Data Privacy Notice

Last updated: September 16th, 2020

Olivia AI, Inc. ("Olivia", "we", "us") provides you with the Olivia mobile software application ("app") and the Olivia website (www.olivia.ai) ("site"). We are committed to protecting and respecting your privacy. This notice details the personal information that we collect from you, how we use that information, and your rights as they pertain to that information. This policy supplements any other fair processing or privacy notice that may be provided to you from time to time and should be read in conjunction with our terms and conditions. Our goal as a company is to help people spend smarter, save more, and reduce their money-related stress — and an essential part of that is upholding the highest degree of transparency when it comes to our users’ personal data.

Olivia AI, Inc. is a company registered in the United States of America and whose address is 7700 Windrose Ave, Suite G300, Plano TX 75024, United States.  Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.


Data Protection Officer (DPO) contactWe have appointed a DPO to oversee our data privacy and protection practice. If you have any questions or concerns about this policy or our privacy practice, you may contact them directly at: dpo@olivia.ai.

Information we collectWe will collect and process the following information about you either from your use of our site and app: 

Information you give us.
This is information about you that you give us by filling in forms on our app or site, interacting with us on the app, or by corresponding with us by email or otherwise and includes information you provide when you register to use our app, sign up to our waitlists, use the services provided by our app or certain third-party services, when you report a problem with our app or submit a complaint. The information you give us includes your name, the nickname to which you would like Olivia to refer to you as, your email address, responses to our interactions with you via our app chat feature, details of any comments you provide to us, your spending habits, spending and saving preferences, financial information, location, and transaction data. Brazilian-based customers may also provide us with their gender.


Information we collect about you.
With regard to each of your visits to our site or app, we may automatically collect the following information:
→ technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, location data, browser type and version, time zone setting, browser plug-in types and versions, GPS data, operating system and platform and cookies, which will be collected in accordance with our cookies policy set out below; and
→ information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our app and site (including date and time), services you viewed or searched for, your conduct via the app and site, and any other app or site activity, including download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Information we receive from third parties.
In order to retrieve your financial data from your financial institution(s), we employ specific third party data providers.
→ If you are a US-based user of the app we use Plaid (plaid.com) and/or Finicity (finicity.com) depending on your financial institution;
→ If you are an EU/UK-based user of the app we use TrueLayer (truelayer.com); and
→ If you are a Brazil-based user of the app we use Salt Edge (saltedge.com) or direct connection to your bank.


Why do we collect your information?We collect your information in order to:

→ provide you with information and services that you request from us;
→ allow you to register for the Olivia BR waitlist or the Olivia US Android waitlist;
→ register and maintain your Olivia account. When you sign up to use our app, we will use the details provided on your account registration form to create and administer your account;
→ provide you with access to the Olivia site and app in a manner convenient and optimal for you and with personalized content relevant to you, including enabling you to create a profile;
→ connect you with third party financial services providers at your request;
→ allow you to participate in interactive features of our app when you choose to do so;
→ provide you with marketing information about other services or products we offer that are similar to those that you have already requested or purchased, or about the services or products you have consented to receiving marketing about;
→ manage our relationship with you, including notifying you about changes to our services and/or products;
→ provide customer support;
→ enable us to interact with you on social media platforms, for example, posting status updates, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts;
→ gather information and insights on how users are using our service in order to deliver improvements and new features;
→ administer our site and app and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
→ deliver (whether directly or indirectly via third parties) effective and personalized marketing material and content of Olivia and where you have consented and to assist us in the improvement and optimization of advertising, marketing material and content, our services and the sites; and
→ comply with our legal obligations, policies, and procedures.


Basis for using your personal informationTo use your personal information, we will rely on three conditions, depending on the activities we are carrying out:

Necessary for the entry into / performance of a contract:
When you agree to our terms and conditions, you enter into a contract with us. In order for us to fulfill our obligations under such contract, we will need to collect and process your personal information. Failure to provide the requisite personal information or objecting to this type of processing/exercising your deletion rights will, unfortunately, mean we cannot provide our services to you. We may also process your personal data in order to connect you with third party service providers at your request and with whom you may enter into a contract.

Legitimate interests:
We (or partners on our behalf) use your personal information to pursue legitimate interests of our own, but this is provided your interests and fundamental rights do not override those interests. By “legitimate interests” we mean our legitimate business interests in:
Delivering customer service and support in relation to our services;
→ Developing and improving our services; and
→ Performing statistical analysis and internal research to understand how our customers use our products and services to provide the best experience possible to you.
We may also pass your personal information to members of our group and other third parties and this is also for our legitimate business interests as covered in the “Sharing your personal information” section below.

