Privacy Policy
Effective date: 14 October 2025
1. Introduction
This Privacy Policy describes how Ask Ollo Limited ("Ask Ollo", "we", "us", or "our") collects, uses, stores, and protects personal information when you use our Services. The policy applies to all services provided by ollo and affiliates, including askollo.com and related domains.
This notice complies with the European Union General Data Protection Regulation 2016/679 (GDPR) and UK data protection laws.
Ask Ollo Limited · Techspace, 140 Goswell Road, London EC1V 7DY, United Kingdom · Company number: 13108676 · privacy@askollo.com
Users must be at least 18 years old. We do not knowingly collect information from individuals under 18.
2. Definitions
Services: AI-powered platform enabling users and organisations to connect, search, and interact with data sources using artificial intelligence, including AI agents and agentic workflows.
Personal Data: Any information relating to an identified or identifiable natural person.
Connected Data Source: Third-party systems (Google, Slack, Notion, etc.) connected via OAuth, service account, or API key.
Created Data: Content created or stored by the Service at user direction, including uploads, synced copies, saved prompts, AI-generated outputs, and agent artifacts.
Federated Search: Real-time querying of Connected Data Sources where source content is not persistently copied or indexed by ollo.
Processing: Any operation performed on personal data, such as collection, storage, use, or disclosure.
3. Information We Collect
3.1 Personal Data — Registration and use of Services may result in collection of: account information (name, email, contact details, company name, job title, department); authentication information (login credentials, OAuth tokens); business information (company size, organisational structure); and professional information (qualifications, work activities, areas of expertise).
3.2 Usage Data — Information about how you engage with Services: queries entered, content viewed, features used, actions taken, usage frequency; AI agent configurations, actions performed, prompts submitted, and outputs generated; connected data source details and sync preferences; and service response times, error logs, and performance metrics.
3.3 Device and Technical Data — Device type, device ID, operating system, browser type and version; IP address, connection type, and location data (GPS or inferred from IP); and access logs including date/time, pages visited, and referring URLs.
3.4 Data from Connected Sources — OAuth tokens, metadata (file names, folder structures, timestamps, authors, permissions), and search results from Connected Data Sources. For Federated Search, source content is not persistently stored by ollo — only search results and metadata are retained as Created Data.
3.5 Communications — Support inquiries, feedback, ratings, survey responses, and responses to marketing communications.
3.6 Payment Information — Billing name and address; payment details are processed by Stripe and we do not store complete card details.
3.7 Cookies and similar tracking technologies — see Section 8.
4. How We Collect Information
4.1 Directly from you — when you register, connect data sources via OAuth, use the Services, configure AI agents, contact support, or subscribe to marketing communications.
4.2 Automatically — through cookies and analytics (Google Analytics), service logs, and Agent Action Logs (automatically recorded, retained for 90 days).
4.3 From third-party services — OAuth providers (Google, Microsoft, Slack, Notion), payment processors (Stripe), social media platforms, and analytics providers.
4.4 From Connected Data Sources — through Federated Search and synced connections, including metadata, search results, and synced content if enabled.
5. How We Use Your Personal Data
5.1 To provide and improve our Services — authenticating users, providing AI search capabilities, executing AI agent actions, storing and indexing Created Data, processing queries, and improving performance and reliability. Legal basis: performance of contract, legitimate interests.
5.2 Federated Search and Syncing — For Federated Search, source content is NOT persistently stored by ollo; only search results and metadata are retained. For synced content (opt-in), data is encrypted at rest, stored in your selected region (EU, UK, or US), and you control retention and re-index frequency. Legal basis: performance of contract, consent (for syncing).
5.3 AI Model Training — ollo does NOT use your Inputs, Outputs, Created Data, or content from Connected Data Sources to train, fine-tune, or improve foundation models. Data is not incorporated into AI training datasets or used to improve models for other users. We use only de-identified operational telemetry to maintain service quality and security. Legal basis: legitimate interests.
5.4 Security and Compliance — monitoring and maintaining security, detecting and preventing fraud and abuse, complying with legal obligations, enforcing Terms of Service, and investigating security incidents. Legal basis: legal obligation, legitimate interests.
5.5 Communications — service notifications, support responses, newsletters and marketing (with consent), and updates about new features and events. Legal basis: performance of contract (service notifications), consent (marketing), legitimate interests. You can unsubscribe from marketing emails at any time by clicking the unsubscribe link or emailing privacy@askollo.com.
5.6 Analytics and Business Operations — understanding engagement, analysing usage patterns, improving user experience, and generating aggregated anonymised statistics. Legal basis: legitimate interests.
5.7 Agent Action Logs contain: actor (who initiated the agent), prompt summary/hash, target service, action type, parameters (redacted where sensitive), timestamps, status, and error codes. Retained for 90 days and exportable by administrators. Legal basis: performance of contract, legitimate interests.
6. Data Storage and Retention
6.1 Storage Locations — Created Data is stored in your selected region at onboarding (EU, UK, or US), encrypted at rest. We will not move data out of your selected region without notice, except for emergency continuity with equivalent protections. For Federated Search, data remains in the original Connected Data Sources.
