Privacy Policy

OllieSafe Inc. (“OllieSafe”, “we”, “us”) provides workplace-safety operations software. This Privacy Policy covers personal information we collect when you visit olliesafe.com, when you interact with our marketing chat, when you submit a lead via our forms, and when you use the OllieSafe platform under an OllieSafe customer account. Where OllieSafe processes personal information on behalf of a customer (for example, employee incident records inside the platform), that processing is governed by the customer's instructions and the OllieSafe Data Processing Addendum; the customer is the controller and OllieSafe is the processor.

1. Personal information we collect

OllieSafe collects the following categories of personal information on the marketing site and across the platform. Each row below is supported by a corresponding entry on the cookie policy and the sub-processor list.

1.1 Analytics — Google Tag Manager and Google Analytics 4

When the user has opted in to the analytics category via our Consent Management Platform (CMP), OllieSafe loads Google Tag Manager and Google Analytics 4 (GA4). These services set first-party cookies (_ga, _ga_*, _gid) that record:

• A pseudonymous device / browser identifier.
• Page URLs (path and query) and referrer URL within the OllieSafe marketing site.
• IP address (truncated by GA4 per Google's configuration) and user-agent string.
• Custom events fired by OllieSafe (for example, when the user opens the chat widget or submits a form).

When the user has not opted in, Google Consent Mode v2 default is denied across analytics_storage, ad_storage, ad_user_data, and ad_personalization; the GTM container loads but the tags inside it do not set cookies or send measurement beacons. See cookie policy for the full per-cookie inventory.

1.2 Advertising — Google Ads

When (a) the build is configured with a Google Ads conversion ID and (b) the user has opted in to the advertising category via the CMP, OllieSafe loads Google Ads conversion tracking and remarketing. The Google Ads cookies (_gcl_au, _gcl_aw, _gcl_dc) record the click attribution identifiers necessary to measure conversions and, where the user is reached via remarketing audiences, the user context Google uses for those audiences.

OllieSafe honors the Global Privacy Control (GPC) signal: when the user's browser exposes navigator.globalPrivacyControl === true, the advertising category is forced off, gtag is updated to denied across all advertising signals, and the user cannot turn the category on from the CMP banner. This implements the California Attorney General's position(Sephora 2022 settlement, DoorDash 2023 settlement) that failure to honor GPC is a CCPA violation.

1.3 Marketing chat widget

The OllieSafe marketing site ships an AI-powered chat widget. When you send a message:

• We POST your message text, a conversation identifier, the URL of the page you sent it from (pageUrl), and the browser-reported document.referrer to the OllieSafe API.
• We persist the conversation locally in your browser under the ollie-marketing-chat localStorage entry for 24 hours so the conversation survives reloads.
• After a threshold number of questions, the widget prompts you for an email address. If you submit one, we POST it to the lead-capture endpoint described in §1.4 with a channel of chat_qualified so the chat conversation is joinable to the lead record.

The chat is not a human-only conversation: responses are generated by a large language model with the assistance of a retrieval layer over OllieSafe documentation. Conversations may be reviewed by OllieSafe staff in aggregate for quality and safety. Do not submit confidential third-party data or health information via the chat. See §6 (retention) for how long we keep chat records.

1.4 Lead-capture forms

OllieSafe collects lead information when you submit one of the forms on the marketing site (request a demo, contact us, subscribe to the newsletter, chat-qualified email submission). The OllieSafe lead-capture endpoint accepts the following fields:

• firstName, lastName, email (required).
• companyName, phone, fein, naicsCode, city, zip (where you choose to provide them).
• notes, sourceUrl, channel, chatConversationId (system fields used to route, attribute, and join lead records).

We use this information to respond to your inquiry, schedule demos, send the OllieSafe newsletter (if you subscribed), and to evaluate whether you become a customer. We do not sell this information to third parties.

1.5 Site cookies and similar storage

The OllieSafe marketing surface sets a small set of necessary cookies and similar browser storage regardless of consent choices, because the site is unusable without them: the CMP consent record itself (olliesafe_consent), a legacy cross-tab mirror (olliesafe_ads_consent), a theme preference (olliesafe-theme), the chat session continuity record (ollie-marketing-chat), and a chat-FAB teaser marker (ollie-fab-teaser-shown). The complete per-cookie inventory, including category, provider, and retention, lives on the cookie policy page.

1.6 CSRF cookie

When you submit one of the marketing forms, the OllieSafe API sets a CSRF double-submit token (csrf_token) on the API origin to protect the POST request against cross-site request forgery. This is a necessary security cookie under GDPR Recital 49 and is not optional.

1.7 Server / infrastructure log data

Like every public web service, the OllieSafe edge, CDN, and API record connection-level data (timestamp, source IP, HTTP method, request path, response status, user-agent) in short-lived operational logs. We use this data to operate the service, defend against abuse, and meet our security obligations. See §6 for retention.

