This Privacy Policy (the "Policy") describes the practices of Oluri AI LLC, a Tennessee limited liability company with a principal place of business at 370 Mallory Station Road, Suite 503, Franklin, Tennessee 37067, United States ("Oluri," "we," "us," or "our"), regarding the collection, use, disclosure, and protection of personal information obtained in connection with our website located at oluriai.com (the "Website"), our iMessage, SMS, and other messaging interfaces, our software applications, our application programming interfaces, and any related products, services, features, content, or functionality (collectively, the "Service").
By accessing or using the Service, by creating an account, by providing your mobile telephone number, or by checking a box indicating assent to this Policy, you ("you," "your," or "User") acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Policy. If you do not agree with this Policy, you must not access or use the Service.
This Policy is incorporated by reference into the Oluri Terms of Service (the "Terms"). Capitalized terms not defined in this Policy have the meanings given to them in the Terms.
This Policy applies to all Personal Information processed by Oluri in connection with the Service, including information collected from:
2.1 Visitors to the Website;
2.2 Users who register for an Account;
2.3 Users who interact with Oluri via iMessage, SMS, or other messaging channels;
2.4 Users who connect third-party services (including Google Workspace, Gmail, Google Calendar, and others) to the Service;
2.5 Users who make payments, authorize purchases through the Service, or store payment instruments in the Vault for use with merchant accounts;
2.6 Users who store credentials, payment instruments, or identity documents in the Oluri Vault; and
2.7 Third parties who communicate with Users through the Service (for example, recipients of emails drafted or sent through Oluri).
This Policy does not apply to: (a) information collected by third parties whose products, services, or websites are linked to or integrated with the Service, which are governed by the applicable third party's own privacy policy; (b) information collected offline or through means other than the Service; or (c) employment-related data of Oluri employees, contractors, and job applicants, which is governed by a separate notice.
For the purposes of this Policy, the following terms have the meanings set forth below:
3.1 "Account" means a registered user account with the Service.
3.2 "Aggregate Information" means information that has been aggregated, anonymized, or de-identified such that it cannot reasonably be used to identify a specific individual, directly or indirectly.
3.3 "Applicable Privacy Laws" means all laws, rules, regulations, and orders applicable to the processing of Personal Information, including without limitation the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, the "CCPA"); the Virginia Consumer Data Protection Act; the Colorado Privacy Act; the Connecticut Data Privacy Act; the Utah Consumer Privacy Act; the Texas Data Privacy and Security Act; the Oregon Consumer Privacy Act; the Montana Consumer Data Privacy Act; the Delaware Personal Data Privacy Act; the Tennessee Information Protection Act ("TIPA"); the Florida Digital Bill of Rights; the EU General Data Protection Regulation 2016/679 (the "GDPR"); the UK Data Protection Act 2018 and UK GDPR; the Children's Online Privacy Protection Act ("COPPA"); the Telephone Consumer Protection Act ("TCPA"); the Controlling the Assault of Non-Solicited Pornography And Marketing Act ("CAN-SPAM"); and any other applicable privacy, data protection, or consumer protection law.
3.4 "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household, as further defined under Applicable Privacy Laws. Personal Information does not include Aggregate Information or publicly available information.
3.5 "Process" or "Processing" means any operation or set of operations performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
3.6 "Sensitive Personal Information" has the meaning set forth under the CCPA and analogous terms under other Applicable Privacy Laws, and includes, without limitation, government-issued identifiers; financial account credentials; precise geolocation data; racial or ethnic origin; religious or philosophical beliefs; union membership; genetic or biometric data used to uniquely identify a natural person; health data; data concerning sex life or sexual orientation; and the contents of mail, email, and text messages, unless the business is the intended recipient.
3.7 "Third Party" means any person or entity other than you or Oluri.
3.8 "User Content" means any information, data, text, messages, instructions, files, or materials that you provide to, input into, or generate through the Service.
The categories and types of Personal Information we Process depend on how you interact with the Service. We collect Personal Information in the following categories:
(a) Account Registration Information. When you create an Account, we collect your name, email address, mobile telephone number, authentication credentials, beta code (if applicable), date of birth or age confirmation, and any other information you voluntarily provide during registration or onboarding.
