. If you believe a child has provided Personal Information, contact privacy@olis.ai and we will take appropriate action.
Third‑party services and links
When you connect Olis to third‑party tools (e.g., Slack, Microsoft 365, Google Workspace, ServiceNow), our terms will remain only between Olis and Enterprise. Olis accesses those tools only within the scopes you authorize.
Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. If we make material changes, we will provide notice (e.g., via the Service or email). Your continued use after an update signifies acceptance of the revised Policy.
Contact us: contact@olis.ai
Postal: Olis AI, LLC, California, USA (mailing address available upon request)
If you are in the EEA/UK/Switzerland, you have the right to lodge a complaint with your local supervisory authority. We will cooperate with regulators and your Organization to resolve complaints.
At‑a‑glance summary (not a substitute for the full Policy)
Controller vs. Processor: For enterprise deployments, your Organization is controller of Customer Content; Olis is processor. Training: No model training on Customer Content unless your Organization signs an explicit opt‑in. Advertising: No sale or sharing for cross‑context behavioral ads. Region: Data processed in your tenant; cross‑border transfers for controller activities use appropriate safeguards. Choices: Request access/deletion/correction; manage cookies; unsubscribe from marketing.

Olis Privacy Policy

Effective as of September 1, 2025

Scope

If you access Olis via your employer or another organization (an “Organization”), that Organization controls Customer Content and related settings. Our processing of Customer Content is governed by the Data Processing Addendum (DPA) with your Organization.

Key definitions

Customer Content: Data, documents, files, messages, prompts, outputs, and metadata processed by the Product inside your Organization’s tenant at your Organization’s direction.

Service Data: Limited operational data about how the Product functions (e.g., license status, version, performance metrics, audit events, role decisions) used to operate, secure, and support the Services.

Personal Information / Personal Data: Information that identifies or can reasonably be linked to an individual.

Marketing Data: Contact details and analytics collected on our Marketing Sites (e.g., form submissions, page views) separate from Customer Content.

Information we collect

On our Marketing Sites (controller/business)• Identifiers & contact info: name, email, phone, company, job title, and your communications with us.• Usage & device info: IP address, browser/OS, pages viewed, timestamps, referral pages, and coarse location (derived from IP).

• Cookies & similar tech: We use strictly necessary cookies and first‑party analytics. We do not use third‑party ad tech that repurposes your data for its own advertising.

In the Olis Product (processor/service provider)

• Customer Content: Only what your Organization allows via admin‑configured integrations (e.g., Slack, Microsoft 365/Google Workspace, SharePoint/Drive, Confluence, ServiceNow) and only per the scopes your administrators enable.

• Service Data (minimal): Runtime and security signals (extension/app version, feature toggles, error logs, performance counters), identity and RBAC decisions, audit events, and integration health. Where feasible, these data are pseudonymized or de‑identified and retained in your tenant.

• No keylogging, no password capture: Olis does not record keystrokes generally, and it automatically avoids fields labeled as passwords, payment cards, or other sensitive secrets.

Support Interactions (controller/business)• If you share diagnostic logs, screenshots, or sample files with Olis Support, we process them solely to troubleshoot and resolve your request. Use secure channels and avoid including unnecessary sensitive data.

How we use information

We use Personal Information to:

• Provide and maintain the Services: authenticate users; respect RBAC and permissions; surface verified knowledge inline; deliver updates; and provide support.

• Security and abuse prevention: protect accounts and infrastructure; monitor for misuse; investigate incidents; maintain audit trails.

• Reliability and quality: measure uptime, performance, and error rates; improve resilience and user experience.

• Communications: respond to inquiries, send service notices, onboarding tips, and transactional emails. We do not use Customer Content for marketing.

• Legal compliance: meet regulatory, tax, and audit obligations; enforce agreements.

Research & improvements (Product): We analyze Service Data to enhance performance and safety. We do not use Customer Content to train models unless your Organization provides an explicit, written opt‑in in the DPA or a separate signed agreement.