1.8 Sub-processor data flows

OllieSafe engages a small set of sub-processors to operate the platform: cloud infrastructure, identity, billing, error monitoring, transactional email, and edge / DNS. The complete list with categories of personal information processed, processing location, and our 30-day change-notification commitment is published at /legal/subprocessors.

2. How we use personal information

• Operate and improve the OllieSafe marketing site and the OllieSafe platform.
• Respond to inquiries, schedule demos, and send transactional communications such as account confirmations and billing notices.
• Send marketing emails to subscribers (newsletter) or to opted-in leads, with an unsubscribe link in every send.
• Measure aggregate site performance (where you opt in to analytics).
• Measure marketing performance and reach in-market audiences (where you opt in to advertising).
• Maintain the OllieSafe AI chat surface, including review of de-identified conversation samples for quality and safety.
• Investigate abuse, defend against attacks, and comply with our legal obligations.

3. Lawful basis for processing (GDPR)

For users in scope of the EU GDPR or UK GDPR, OllieSafe relies on the following Article 6 lawful bases:

• Article 6(1)(b) — performance of a contract: when we process information to deliver the OllieSafe service to you or your employer under an order or terms of service.
• Article 6(1)(c) — legal obligation: when we retain records to meet tax, accounting, or other statutory requirements.
• Article 6(1)(f) — legitimate interests: when we operate the marketing site, respond to inbound inquiries, defend against abuse, and conduct first-party measurement that does not require consent (such as necessary cookies). We have balanced these interests against user rights and offer a route to object via privacy@olliesafe.com.
• Article 6(1)(a) — consent: for analytics cookies, advertising cookies, and any direct marketing email where opt-in consent is the applicable basis under local law (e.g. ePrivacy in the EU/EEA). Consent is recorded via the OllieSafe CMP described in §5 and is freely revocable.

4. Sharing

OllieSafe does not sell personal information to third parties. We share personal information only with:

• Sub-processors we engage to operate the service, each bound by data-protection terms no less protective than this Privacy Policy and the OllieSafe DPA. The complete list is at /legal/subprocessors.
• Authorities, when required by valid legal process. We will challenge requests that are overbroad or inconsistent with applicable law and notify the affected customer unless legally prohibited.
• Successor entities, in the event of a merger, acquisition, or sale of substantially all of the OllieSafe business, under continuity-of-protection terms.
• With your consent, in any other case where you have asked us to share information (for example, referral programs).

For CCPA / CPRA purposes, OllieSafe acts as a Service Provider with respect to personal information processed on behalf of a customer (see the DPA, §14 CCPA-specific terms).

5. Cookies and consent

OllieSafe operates an in-house Consent Management Platform (CMP). On your first visit you see a bottom-sheet banner with three choices: Accept all, Reject non-essential, or Customize. Customize opens a dialog with per-category toggles for analytics and advertising. Necessary cookies are always on and cannot be refused; the site does not function without them.

The OllieSafe CMP honors the Global Privacy Control (GPC) signal: when your browser exposes navigator.globalPrivacyControl, the banner stays suppressed, the advertising category is forced off, and the CMP records your preference as { source: "gpc" }. The complete cookie inventory lives at /cookies.

You can change your category choices at any time via the Cookie preferences link in the site footer.

6. Retention

Retention windows below are defensible defaults; they apply unless a customer instruction, legal hold, or local-law requirement extends them. Counsel review pending; treat any window as illustrative until this banner is removed.

• Google Analytics 4: 14 months from the user's last visit (Google's default; reset on each visit).
• Google Ads cookies: 90 days per Google's policy.
• Marketing chat conversations: server-side storage for 90 days from the last message; the browser-side ollie-marketing-chat record expires 24 hours after the last activity.
• Lead-capture submissions: 24 months from the last interaction, after which records are de-identified for analytics or deleted, unless you become a customer (in which case the customer-relationship retention applies).
• Newsletter subscriptions: until you unsubscribe; we keep an unsubscribe record indefinitely so we do not re-add you.
• CSRF cookie: session.
• Operational / security logs: 30-90 days at the edge, longer for security-incident artifacts under a documented retention policy.
• CMP consent record (olliesafe_consent): 13 months per CNIL Délibération n° 2020-091 and EDPB Guidelines 03/2022.

7. Your rights

Subject to applicable law, you have the following rights with respect to your personal information. Where OllieSafe processes information on behalf of a customer, requests should generally be directed to the customer; OllieSafe assists per the DPA.

7.1 EU / UK GDPR (Articles 15-22)

• Access (Art. 15) — confirm whether we process your personal information and receive a copy.
• Rectification (Art. 16) — correct inaccurate or incomplete information.
• Erasure (Art. 17) — delete information subject to the limits in the GDPR.
• Restriction (Art. 18) — restrict processing in certain cases.
• Portability (Art. 20) — receive machine-readable copies of information you provided.
• Objection (Art. 21) — object to processing based on legitimate interests.
• Withdraw consent (Art. 7(3)) — withdraw any consent you previously gave, without affecting the lawfulness of processing before withdrawal.
• Complain to a supervisory authority, including the data protection authority in your EU member state.