(b) Profile Information. You may provide additional profile information including but not limited to city or region of residence, occupation, photograph, preferences, goals, routines, covenants, spiritual practices, dietary restrictions, allergies, household members, contacts, and any other information you choose to share.
(c) Payment Information. When you subscribe to a paid plan, our payment processor (Stripe, Inc.) collects your payment card information, billing address, and transaction details directly; we receive only tokenized references and limited transaction metadata. For Tier 1 Merchant purchases described in our Terms of Service, the merchant charges a payment card you have separately saved on the merchant's own account; Oluri does not handle the merchant's portion of the charge and does not see your full card number for the merchant transaction. The Service Fee Oluri charges separately is processed by Stripe in the same tokenized manner as Subscription Fees.
(d) Vault Information. If you elect to use the Oluri Vault to store credentials for third-party websites or services, or to store payment cards for use in browser-executed purchases, we collect those credentials and payment instruments. All Vault data is encrypted at rest using envelope encryption keyed to a PIN that you select; Oluri does not retain the PIN and cannot recover Vault contents if the PIN is lost.
(e) Communications. We collect the content and metadata of communications you send to or through the Service, including iMessage and SMS messages, emails drafted or sent through the Service, voice input transcriptions, support inquiries, and any other messages you exchange with Oluri.
(f) User Content. We collect photographs, screenshots, documents, receipts, voice notes, and any other files or materials you upload to or share with the Service.
(g) Health and Wellness Information. If you choose to log fitness, nutrition, medication, sleep, mood, allergies, or other health-related information, we collect and store that information. See Section 13 for important disclaimers regarding the Service's role in health-related matters.
(a) Device and Technical Information. We automatically collect device identifiers (including Apple Push Notification tokens, carrier identifiers, and mobile advertising identifiers where permitted), device type and model, operating system and version, browser type and version, screen resolution, time zone, language preferences, and network information.
(b) Usage and Interaction Data. We collect information about your interactions with the Service, including pages and features accessed, features used, actions taken, tool calls executed, tasks requested, response times, session duration, error logs, and performance metrics.
(c) Approximate Location. We derive approximate location (at the level of city or region) from IP address, time zone, and user-provided address information for the purpose of providing location-relevant responses (weather, local search, venue recommendations). Precise (GPS) geolocation is not collected by default. Precise location is collected only when you separately opt in to the Location Feature described in Section 4.5 below, or when you explicitly provide a street address or coordinates in a message.
(d) Log Data. Our servers automatically record information created by your use of the Service, including IP addresses, access times, timestamps, HTTP request and response headers, error codes, and diagnostic data.
(a) Knowledge Graph Data. A core function of the Service is the construction of a persistent temporal knowledge graph reflecting your life, routines, relationships, preferences, commitments, and goals. The knowledge graph is built from: (i) facts you state explicitly; (ii) facts implied by your messages and interactions; and (iii) facts inferred by our artificial intelligence models from conversational context. This information may include Sensitive Personal Information.
(b) Execution Records. We retain records of actions performed through the Service on your behalf, including browser navigation steps, products purchased, reservations booked, bills paid, emails sent, and calendar events created.
(c) Decision and Policy Traces. For security, auditability, and debugging, we retain internal records of skill-execution decisions, policy gate determinations, authority scope evaluations, and related metadata.
When you authorize the Service to connect to a third-party account through OAuth, we collect information from that account strictly within the scope of the permissions you grant. The specific scopes Oluri requests, and the Personal Information each makes available, are:
(a) Gmail. Oluri requests four Gmail OAuth scopes when you connect Gmail: gmail.readonly (read messages and threads), gmail.send (send messages on your behalf with your confirmation), gmail.compose (create drafts on your behalf), and gmail.modify (apply labels, archive, mark as read). These scopes allow Oluri to access email message content, headers, metadata, labels, threads, drafts, and sent messages. Oluri's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Gmail data is used solely to provide the user-facing features you have requested (reading, drafting, sending, organizing your email); is not transferred to any third party except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or asset sale (in which case the successor will be bound by terms at least as protective as these); is not used to serve advertisements; and is not used to develop, improve, or train generalized or non-personalized artificial intelligence or machine-learning models. Oluri does not read Gmail content with human eyes except where you have given consent, where reading is necessary to investigate abuse or security issues, where reading is required by applicable law, or for internal Service operations limited to data that has been aggregated and anonymized.
