Olva
Privacy Terms Subprocessors

Legal

Privacy Policy

This policy describes how Olva collects, uses, stores, and shares information when you use our website, cloud services, and desktop application—including meeting transcripts and other text outputs produced from real-time audio processing. Olva does not store meeting audio or meeting video on our systems; this Policy also covers AI features, documents, and integrations.

Last updated May 8, 2026

Introduction

Your privacy matters. This Privacy Policy (“Policy”) applies to services offered by Olva (“Olva,” “we,” “us,” or “our”), including our website at olva.ai, related web properties, accounts, and the Olva desktop application (collectively, the “Services”). It explains what information we collect, how we use it, how we share it, and the choices you have. Capitalized terms used here but not defined have the meaning given in our Terms of Service.

We do not sell your personal information as that term is commonly understood in U.S. state privacy laws. We use trusted service providers (“subprocessors”) to run core functions such as hosting, authentication, transcription, and AI; see our Subprocessors page for a high-level list.

We may update this Policy from time to time. We will post the revised Policy on this page and update the “Last updated” date. Where changes are material, we will take additional steps where required by law (for example, notice or consent). Your continued use of the Services after the effective date of an update means you acknowledge the revised Policy.

Scope and applicability

This Policy applies when you visit our website, create or use an account, use the Olva desktop app, or otherwise interact with the Services. It does not govern third-party products you choose to use alongside Olva (for example, your video conferencing platform, operating system, browser extensions, or employer-managed tools). Those services have their own terms and privacy policies, and we are not responsible for their practices.

If you use Olva on behalf of an organization, your organization may have its own policies and may control certain data or settings. Where we process personal information on behalf of an organization customer, that organization may be the controller of certain data; in those cases, contact the organization for questions about how they use your information, and we will assist as required by our agreement and applicable law.

Information we collect

Account and profile information

When you register or sign in, we collect information such as your name, email address, authentication identifiers, and profile details supplied by you or by a sign-in provider (for example, Google or Microsoft). We use this to create and secure your account, communicate with you, and provide the Services.

Billing and subscription data

If you purchase a paid plan, our payment processor (Stripe) collects and processes payment details according to its own privacy policy. We receive limited billing information needed to manage subscriptions (such as plan, status, invoice metadata, and the last few digits of a payment method where applicable). We do not store full payment card numbers on our infrastructure.

Meeting, audio, and transcription data

Olva is an AI meeting assistant. Depending on your settings and how you use the product, this may include:

  • Live audio processing (not stored as media by Olva). The desktop app accesses microphone input and system (meeting) audio when you use live transcription and related features. That audio is streamed in real time to our speech-to-text provider to generate text. Olva does not store meeting audio or meeting video on our systems—it is processed to produce transcripts and is not retained as audio or video files by Olva.
  • Transcripts and meeting metadata. We store transcripts, speaker attribution where available, timestamps, session identifiers, meeting titles, and related metadata so you can search history, generate summaries, and use post-meeting features.
  • In-product activity during a session. For example, live insights, suggested prompts, chat-style questions you send about a meeting, and AI-generated responses tied to that meeting context.

In short: Olva does not store meeting audio or meeting video on our systems. Audio is handled only as a real-time stream to generate transcripts and related text outputs; we retain transcripts, meeting metadata, and AI-generated content as described in this Policy—not media files of your calls. Your conferencing platform may store meeting audio or video separately; that is outside this Policy.

You are responsible for complying with laws and policies that apply to capture, monitoring, and processing conversations in your jurisdiction and workplace, and for obtaining any required consent from participants. See Capture and compliance below.

AI features, prompts, and outputs

When you use AI-powered features (such as summaries, answers, insights, or document-aware assistance), we send relevant content to our AI provider (currently OpenAI) to generate responses. That content may include portions of transcripts, meeting context, your questions, and—when you use document-aware features—snippets from documents you have connected or uploaded. Outputs are generated automatically and may be inaccurate or incomplete; you should review them before relying on them for important decisions.