Your consent (where we request it):
When we collect your consent, we will explain what we need it for and how you can change your mind in the future. If we process your personal information based on consent, you have the right to withdraw that consent at any time. The opt-out methods will depend on how the consent was collected and will be explained when you give us your consent. We rely on your consent to place certain cookies and further information on this is available in our Cookies Policy which you may access through our website.


Sharing your personal informationWe will only disclose your personal information to:

→ third party financial service providers where you have requested such services;
→ other users in your jurisdiction when you post a comment on our app;
→ companies within our group, i.e. Olivia AI Europe, Ltd and Olivia Desenvolvimento de Software do Brasil Ltda.;
→ our professional advisors (including without limitation tax, legal or other corporate advisors who provide professional services to us);
→ other third party suppliers for marketing purposes (including, without limitation, sending marketing emails) such as MailChimp;
→ other third party suppliers, business partners and subcontractors for business administration, support, processing, services, or IT purposes, such as Intercom;
→ analytics or search engines, that enable us to optimize and improve your app and site experience, such as Instabug, Branch, and Mixpanel;
→ third parties that you approve (including without limitation, social media sites, and third-party payment providers), such as Facebook, Instagram, YouTube and Twitter;
→ our regulators, law enforcement or fraud prevention agencies, as well as our legal advisers, courts, the police, and any other authorized bodies, for the purposes of investigating any actual or suspected criminal activity or other regulatory or legal matters;
→ tax bodies or agencies to comply with our legal and regulatory obligations; and
→ third parties in the event that we consider selling or buying any business or assets, in which case we may disclose your personal information to any prospective sellers or buyers of such business or assets. If Olivia AI, Inc., or any of its subsidiaries, is involved in a merger, acquisition or asset sale, your personal information may be transferred as a business asset. In such cases, we will provide at least 30 days’ notice in writing before your personal information is transferred and/or becomes subject to a different Privacy Policy.


Third-party linksOur app and site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party apps or websites and are not responsible for their privacy statements. We encourage you to read the privacy notice of every app or website you visit.


SecurityThe security of your personal information is important to us, and we strive to implement and maintain appropriate technical and organizational security measures, procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure, such as

→ ensuring the physical security of our offices;
→ ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
→ ensuring the security of our data storage by using suppliers who use industry-standard encryption and physical security measures;
→ conducting ID verification and fraud detection;
→ conducting security and bug testing;
→ maintaining a data protection policy for, and delivering data protection training to, our employees; and
→ limiting access to your personal information to those in Olivia who need to use it in the course of their work.

You are responsible for protecting your account login details and must not share them with, or disclose them to anyone.


CookiesCookies are small text files that may be stored on your computer (or other internet-enabled devices, such as a smartphone or tablet) when you visit a website. They help websites remember information about your visit, like your country, language, and other settings. They can also help make your next visit easier.

Our cookies are required for the operation of our website. They include, for example;

Necessary cookies:
these help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Our website cannot function properly without these cookies.

Preference cookies:
these enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Statistics cookies:
these help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies:
these are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.

For more details on the cookies that we use, take a look at the Cookies Policy on our website. If you do not want to accept cookies, you have the ability to change your browser settings yourself so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of the website. For further information about cookies and how to set your preferences please go to www.aboutcookies.org or www.allaboutcookies.org.


Children's PrivacyOur app and site are not intended for children. We do not knowingly collect personally identifiable information from children under the age of 16. If we become aware that we have collected personal information from a child under the age of 16 without verification of parental consent, we take immediate steps to remove that information from our servers and shut down the account.


How long we keep your information forYour personal information that we collect will be retained by us for as long as needed in order to fulfill the purposes outlined in the ‘Why do we collect your information?’ section above. This means that we will keep your personal information for the duration you hold an account with us. We also keep your personal information for a period of time following the closure of your account. When determining the relevant retention periods, we consider guidelines issued by relevant data protection authorities, as well as the time periods needed to comply with applicable regulations or laws, to meet regulatory and financial reporting obligations, for tax, accounting and audit purposes, and to fulfill and protect our contractual obligations and rights.


Where do we store your information?
→ If you are an EU and/or UK-based user of the Olivia app we store your information on Olivia’s Ireland-based Amazon Web Services environment.
→ If you are a US or Brazil based user of the Olivia app we store your information on Olivia’s US-based Amazon Web Services environment.