(b) Google Calendar. Oluri requests two Calendar OAuth scopes: calendar.readonly (read events) and calendar.events (create, modify, and delete events on calendars you select). This makes available event titles, descriptions, attendees, times, locations, recurrence patterns, and conferencing details.
(c) Google Tasks. Oluri requests the tasks OAuth scope, which makes available task list titles, task titles, notes, due dates, completion status, and parent/subtask relationships.
(d) Browser-Executed Purchases. When the Browser Agent executes a Tier 1 Merchant purchase on your behalf, Oluri sees the order confirmation, shipping details, and the merchant's representation of the order total. Oluri does not request or receive the merchant's full payment-card data; the merchant charges your saved card directly.
What we do not collect. Oluri does not request the Google Contacts (People API) scope. Any contact information that appears in your knowledge graph is extracted from the content of messages you exchange (for example, the names and email addresses that appear in Gmail message headers you have authorized Oluri to read).
You may revoke any OAuth authorization at any time through the Service or through your Google Account permissions page at myaccount.google.com/permissions. Revocation ceases future collection but does not by itself delete information previously collected; to delete previously collected information, submit a deletion request as described in Section 10.
The Service offers an optional Location Feature that, when you enable it, allows Oluri to retrieve your precise (GPS) location from Apple's Find My ("FindMy") via our messaging-infrastructure provider, Blooio. The Location Feature is off by default. You enable it by replying LOCATION ON (awareness only) or LOCATION FULL (awareness plus proactive surfaces) to any Oluri message and by sharing your location with the Oluri number through FindMy. You can disable it at any time by replying LOCATION OFF.
(a) What we collect when the Location Feature is enabled. We pull coordinates (latitude, longitude, timestamp) on an adaptive cadence (roughly every three minutes while in motion, up to every twenty-five minutes while stationary for an extended period); motion classification (stationary, walking, driving, in transit) derived locally from successive samples; named places that you confirm or explicitly name (such as "home" or "the gym"); and episode anchors that bind a flagged moment to the place at which it occurred. We do not collect a continuous movement track; sampling is interval-based.
(b) What we do not collect. We do not run a background GPS service on your phone. We do not request continuous location through any other channel. We do not collect locations of FindMy contacts beyond what is necessary to surface your own context, and we never cross-surface third-party locations to other Oluri accounts.
(c) Retention. Raw coordinate samples are retained for a maximum of thirty (30) days, after which they are automatically and irreversibly purged. This thirty-day limit is enforced architecturally and cannot be extended. Named places persist for the life of your Account; an opt-out wipes them. Consent events are retained for compliance audit purposes.
(d) Use purposes. Location data is used solely to provide context to the Service (for example, ETA estimates, errand reminders triggered by your arrival, appointment-time calculations, place-specific routines, and proactive surfaces under the LOCATION FULL setting subject to an annoyance budget). Location data is not used for advertising, profiling for third parties, training generalized AI models, or any purpose unrelated to providing the Service to you.
(e) Sensitive places. We tag certain place categories as sensitive (hospital emergency rooms, hospital campuses, late-night pharmacies, methadone clinics, and similar) and the Service applies a quieter mode automatically when you are detected at one — no proactive messages, gentler responses, certain features paused. The Service will not initiate any emergency escalation (including 988, 911, or any third-party crisis service) based on your location alone; crisis-path actions are triggered solely by the content of your messages.
(f) Hands-off mode. When a moment you flag is detected as falling within a sensitive emotional category (grief, loss, medical, crisis, or sacred), the Service automatically enters a hands-off mode for seven (7) days during which proactive surfaces are suppressed. You may end hands-off mode early by replying LOCATION RESET.