To exercise these rights, contact privacy@olliesafe.com. We will respond within the statutory window (generally 30 days under GDPR, extensible by 60 days for complex requests with notice).

7.2 CCPA / CPRA (California)

California residents have additional rights under the CCPA /CPRA, including the right to know, the right to delete, the right to correct, the right to data portability, the right to opt out of sale or sharing of personal information, and the right to limit use of sensitive personal information. We do not sell personal information; we honor the Do Not Sell or Share My Personal Information opt-out via the CMP banner (see §5 above), including by honoring the Global Privacy Control signal. To submit a CCPA request, contact privacy@olliesafe.com; you may also use the Do Not Sell or Share My Personal Information link in the site footer, which re-opens the CMP with the advertising category staged to deny.

7.3 Other US state privacy laws

OllieSafe extends substantially equivalent rights (access, correct, delete, portability, opt out of targeted advertising and profiling) to residents of states with comprehensive privacy laws on the same intake path (privacy@olliesafe.com). State-specific notices required by Colorado, Connecticut,Utah, Virginia, Texas, Oregon, Montana, Iowa, Indiana,Delaware, New Jersey, New Hampshire, and other applicablestates are incorporated by reference until counsel-reviewed state-specific appendices are published; we will surface any state-specific procedures (such as authorized-agent forms) alongside this page.

8. International transfers

OllieSafe processes personal information on infrastructure located in the United States (Google Cloud Platform us-west1). Where information is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States, the transfer relies on the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914, Module 2 controller-to-processor where OllieSafe acts as processor for a customer), the United Kingdom International Data Transfer Addendum, and the Swiss equivalent. The full incorporation, including selections for each clause, is in the OllieSafe DPA Section 13.

9. EU representative

OllieSafe Inc. is established in the United States and does not currently maintain a representative in the European Union or the United Kingdom under GDPR Article 27 / UK GDPR Article 27. We monitor the threshold at which appointment becomes required (occasional offering of goods or services to EU residents, or monitoring of their behaviour). If an appointment becomes required, the appointed representative and contact will be published here in advance. For the interim, EU residents may contact privacy@olliesafe.com directly.

10. Automated decision-making and AI

The OllieSafe marketing chat surfaces responses generated by a large language model. The chat does not make decisions that produce legal effects on you or similarly significantly affect you within the meaning of GDPR Article 22; it answers questions about OllieSafe and the regulatory areas we cover. OllieSafe staff may review de-identified conversation samples for quality and safety. You can avoid the chat surface by simply not opening it.

11. Children

OllieSafe is not directed to children under 16 and we do not knowingly collect personal information from children. If you believe a child has provided personal information to OllieSafe, contact us and we will delete it.

12. Data security

We protect personal information using encryption in transit and at rest, role-based access controls, multi-factor authentication for OllieSafe personnel, tenant isolation via PostgreSQL row-level security, audit logging, and operational security reviews. The full security posture is at /security. The technical and organizational measures incorporated by the DPA are at /legal/dpa Section 8.

13. Internal validation accounts and impersonation

OllieSafe operates a small set of internal validation accounts using @ollielabs.io email addresses. These accounts exist solely so that OllieSafe engineering can exercise new-state launch sequences and pre-release features against the production-tier infrastructure without consuming a real customer's state-launch slot. Internal accounts bypass the public state-readiness gate that limits self-service signup to launched jurisdictions, and they are exempted from our promotional pricing pools. Internal accounts are never used to access customer-tenant data; tenant isolation via PostgreSQL row-level security applies to internal accounts on the same terms as customer accounts.

Separately, OllieSafe maintains a platform-admin impersonation surface that allows authorized OllieSafe personnel to assume a customer-tenant context for support and incident-response purposes. Impersonation is restricted to staff with documented training and a recorded business justification, and every impersonation start, end, and denial event is written to the platform audit trail (core.tbl_platform_audit_log) with the actor's identity, target tenant, and timestamp. The hash-chained regulatory audit trail (core.tbl_audit_log) captures every mutation performed inside an impersonation session under the same evidentiary posture as a customer-initiated action. Customers can request a copy of the audit log entries for their tenant by writing to security@olliesafe.com; the DPA at /legal/dpa Section 6 incorporates this commitment.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date below. Material changes are also flagged at the top of this page for at least 30 days and, where required by law, communicated by email to customers.

15. Contact

• Privacy inquiries and rights requests: privacy@olliesafe.com.
• Security reports: security@olliesafe.com (see also /.well-known/security.txt).
• Legal / contracts: legal@olliesafe.com.
• Postal address — OllieSafe Inc., to be added on counsel-reviewed publication.

Last updated

May 2026.