Processing by AI subprocessors is subject to their terms and privacy policies for the product tier and integration we use. We configure the Services to deliver functionality to you; we do not use your meeting content for unrelated third-party advertising.

Your data and model improvement

We do not use your meeting transcripts, prompts, documents, or other Customer Content to train, fine-tune, or improve general-purpose machine learning models (whether ours or a third party’s), or for model evaluation or benchmarking unrelated to providing the Services to you. We process your content through AI and transcription providers solely to operate the features you use—for example, to return transcripts, summaries, and answers to you—and in line with the product and data-use settings we select with those vendors.

When we say we “maintain and improve the Services” elsewhere in this Policy, we mean reliability, security, product features, and user experience—not using your content to train foundation or shared AI models.

Documents, attachments, and search (RAG)

If you upload or attach documents, or enable features that index your materials for retrieval-augmented generation (“RAG”), we process file contents to chunk text, generate embeddings (numerical representations of text), and store chunks and embeddings in our database so the product can retrieve relevant passages when you ask questions. Embeddings may be generated via our AI provider and stored alongside the underlying text chunks. Deleting a document or your account should remove associated stored chunks where our product supports deletion; retention and backups are described under Data retention.

Calendar integrations

If you connect Google Calendar or Microsoft Calendar, we access calendar data you authorize (such as event titles, times, organizer or account email, and conference links) to show upcoming meetings, support joining or detection workflows, and improve scheduling-related experiences. We only request the scopes needed for these features. You can disconnect an integration at any time in your account or platform settings; some residual metadata may remain until overwritten or deleted as part of normal retention.

Google API Services (Limited Use)

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements. See Google API Services User Data Policy.

If the same Google Cloud OAuth client is used for sign-in and calendar, your Google Account may list the combined set of scopes granted to Olva—not only calendar access. That matches what our product requests across those flows.

Sign in with Google (via Supabase Auth) uses Google’s standard OpenID Connect sign-in scopes, which typically include:

  • openid
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile

Connect Google Calendar: our authorization request includes https://www.googleapis.com/auth/calendar.readonly and https://www.googleapis.com/auth/userinfo.email (see our implementation). The email scope may already be satisfied by a prior Google sign-in grant. Google’s permissions UI sometimes shows more than one calendar-related line (for example calendars and events) for read-only calendar access; the scope strings we request for calendar are those in this section unless we list additional scopes here after a product change.

For verification, confirm the scope strings under APIs & Services → OAuth consent screen in Google Cloud match these lists and remove any scope you do not request in code or in Supabase Auth settings.

Technical, diagnostic, and usage information

We automatically collect certain technical information when you use the website or desktop app, such as app version, operating system type, approximate locale or time zone, IP address, request timestamps, error logs, and security-related events. Our hosting and infrastructure providers may also log technical data when you access olva.ai or our APIs. We use this information to operate the Services, troubleshoot, secure accounts, enforce rate limits and plan entitlements, and understand aggregate usage patterns.

Support and communications

If you contact us (for example at support@olva.ai), we collect the information you choose to provide, such as your email address and the contents of your message, to respond and improve support quality.

How we use information

We use the information above to:

  • Provide, maintain, and improve the Services (including transcription, AI features, search, and exports)
  • Authenticate users, prevent fraud and abuse, and protect the security of the Services
  • Process subscriptions, invoices, and plan limits
  • Communicate with you about the Services, security, and policy updates
  • Comply with legal obligations and enforce our Terms of Service
  • Create aggregated or de-identified statistics that do not identify you, where permitted by law

Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR or similar laws apply, we rely on one or more of the following legal bases: performance of a contract with you; our legitimate interests in operating and securing the Services (balanced against your rights); compliance with legal obligations; and, where required, your consent (for example, for certain cookies or marketing, if we offer them and you opt in).

