Privacy Policy

Last updated: February 12, 2026

At OLYMPUS, your privacy is fundamental to how we build our product. This Privacy Policy describes how OLYMPUS Technologies Pvt. Ltd. ("OLYMPUS," "we," "us") collects, uses, stores, and protects your information when you use our platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign up via Google or Apple OAuth, we receive limited profile data from those providers.

1.2 Billing Information

Payment processing is handled by our third-party payment provider (Razorpay). We do not store credit card numbers, CVV codes, or full payment details on our servers. We retain transaction IDs and billing history for accounting purposes.

1.3 Ad Account Data

When you connect your accounts, we access:

  • Facebook Ads: Campaign data, ad set performance, creative metrics, audience insights, and spend data via the Meta Marketing API
  • Shopify: Order data, product catalog, revenue figures, and customer purchase patterns via the Shopify Admin API
  • Google Analytics (optional): Traffic and conversion data for cross-validation

1.4 Usage Data

We collect anonymized usage data including pages viewed, features used, dashboard interactions, and session duration to improve our product experience.

1.5 Device & Browser Data

We collect browser type, operating system, IP address, and device identifiers for security, fraud prevention, and service optimization.

2. How We Use Your Information

  • Service Delivery: Powering the OLYMPUS AI engine, generating insights, executing optimization actions, and delivering reports
  • Attribution: Cross-referencing ad platform data with e-commerce data to calculate true ROAS, RTO rates, and LTV metrics
  • AI Training: Your individual data is never used to train AI models for other users. We only use anonymized, aggregated patterns to improve our algorithms
  • Communication: Sending transactional emails, Telegram notifications, performance alerts, and occasional product updates
  • Support: Responding to your inquiries and resolving technical issues
  • Legal Compliance: Meeting regulatory requirements including tax, accounting, and legal obligations

3. Data Storage & Security

3.1 Infrastructure

Your data is stored on secure, encrypted servers. We use industry-standard encryption for data in transit (TLS 1.3) and at rest (AES-256). Our infrastructure is monitored 24/7 for security threats.

3.2 Access Controls

Access to user data is restricted to authorized personnel only, on a need-to-know basis. All access is logged and audited. We enforce multi-factor authentication for all internal systems.

3.3 Third-Party Processors

We use the following third-party services that may process your data:

  • Razorpay — Payment processing
  • AWS / Cloud infrastructure — Data hosting
  • Meta (Facebook) APIs — Ad data retrieval
  • Shopify APIs — E-commerce data retrieval
  • Telegram Bot API — Notification delivery
  • Google Analytics — Usage analytics (anonymized)

4. Data Sharing

We do not sell, rent, or trade your personal or business data. We share data only in these circumstances:

  • With your consent: When you explicitly authorize sharing
  • Service providers: Third-party processors necessary for operating the Service (listed above), bound by data processing agreements
  • Legal requirements: When required by law, regulation, legal process, or governmental request
  • Business transfer: In the event of a merger, acquisition, or asset sale, with advance notice to affected users

5. Data Retention

  • Active accounts: Data is retained for the duration of your subscription plus 90 days
  • Cancelled accounts: Data is retained for 30 days post-cancellation to allow for reactivation, then permanently deleted
  • Account deletion: Upon request, all personal data is deleted within 30 days. Anonymized, aggregated data may be retained indefinitely
  • Legal holds: Data subject to legal obligations may be retained for the legally required period

6. Your Rights

In accordance with applicable data protection laws (including the Information Technology Act, 2000 and its amendments), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format
  • Withdrawal: Withdraw consent for data processing at any time (this may affect Service functionality)
  • Objection: Object to data processing for specific purposes

To exercise any of these rights, contact us at privacy@olympus.ai. We will respond within 30 days.

7. Cookies & Tracking

We use essential cookies for:

  • Session management and authentication
  • Security and fraud prevention
  • User preferences and settings

We use optional analytics cookies (which you can decline) to understand how the platform is used and improve the experience. We do not use advertising or third-party tracking cookies.

8. Children's Privacy

OLYMPUS is a business-to-business service and is not directed at individuals under 18 years of age. We do not knowingly collect data from minors. If we discover that a minor has provided personal data, we will delete it promptly.

9. International Data Transfers

Your data is primarily stored in India. If data is transferred internationally (e.g., for cloud infrastructure), we ensure appropriate safeguards are in place in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy-related questions or requests:

  • Email: privacy@olympus.ai
  • Data Protection Officer: dpo@olympus.ai
  • Address: OLYMPUS Technologies Pvt. Ltd., Bangalore, Karnataka, India