Skip to content
Legal

Privacy Policy

Last updated: 28 February 2026

1. Introduction

Olimey AI (“the Company”, “we”, “us”, “our”) is committed to protecting the privacy and security of personal data processed through the Olimey AI platform (“the Platform”). This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.

2. Data Controller

Olimey AI is the data controller for personal data processed through the Platform. For data protection enquiries, please contact our Data Protection Officer at: dpo@olimey.ai.

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Full name, email address, position, and firm name provided during registration.
  • Authentication credentials (passwords are stored in hashed form and are never accessible in plaintext).
  • Role and permission assignments within the Platform.

3.2 Professional Activity Data

  • Case information including property addresses, case references, and transaction details.
  • Documents uploaded for AI analysis, including property search results and EPCs.
  • AI-generated reports, risk assessments, and draft correspondence.
  • User modifications to AI-generated content.
  • Feedback and quality assurance submissions.

3.3 Technical and Usage Data

  • Login timestamps, session identifiers, and IP addresses.
  • AI disclaimer acknowledgement records with timestamps.
  • Comprehensive audit trail data for all platform interactions.
  • Browser type, device information, and operating system.

4. Lawful Basis for Processing

We process personal data on the following legal bases:

  • Contract: Processing necessary for the performance of our contract with you to provide the Platform services.
  • Legitimate Interests: Processing necessary for our legitimate interests in operating, improving, and securing the Platform, provided these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with legal and regulatory requirements, including maintaining audit trails for professional indemnity and regulatory compliance purposes.
  • Consent: Where you have provided explicit consent, such as accepting the AI Usage Disclaimer.

5. How We Use Your Information

Your personal data is used for the following purposes:

  • Providing and operating the Platform, including AI-powered document analysis and report generation.
  • Authenticating users and managing account access.
  • Maintaining comprehensive audit trails for regulatory compliance and professional indemnity defence.
  • Improving the accuracy and reliability of AI outputs through anonymised and aggregated analysis.
  • Communicating with you regarding your account, service updates, and security notifications.
  • Fulfilling legal and regulatory obligations.

6. AI Processing and Data Usage

Documents uploaded to the Platform are processed by AI systems solely for the purpose of providing the analysis service. We confirm that:

  • No model training: Client data and uploaded documents are never used to train or fine-tune AI models.
  • Transient processing: Document content is processed in real-time and is not retained by the AI model beyond the immediate analysis session.
  • Result storage: AI-generated reports and risk assessments are stored within the Platform for your continued access, subject to data retention policies.
  • No third-party sharing: Document content is not shared with any third party except the AI processing provider, which is bound by strict data processing agreements.

7. Data Retention

We retain personal data for the following periods:

  • Account data: Retained for the duration of your account and for six (6) years following account closure.
  • Case data and documents: Retained for a minimum of six (6) years from case completion, in line with professional indemnity requirements and the Limitation Act 1980.
  • Audit trail records: Retained for a minimum of fifteen (15) years to support regulatory compliance and long-tail professional indemnity claims.
  • AI disclaimer acknowledgements: Retained indefinitely as part of the immutable audit trail.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and row-level security policies on all database tables.
  • Private storage buckets for all uploaded documents.
  • Immutable audit records that cannot be altered or deleted.
  • Regular security assessments and penetration testing.
  • Hosting infrastructure (Supabase) independently certified to ISO 27001 and SOC 2 Type II; Olimey's own information-security programme follows these frameworks.

9. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data with:

  • Infrastructure providers: Cloud hosting and database services, bound by data processing agreements and operating within UK/EEA jurisdictions or under adequate safeguards.
  • AI processing providers: For the sole purpose of document analysis, subject to strict data processing agreements prohibiting data retention or model training.
  • Legal and regulatory authorities: Where required by law, court order, or regulatory obligation.
  • Professional indemnity insurers: Where necessary in connection with a claim or potential claim, limited to relevant audit trail and case data.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to legal retention obligations. Note: audit trail records are exempt from erasure requests due to legitimate legal obligations.
  • Right to Restrict Processing: Request restriction of processing in certain circumstances.
  • Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact: dpo@olimey.ai. We will respond within one calendar month.

11. International Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), adequacy decisions, or other approved transfer mechanisms under UK GDPR.

12. Cookies and Tracking

The Platform uses essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics that profile individual users. Essential cookies cannot be disabled as they are necessary for the Platform to function.

13. Children’s Privacy

The Platform is designed for use by qualified legal professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to registered users via email. The “Last updated” date at the top of this policy indicates when it was last revised.

15. Complaints

If you are unsatisfied with our handling of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Olimey AI · Registered in England and Wales
Data Protection Officer: dpo@olimey.ai