Privacy Policy

1. Who is responsible for your data

The controller of your personal data is Olace Pritam Chakraborty, a sole proprietorship (jednoosobowa działalność gospodarcza) with its registered address at Witolda Budryka 2, 30-072 Kraków, Poland. For any privacy question or request, contact us at support@olace.app.

2. Our approach

Olace is local-first. Conversations you run on your own hardware or on a device you have paired stay on your devices; we do not receive them. Encryption protects what you choose to sync or back up. Some features need the cloud, and those send only the content the feature requires. This policy explains, in plain terms, what we process and why.

3. The data we process

Account and identity

To create and secure your account we process your email address. If you start a paid plan or free trial, we also process your phone number, which we use to verify you and to keep trials fair, one per person. We store these in encrypted form, and we keep a one-way hash of each to recognise duplicates and sign-in attempts. Because we use your email, and your phone where provided, to send you sign-in codes and notifications, these details are encrypted on our servers but are not zero-knowledge: we are able to decrypt them to run the service. We also keep a random account identifier and the dates your email or phone were verified.

Sign-in and security

When you sign in, we process one-time codes, which we store only as a short-lived one-way hash and discard within about ten minutes. We keep hashed session and refresh tokens so you stay signed in, and basic security signals for sign-in approvals, such as a one-way hash of the requesting IP address, the device name, platform, and browser user-agent. These protect your account against unauthorised access.

Devices and pairing

To connect your devices we process a canonical device identifier (a one-way hash), the platform, a device label you can edit, and the public keys and fingerprints used to pair devices securely. If you enable notifications, we store your push token in encrypted form to deliver them.

Subscriptions and credits

If you buy a plan, we receive subscription status and identifiers from our payment partners (for example a Paddle or RevenueCat subscription and customer ID) so we can grant your entitlements and credits. We do not receive or store your full card number; payments are handled by the merchant of record. To prevent abuse of free trials and Starter Pack grants, we keep a one-way, non-identifying record keyed to a phone hash or device id even after an account is deleted.

Conversations, files, and backups

Conversations and files you create locally or on a paired device stay on your devices. When you sync or back up to the cloud, your conversations are zero-knowledge encrypted on your device with a key derived from your recovery key and PIN, and we store only ciphertext we cannot read, along with the minimum metadata needed to sync, such as account, conversation, and message identifiers. Files are stored the same way, as encrypted objects in our object storage.

Cloud AI, search, and tools

When you use a cloud feature, we process the content that feature needs, only for as long as it takes to return the result:

• Cloud models. Your prompt and the relevant conversation context are sent to our inference provider to generate a response. We pin zero-data-retention on every request, so the provider does not log, keep, or train on what you send.
• Web and image search. When you search, the model turns your request into a search query, and that query, along with the pages chosen to read, is sent to the search provider. Your raw message is used only as a fallback, when a query cannot be generated.
• Vision and image generation. The image or prompt you provide is processed by the relevant model to produce the result.
• Weather. A location you ask about, such as a city name, is sent to a weather provider to fetch the forecast.

We do not store the content of these requests as readable conversation on our servers, and we do not use it for advertising or model training. If you use your own provider key (BYOK), the request runs from your device to that provider and your key never reaches us.

If you would rather no conversation content ever leave your devices, Direct Mode keeps a conversation entirely on your own and paired devices: cloud models, web search, and other external tools are turned off for it, so nothing is sent out for processing. Your conversations still sync across your devices, always encrypted.

Support and feedback

If you contact support or send feedback from the app, we receive what you write, including any details or attachments you choose to include, so we can help you. This is content you send to us on purpose, and our support staff can read it.

Operational metrics

To keep the service reliable, we collect aggregate operational metrics, such as counts, error types, and timing. These are limited to a fixed set of non-identifying values: they never contain your identity, your device identifiers, your IP address, or any conversation content. You can turn these off in settings.

4. Encryption and zero-knowledge

Olace protects synced data with strong encryption (AES-256-GCM, with keys derived using HKDF and, for your PIN, Argon2id). Your master key is generated on your device and wrapped with a recovery key that only you hold; a server-held pepper hardens your PIN without ever learning it. For your synced conversations and files, we hold only wrapped keys and ciphertext and cannot decrypt them. Signing in to your account does not unlock this data on its own: the key moves only between your own devices, when you enter your recovery key or PIN or approve a new device from one already unlocked, end-to-end encrypted so it never reaches us in readable form. This also means that if you lose both your recovery key and PIN, we cannot recover that data for you. On the web, your key stays in memory for the browser session by default, so reopening the tab asks you to unlock again. If you choose to trust a browser, your key is stored there in the browser database (IndexedDB), wrapped under a non-exportable browser key, so it cannot be read or copied off that device. On the web, your conversations are likewise kept encrypted in IndexedDB, not in plain form.