THE FOLLOWING SECTION APPLIES TO INDIVIDUALS BASED IN BRAZIL

BR only: Your rights, options and controlsUnder the General Data Protection Act (LGPD) of Brazil, you have rights and guarantees in relation to your personal data. We provide mechanisms, detailed below, so that you have clarity and transparency in the exercise of your rights.

In summary, LGPD guarantees the holder of personal data the following rights:

Description

You have the right to confirm that we have processed your personal data.

You have the right to access your processed personal data.

You have the right to correct your personal data that is incomplete, inaccurate or out of date.

You have the right to ask the company to anonymize, block or delete your data if it proves to be unnecessary or excessive for the purpose of the treatment, or if it is being treated in non-compliance with the LGPD.

You have the right to request the migration of your registered information from one organization to another.

You have the right to request a list of all other agents with whom the company has shared use of your personal data.

Right

Confirmation of the existence of data processing

Access to data

Data correction

Anonymizing, blocking or deleting unnecessary, excessive or treated data in non-compliance with the LGPD

Portability

Sharing data

Information on the possibility of not providing consent

Revocation of consent

You have the right to revoke consent at any time so that we immediately cease to process your data (except if there is another legal basis that justifies the treatment of the same personal data).

Processing opposition

You have the right to object to the processing of data when it is at odds with the LGPD.

Automated decision review

You have the right to request a review of decisions made solely on the basis of automated processing of personal data that affects your interests.

You have the right to know the consequences of refusing to provide consent (eg, rendering services unfeasible).


THE FOLLOWING SECTIONS APPLY TO INDIVIDUALS BASED IN THE EUROPEAN UNION

EU only: International transfers of your personal informationWe may transfer personal information to countries other than the country in which the information was originally collected (for example, outside the UK/European Economic Area ("EEA")) in order to provide you with our services. These countries may not have the same data protection laws as the country in which you initially provided the information and may not provide the same level of protection.

If we transfer personal information to countries outside of the EEA, we may rely on a decision from the European Commission determining that the country provides an adequate level of protection to the Data Protection Laws (for example, we may rely on the EU-US Privacy Shield Framework where the transfer is to a US entity). Alternatively, we may rely on appropriate safeguards in respect of transfers of personal information to a country outside of the EEA, for example, by agreeing on standard contractual clauses adopted by the European Commission.

A copy of the standard contractual clauses is available on the European Commission's website here and for more information about the EU-US Privacy Shield Framework for US companies, please click here.


EU only: Your rightsIndividuals in the EU have a number of rights under data protection law in relation to the way we process your personal information. These are set out below. You may contact us using the details on our site (or by contacting our DPO directly at dpo@olivia.ai) to exercise any of these rights, and we will respond to any request received from you within one month from the date of the request.

Please address any questions, comments, and requests regarding our data processing practices to hello@olivia.ai in the first instance.

Description of right

A right to access personal information held by us about you.

A right to require us to rectify any inaccurate personal information held by us about you.

A right to require us to erase personal information held by us about you. This right will only apply where, for example, we no longer need to use the personal information to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal information based on your consent; or where you object to the way we process your information (in line with Right 6 below).

In certain circumstances, a right to restrict our processing of personal information held by us about you. This right will only apply where, for example, you dispute the accuracy of the personal information held by us; or where you would have the right to require us to erase the personal information but would prefer that our processing is restricted instead; or where we no longer need to use the personal information to achieve the purpose we collected it for, but you require the information for the purposes of dealing with legal claims.

In certain circumstances, a right to receive personal information, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to require us to transfer this personal information to another organization, at your request.

A right to object to our processing of personal information held by us about you (including for the purposes of sending marketing materials to you).

Number

Right 1

Right 2

Right 3

Right 4

Right 5

Right 6

Right 7

A right to withdraw your consent, where we are relying on it to use your personal information (for example, to provide you with marketing information about our services or products).


If you have any concerns regarding our processing of your personal information, or are not satisfied with our handling of any request by you in relation to your rights, you also have the right to make a complaint to the Data Protection Commissioner in Ireland (https://www.dataprotection.ie/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.

Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your app user account even when you have requested not to receive marketing communications.


Changes to This Privacy NoticeThis Privacy Policy is effective as of August 26th, 2020.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us and/or by placing a prominent notice on our app and site. Please check back frequently to see any updates or changes to this policy.