What we don’t do

• No sale or “sharing” for cross‑context behavioral advertising.

• No training on Customer Content by default. Any third‑party model providers used for runtime inference are contractually prohibited from training on your data.

• No scraping or copying beyond scope. Olis only accesses sources and scopes your administrators enable and only returns results the signed‑in user is permitted to see.

Disclosure of information

Legal bases (EEA/UK/Switzerland)

When applicable privacy laws (e.g., GDPR/UK GDPR) apply, we process data on the following bases:

• Contractual necessity: To provide, maintain, and secure the Services.

• Legitimate interests: To improve reliability and security, prevent abuse, and communicate about the Services (balanced against your rights).

• Consent: Where required (e.g., non‑essential cookies on Marketing Sites). You may withdraw consent at any time.

• Legal obligations: To comply with applicable laws and requests from competent authorities.

International transfers

Security

We maintain administrative, technical, and organizational measures designed to protect information, including:

• Tenant‑level isolation and permissioned retrieval aligned to your identity provider

• Encryption in transit and at rest (for components we operate)

• Least‑privilege access controls with audited admin actions

• Secure development lifecycle and vulnerability management

• Incident response and customer notification processes

• No system is perfectly secure. Report issues to security@olis.ai (responsible disclosure encouraged).

Retention

Customer Content: Retained according to your Organization’s configuration and instructions. On termination or request, we delete or return Customer Content consistent with the DPA.

Service Data: Retained only as long as needed for security, audit, troubleshooting, and legal obligations, then deleted or de‑identified.

Marketing Data & Support Interactions: Retained for the period needed to fulfill the purposes outlined here and comply with legal obligations.

Your rights and choices

Depending on your location, you may have rights to access, correct, delete, port, or object to certain processing of your Personal Information.

• Customer Content: Contact your Organization administrator; Olis will support their request under the DPA.

• Marketing Data / Support Interactions: Email privacy@olis.ai with your request. We may verify identity and residency before acting.

Cookies & tracking (Marketing Sites): Control cookies via your browser and our site banner (where required). We honor Global Privacy Control (GPC) signals where legally required.

Marketing communications: You can opt out of non‑transactional emails at any time via the unsubscribe link or by contacting us.

U.S. state privacy disclosures (e.g., CA/VA/CO/CT/UT/TX and others)

• Purposes: provide and secure the Services, support, first‑party analytics, and legal compliance.

• Recipients: your Organization (enterprise accounts), service providers/sub‑processors, and lawful authorities.

• Retention: as described in Section 11.

• Rights: access/know, correct, delete, portability, and non‑discrimination. To exercise: privacy@olis.ai or available in‑product mechanisms. We verify requests and honor authorized‑agent submissions as required by law.

Children

Our Services are not directed to children under 13, and we do not knowingly collect Personal Information from them. If you believe a child has provided Personal Information, contact privacy@olis.ai and we will take appropriate action.

Third‑party services and links

When you connect Olis to third‑party tools (e.g., Slack, Microsoft 365, Google Workspace, ServiceNow), our terms will remain only between Olis and Enterprise. Olis accesses those tools only within the scopes you authorize.

Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. If we make material changes, we will provide notice (e.g., via the Service or email). Your continued use after an update signifies acceptance of the revised Policy.

Contact us: contact@olis.ai

Postal: Olis AI, LLC, California, USA (mailing address available upon request)

If you are in the EEA/UK/Switzerland, you have the right to lodge a complaint with your local supervisory authority. We will cooperate with regulators and your Organization to resolve complaints.

At‑a‑glance summary (not a substitute for the full Policy)

On our Marketing Sites (controller/business)
• Identifiers & contact info: name, email, phone, company, job title, and your communications with us.
• Usage & device info: IP address, browser/OS, pages viewed, timestamps, referral pages, and coarse location (derived from IP).

Support Interactions (controller/business)
• If you share diagnostic logs, screenshots, or sample files with Olis Support, we process them solely to troubleshoot and resolve your request. Use secure channels and avoid including unnecessary sensitive data.