How we share information

We share personal information only as described in this Policy, including:

  • Subprocessors that assist with hosting, authentication, database, storage, payments, transcription, AI, calendar APIs, and email—listed at a high level on our Subprocessors page. They may process data only as needed to provide their services to us.
  • Legal and safety when we believe disclosure is required by law, regulation, legal process, or governmental request; to protect the rights, property, or safety of Olva, our users, or others; or in connection with investigations of fraud or abuse.
  • Business transfers such as a merger, acquisition, financing, or sale of assets. We will notify you as required by law if your information becomes subject to a different privacy policy.

We do not sell your personal information for money.

Cookies and similar technologies (website)

Our website and web app use cookies and similar technologies as needed to maintain sessions (for example, authentication cookies managed with Supabase), remember preferences, and protect against abuse. Essential cookies are required for sign-in and core functionality. If we add optional analytics or marketing cookies in the future, we will describe them here and, where required, provide a consent mechanism.

Security

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. These include encryption in transit for data sent between the app and our backends, access controls, and reliance on reputable cloud providers. No method of transmission or storage is completely secure; you should use a strong password and protect your device.

Data retention

We retain personal information for as long as your account is active and as needed to provide the Services, comply with law, resolve disputes, and enforce our agreements. When you delete content or your account where the product supports deletion, we delete or anonymize associated records within a reasonable period, subject to backup and archival systems that may retain copies for a limited time before automatic purge. We may retain de-identified or aggregate data that does not identify you.

Your choices and rights

Depending on your region and the features we offer, you may be able to:

  • Access or update account information in the product or website
  • Disconnect Google or Microsoft sign-in or calendar integrations
  • Delete meetings, transcripts, or documents where the product provides deletion controls
  • Cancel a subscription through billing flows managed by our payment processor
  • Request access, correction, deletion, export, or restriction of processing of your personal information, where applicable law provides these rights

To exercise rights or ask questions, contact support@olva.ai. We may need to verify your identity before fulfilling certain requests. If you are an end user of an organization-deployed Olva account, that organization may need to submit or approve some requests.

Capture and compliance

Olva can process sensitive audio and conversation data. You agree that you are solely responsible for using the Services in compliance with applicable wiretap, surveillance, consent, employment, confidentiality, and intellectual property laws. You should inform meeting participants and obtain consent where required before capturing or transcribing audio.

Incognito mode (content protection)

The desktop app may offer an “incognito” or content-protection mode that uses operating-system features (such as marking the Olva window to reduce ordinary screen capture in some environments). This is a convenience feature and does not guarantee confidentiality; it does not replace your legal or contractual obligations to other participants, and behavior may differ by platform and third-party software.

International transfers

We may process and store information in the United States and other countries where we or our subprocessors operate. Those countries may have data protection laws that differ from your country. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

U.S. state privacy notices

California

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), including to know, delete, and correct certain personal information, and to opt out of “sale” or “sharing” as defined by California law. We do not sell personal information for monetary consideration. To submit a request, email support@olva.ai. We will not discriminate against you for exercising privacy rights granted by law.

Nevada

Nevada residents may opt out of the sale of certain personal information under Nevada law. We do not currently sell covered information as defined in Nevada Revised Statutes Chapter 603A. You may still contact us at support@olva.ai with the subject line “Nevada privacy request” for questions.

European and UK residents

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you may have the rights described under applicable data protection law, including to access, rectify, erase, restrict or object to certain processing, and to data portability where applicable. You may also lodge a complaint with a supervisory authority. We encourage you to contact us first at support@olva.ai so we can address your concern.

Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us at support@olva.ai and we will take appropriate steps to delete it.

Do Not Track

Some browsers transmit “Do Not Track” signals. There is no consistent industry standard for how to respond to these signals. We do not use such signals to alter our practices for core Service operation; we do not use cross-site tracking cookies for targeted advertising as part of the current Olva web experience described in this Policy.

Changes and contact

We may update this Policy periodically; the “Last updated” date at the top reflects the latest version. Questions about this Policy or our privacy practices: support@olva.ai.