5. Why we use your data, and our legal bases

Under the GDPR, and on equivalent grounds under other privacy laws, we rely on the following:

• To perform our contract with you: creating your account, signing you in, syncing and backing up your data, running the features you use, and managing your subscription and credits.
• Our legitimate interests: keeping the service secure, preventing abuse and fraud, and understanding aggregate reliability, balanced against your rights.
• Your consent: for optional things such as push notifications and optional metrics, which you can withdraw at any time.
• Legal obligation: where we must keep certain records, for example for tax, usually handled by the merchant of record.

6. Who we share data with

We do not sell your personal data. We share data only with service providers (sub-processors) that help us run Olace, each handling only what their function needs:

• Hosting and infrastructure: Koyeb (application hosting), Supabase (database), our managed cache, and S3-compatible object storage for encrypted backups.
• Sign-in delivery: Twilio (SMS codes) and Brevo (email codes and links).
• Notifications: Firebase Cloud Messaging (Google) for mobile push.
• Cloud AI: OpenRouter and the models it routes to, on a zero-data-retention basis.
• Search and tools: web search, image search, page reading, and weather lookups, through providers such as Tavily, Exa, Brave, Serper, image sources, OpenWeather, and Open-Meteo, used only for the request you make.
• Payments: Paddle (web and desktop merchant of record), and the Apple App Store, Google Play, and RevenueCat for in-app purchases.

We may also disclose data if required by law, to protect the rights and safety of users or the public, or as part of a business transfer, in which case we will tell you.

7. International transfers

Some of these providers operate outside the European Economic Area. Where data is transferred outside the EEA, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or an adequacy decision, so your data keeps a comparable level of protection.

8. How long we keep data

• Account data is kept while your account is active and deleted when you delete your account.
• Sign-in codes are discarded within about ten minutes; sessions expire and rotate.
• Cloud backups and sync remain while the feature is enabled and your plan allows it. If you move to the free tier, syncing stops and we keep your cloud copy, still encrypted, for a limited time (currently 60 days) so that upgrading again within it restores your data with nothing lost. After that we delete it. If you turn cloud sync off yourself, your cloud copy is deleted shortly after, following a short grace of a few minutes so that turning it back on, or an accidental toggle, loses nothing.
• Short-lived operational data such as expired media and sync logs is pruned on a rolling basis.
• Anti-abuse records are kept as one-way hashes that do not identify you, including after account deletion.

9. Deleting your account

You can delete your account from the app at any time. We verify the request with a one-time code and then permanently delete your data, including your conversations, backups, files, devices, keys, and billing records, except the one-way anti-abuse hashes noted above. Deletion of encrypted files from object storage is queued and completed shortly after.

10. Your rights

Wherever you live, you can ask us to access, correct, delete, or export your personal data, or object to how we use it. Many of these you can do yourself in the app, for example by editing your details or deleting your account; for anything else, contact us at support@olace.app and we will help. We do not sell your personal information.

Depending on where you live, you may also have specific statutory rights:

• EEA and UK: under the GDPR, the rights to access, rectification, erasure, restriction, objection, portability, and withdrawing consent, plus the right to complain to a supervisory authority. In Poland that is the President of the Personal Data Protection Office (UODO).
• United States: in California and other states with privacy laws, the right to know, delete, and correct your personal information and to opt out of its sale or sharing. We do not sell or share it, and we will not treat you differently for exercising these rights.
• Canada, Australia, and elsewhere: we honour equivalent rights to access, correct, and delete your data under your local law.

11. Permissions on your device

Some features ask for device permissions, only when you use them: the camera to add photos or scan a pairing code, the photo library to attach images, the microphone for voice input, notifications for alerts, and local-network access so your device can reach your already-paired desktop over the same Wi-Fi and run AI on its GPU. You can manage these in your operating system settings.

12. Children

Olace is not directed to children. You must be at least 16 to use the Service. If you believe a child has given us personal data, contact us and we will delete it.

13. Changes to this policy

We may update this policy as the Service evolves. If a change is material, we will give reasonable notice, for example in the app or by email. The date at the top shows when it was last updated.

14. Contact

For any privacy question or request, write to us at support@olace.app.