Who We Are
Olga AI Inc. (“Olga AI”, “we”, “us”, “our”) provides an AI chatbot service that businesses can embed on their websites to answer questions, capture leads, and automate support. This Policy explains how we collect, use, and share personal information as a controller for our own website and services, and as a processor when we handle data on behalf of our business customers (“Customers”).
Scope
- Controller activities: visitors to heyolga.com, prospective customers, account holders, and billing contacts.
- Processor activities: end‑users who interact with our Customers’ chatbots powered by Olga AI. For these, our Data Processing Agreement applies and the Customer is the controller.
Information We Collect
- Account & Contact: name, email, company, role.
- Billing: payment method, billing address, tax IDs (processed by Stripe on our behalf).
- Service Usage: logs, device and browser info, IP address, timestamps, pages/features used.
- Chat Content: messages exchanged with Olga on Customers’ sites (processed as a processor; content belongs to the Customer).
- Support: emails and messages you send to us.
- Cookies/Similar Tech: to keep you logged in, remember preferences, and measure performance.
How We Use Information
- Provide, maintain, and secure the service.
- Authenticate users and manage accounts.
- Process payments and invoices.
- Provide support and communicate about changes.
- Analyze and improve performance and features.
- Comply with legal obligations and enforce our Terms.
Legal bases (GDPR/UK GDPR): contract (performance/provision of services), legitimate interests (service improvement, security, fraud prevention), consent (where required, e.g., certain cookies/marketing), and legal obligation.
How We Share Information
- Service Providers/Sub‑processors: hosting/CDN and serverless (Netlify, incl. Identity/GoTrue), payment processing (Stripe), email/support tools, and other infrastructure providers. See the “Sub‑processors” list in the DPA.
- Compliance & Safety: to comply with law or protect rights, privacy, safety, or property.
- Business Transfers: in connection with a merger, acquisition, or sale of assets.
We do not sell personal information (as defined by CCPA/CPRA), nor do we use Customer Data to train foundation models unrelated to that Customer’s use.
International Transfers
We may transfer data internationally where our providers operate. When we do, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and equivalent mechanisms, and we require our providers to implement adequate protections.
Retention
We retain personal data for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Customers control retention of their chatbot content; on termination or request, we delete or return Customer Data per the DPA.
Security
We use technical and organizational measures including encryption in transit and at rest, access controls and least‑privilege roles, secret management, multi‑factor authentication for administrative access, logging and monitoring, and regular backups. See Annex II of the DPA for details.
Your Privacy Rights
Depending on your region (e.g., EU/UK/EEA, California, Canada), you may have rights to access, correct, delete, restrict, object to processing, portability, and to opt out of certain disclosures. To exercise rights regarding data we control, contact us at support@heyolga.com. For data processed on behalf of a Customer, contact that Customer (the controller).
CCPA/CPRA: we do not “sell” or “share” personal information for cross‑context behavioral advertising. We honor requests to know, delete, and correct, and we limit use of any sensitive personal information.
Children
Our services are not directed to children under 13 (or 16 where applicable). We do not knowingly collect personal information from children.
Changes
We may update this Policy from time to time. If we make material changes, we’ll notify you via the service or by email.
This policy is provided for informational purposes and should be reviewed by legal counsel before production use.