Privacy Policy

Olivia Teams ("we", "us", or "our") operates the Olivia platform (the "Service"), an AI-assisted productivity platform designed for insurance professionals. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) of the Laws of Hong Kong ("PDPO"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

We collect and process the following categories of personal data when you register for and use the Service:

Under Data Protection Principle 1 of the PDPO, personal data shall be collected for a lawful purpose directly related to a function or activity of the data user. We process your personal data on the following grounds:

• Performance of contract — to provide, maintain, and deliver the Service as agreed in our Terms of Service
• Legitimate business interests — to improve our products, ensure platform security, and prevent fraud
• Compliance with legal obligations — to meet regulatory requirements under Hong Kong law
• Consent — where we specifically request and obtain your consent for a particular processing activity, such as direct marketing

Unlike the EU General Data Protection Regulation (GDPR), the PDPO does not prescribe specific legal bases for processing. However, we adopt these principles as best practice to ensure transparent and accountable data handling.

We use the personal data we collect for the following purposes:

• To provide, operate, and maintain the Service, including AI-powered features
• To authenticate your identity and secure your account
• To process transactions and manage your subscription
• To generate AI-assisted proposals, summaries, and recommendations based on your inputs
• To deliver personalised daily briefings, prospect leads, and client insights
• To send service-related notifications, updates, and technical alerts
• To detect, prevent, and address fraud, abuse, and security incidents
• To comply with applicable legal and regulatory obligations
• To generate anonymised, aggregated analytics to improve product quality and performance

The Service uses artificial intelligence and machine learning technologies to process your inputs and generate content such as proposals, risk analyses, client summaries, and prospect recommendations. When you use these features, your prompts and relevant contextual data are processed by our AI systems to produce outputs tailored to your request.

AI-generated content is provided for informational and productivity purposes only. It does not constitute professional insurance advice, financial advice, or legal advice. You are solely responsible for reviewing, verifying, and approving all AI-generated content before using it in any professional capacity or sharing it with clients.

Olivia Teams may use anonymised and aggregated interaction data to improve and refine our AI models and algorithms. Individual user data and client records are never used to train models that serve other users. Your professional data remains isolated within your account.

You may opt out of contributing anonymised interaction data to model improvement at any time by contacting us at privacy@olivia-agent.com or through your account settings. Opting out will not affect your ability to use the Service.

We implement strict access controls and data segregation measures to ensure that AI processing does not result in unintended disclosure of your data to other users or third parties.

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls limiting data access to authorised personnel only
• Regular security audits and vulnerability assessments
• Secure cloud infrastructure hosted in reputable data centres
• Automated monitoring for suspicious activity and potential breaches
• Incident response procedures to promptly address any data security events

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, or as required by law:

• Account and identity data — retained for the duration of your active account, plus 90 days after account deletion to facilitate recovery requests
• Professional data (client records, proposals, notes) — retained for the duration of your active account and permanently deleted within 30 days of account deletion, unless otherwise required by law
• Usage and device data — retained for up to 24 months for analytics and security purposes
• AI interaction data — retained for up to 12 months for service improvement, unless you opt out of model training
• Financial and billing records — retained for 7 years in compliance with Hong Kong tax and accounting obligations

We may share your personal data with the following categories of trusted third parties, solely for the purposes described in this Policy:

• Cloud infrastructure and hosting providers — to store and serve your data securely
• AI model and language processing providers — to power the AI features of the Service
• Payment processors — to process subscription payments and billing
• Analytics providers — to help us understand usage patterns and improve the Service (using anonymised data only)
• Professional advisors — including legal, accounting, and compliance advisors as necessary
• Law enforcement or regulatory authorities — only when required by applicable Hong Kong law or valid legal process

We do not sell, rent, or trade your personal data to any third party for their own marketing or commercial purposes. All third-party service providers are bound by contractual confidentiality obligations and data protection requirements.

Your data may be transferred to and processed in jurisdictions outside of Hong Kong, including but not limited to jurisdictions where our cloud infrastructure providers and AI model providers operate. In accordance with Data Protection Principle 9 of the PDPO, we take reasonable steps to ensure that any overseas recipients provide a level of data protection comparable to that under Hong Kong law. These steps include entering into contractual data protection agreements with all overseas sub-processors. By using the Service, you consent to such cross-border transfers subject to the safeguards described herein.

We use the following categories of cookies and similar tracking technologies:

• Essential cookies — required for the Service to function properly, including session management and authentication. These cannot be disabled.
• Functional cookies — used to remember your preferences, language settings, and customisation choices to enhance your experience.
• Analytics cookies — used to collect anonymised information about how the Service is used, helping us improve performance and usability. You may opt out of analytics cookies through your browser settings.

Under the Personal Data (Privacy) Ordinance, you have the following rights in relation to your personal data:

• Right of access — You may submit a Data Access Request under Section 18 of the PDPO to obtain a copy of the personal data we hold about you.
• Right of correction — You may submit a Data Correction Request under Section 22 of the PDPO to have any inaccurate personal data corrected.
• Right to opt out of direct marketing — Under Section 35C of the PDPO, you may at any time require us to cease using your personal data for direct marketing purposes.
• Right to withdraw consent — Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please submit a written request to privacy@olivia-agent.com or to our postal address below. We will respond to your request within 40 days as required by the PDPO. We may need to verify your identity before processing your request. A reasonable fee may be charged for Data Access Requests in accordance with the PDPO.

If you believe that we have not handled your personal data in compliance with the PDPO, you have the right to lodge a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong.

In compliance with Part VIA of the PDPO, we will not use your personal data for direct marketing purposes without your prior consent. If you have given consent, you may opt out at any time by clicking the "unsubscribe" link in any marketing communication, adjusting your notification preferences in your account settings, or contacting us at privacy@olivia-agent.com. We will not provide your personal data to third parties for their own direct marketing purposes without your separate, express written consent.

The Service is designed for professional use by licensed insurance practitioners and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from an individual under 18, we will take immediate steps to delete such data.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory obligations. We will notify you of any material changes by email or through a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms.

If you have any questions about this Privacy Policy, wish to exercise your data rights, or would like to submit a Data Access Request or Data Correction Request, please contact us at:

privacy@olivia-agent.com

Olivia Teams, Hong Kong