6.2 Retention Periods:
Created Data: retained while your account is active; automatically deleted after 90 days of inactivity; deleted within 90 days of account termination unless legal retention is required. You may request deletion at any time by contacting legal@askollo.com.
Agent Action Logs: 90 days, exportable by administrators.
Account Information: retained while active; deleted within 90 days of termination unless legally required.
Marketing Consent Records: 6 years after consent withdrawal.
Support Communications: as long as necessary to resolve inquiries.
Payment Records: as required by tax and accounting law (typically 6–7 years).
Legal Holds: data may be retained longer if required by law or to establish, exercise, or defend legal claims.
7. Data Sharing and Disclosure
7.1 We share your data with:
Service Providers and Subprocessors — payment processors (Stripe), cloud infrastructure providers (in your selected region), AI model providers, analytics providers (Google Analytics), and communication tools. A current subprocessor list is available on request at legal@askollo.com.
Your Organisation — if you use the Services through an employer or organisation, administrators may view service usage and Created Data. We hold legally binding agreements with enterprise clients.
Law Enforcement and Regulators — where required by law or legal process, or to protect the rights, property, or safety of ollo or others.
Business Transfers — in connection with mergers, acquisitions, or asset sales, with appropriate protections.
7.2 Connected Data Sources — those services are governed by their own terms and privacy policies; ollo does not control their data handling practices.
7.3 International Transfers — where data is transferred outside the UK/EU, we implement appropriate safeguards (Standard Contractual Clauses, adequacy decisions). Created Data remains in your selected region.
7.4 We do NOT: sell personal data to third parties; share data with advertisers; use data to train AI models for other customers; or publicly display queries or service usage.
8. Cookies and Tracking Technologies
8.1 Types of Cookies:
Strictly Necessary — enable essential features like secure login and site navigation; cannot be disabled without affecting functionality.
Performance — Google Analytics and similar tools collect anonymised data about site usage to help us improve the Services.
Functional — remember preferences and settings for personalised features.
Marketing/Tracking — used for remarketing (Google Ads, LinkedIn Ads). We do NOT collect identifiable information through remarketing.
8.2 Managing Cookies — you can control cookies through our cookie preferences tool, your browser settings, or opt-out links for specific services. Blocking certain cookies may affect site functionality.
8.3 Analytics — Google Analytics is used to understand user behaviour. Important: we do NOT use Google Workspace APIs to train, develop, or improve generalised AI/ML models.
9. Your Privacy Rights
Under GDPR and UK data protection law, you have the right to:
Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure ("Right to be Forgotten") — request deletion of your personal data, subject to legal retention requirements.
Restrict Processing — request limitation on how we use your data.
Data Portability — receive your data in a structured, machine-readable format.
Object — object to processing based on legitimate interests, including direct marketing.
Withdraw Consent — where processing is based on consent, you may withdraw it at any time.
Protection from Automated Decision-Making — protection against decisions based solely on automated processing.
To exercise these rights, contact us at privacy@askollo.com or write to Ask Ollo Ltd, Techspace, 140 Goswell Road, London EC1V 7DY. Please provide sufficient information to identify yourself. We will respond within one month of receiving your request.
10. Data Security
10.1 Security Measures — we implement appropriate technical and organisational measures including: encryption at rest and in transit; role-based access controls and authentication; firewalls, intrusion detection, and secure infrastructure; regular security assessments and vulnerability testing; and privacy and security training for all personnel.
10.2 Your Responsibilities — keep your password secure and confidential, do not share account credentials, log out when finished on shared devices, and contact us immediately if you suspect unauthorised access.
10.3 Data Breach Notification — in the event of a Security Incident affecting Personal Data, we will notify you without undue delay and within 72 hours of confirming the incident. Notification will include the nature of the breach, data affected, and remedial steps. Relevant supervisory authorities will also be notified as required by law.
11. Third-Party Services and Links
The Services may contain links to third-party websites and integrate with third-party services. This Privacy Policy does not apply to those third parties. We are not responsible for the privacy practices of third-party services, the content or security of third-party websites, or data handling by Connected Data Sources. We encourage you to review the privacy policies of any third-party services you use.
12. Children's Privacy
The Services are intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we discover we have collected data from someone under 18, we will delete it promptly. If you believe we have collected information from someone under 18, please contact privacy@askollo.com.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If changes are material, we will notify you through: email to your registered address, an in-product notification, or a prominent notice on the website. Continued use of the Services after changes constitutes acceptance of the updated policy.
14. Contact Us and Complaints
For questions about this Privacy Policy or our data practices:
Email: privacy@askollo.com Mail: Ask Ollo Ltd, Techspace, 140 Goswell Road, London EC1V 7DY, United Kingdom
If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk · Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF · 0303 123 1113
15. Data Processing Addendum
For enterprise customers processing personal data through the Services, a separate Data Processing Addendum (DPA) may apply. The DPA includes Standard Contractual Clauses for international transfers, subprocessor lists and approval mechanisms, security and breach notification obligations, and data subject rights assistance. Contact legal@askollo.com to request or execute a DPA.
Effective Date: 14 October 2025