(g) Where it lives. Location data is stored on infrastructure owned and operated by Oluri in Nashville, Tennessee. Blooio acts as a processor strictly for the purpose of delivering FindMy location data to the Service and is bound by data-processing terms that mirror these commitments. No location data is transferred to any cloud provider, advertiser, broker, partner, or other recipient absent your express direction or a lawful, narrowly scoped legal process.
(h) Opt-out and deletion. Replying LOCATION OFF wipes all coordinate samples, all named places, all location-derived episode anchors, and the feature's poll state for your Account in a single transaction. You may opt back in at any time with LOCATION ON; nothing prior carries over.
We may receive Personal Information about you from: (a) publicly available sources; (b) our vendors and service providers (including payment processors, SMS carriers, and email deliverability providers); (c) analytics and security providers; and (d) persons who refer you to the Service.
The Service necessarily involves information about persons other than you, including your contacts, family members, colleagues, and recipients of communications you send through the Service. By providing such information to the Service, you represent and warrant that you have the right to do so and that the third party has been informed of, or would reasonably expect, your sharing of such information for the purposes described in this Policy. You agree to indemnify Oluri for any claim arising from Personal Information about a third party that you provide to the Service without adequate authority.
We Process Personal Information for the following purposes:
(a) To create, maintain, and secure your Account;
(b) To deliver, personalize, and improve the Service, including generating responses, executing Tasks you request, and surfacing information from your knowledge graph;
(c) To process transactions, purchases, subscriptions, and refunds;
(d) To authenticate you and authorize actions taken on your behalf;
(e) To maintain the integrity, security, and reliability of our systems; and
(f) To communicate with you about the Service, including transactional communications, support, updates, and notifications you have opted into.
We may Process aggregated, de-identified interaction telemetry (for example, latency metrics, error rates, and tool-call success rates) to evaluate and improve the Service. We do not train, fine-tune, or otherwise create artificial intelligence model weights from the content of your messages, your knowledge graph, your Connected Account data, or any other User Content. The models that power the Service are trained on synthetic personas and curated reference material authored or licensed by Oluri. We do not pool User Content across Users for training, do not share User Content with any third-party model provider for training, and do not sell Personal Information for advertising purposes. Where we conduct internal quality reviews of small Output samples, those samples are first scrubbed of direct identifiers and accessed only by authorized Oluri personnel under confidentiality obligations.
Where permitted by law and with your consent, we may send you marketing or promotional communications about new features, updates, and offers. You may opt out of marketing communications at any time by following the unsubscribe instructions contained in each communication or by contacting us at privacy@oluriai.com. Opting out of marketing communications does not affect transactional or Service-related communications.
To comply with applicable law; respond to lawful requests from government authorities; enforce our Terms; establish, exercise, or defend legal claims; detect and prevent fraud, abuse, or security incidents; and protect the rights, property, or safety of Oluri, our Users, or others.
For any other purpose for which you provide consent at the time of collection.
If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for Processing Personal Information are:
(a) Performance of a contract (Article 6(1)(b) GDPR) to provide the Service you have requested;
(b) Legitimate interests (Article 6(1)(f) GDPR), including operating and securing the Service, preventing fraud, and conducting internal research, provided such interests are not overridden by your rights and freedoms;
(c) Compliance with a legal obligation (Article 6(1)(c) GDPR); and
(d) Consent (Article 6(1)(a) GDPR) where we rely on your consent, including for the Processing of special categories of data under Article 9 GDPR. You may withdraw consent at any time without affecting the lawfulness of prior Processing.
We do not sell your Personal Information for monetary consideration and we do not share Personal Information for cross-context behavioral advertising. We share or disclose Personal Information only in the limited circumstances described below.
We share Personal Information with third parties that perform services on our behalf and under contractual obligations requiring the confidentiality, security, and limited use of Personal Information. Current categories of service providers include:
(a) Colocation and physical infrastructure: Flexential Corp. (dedicated cabinet operating Oluri-owned hardware), and any successor data-center provider. Flexential does not have logical access to User Content; their service is limited to power, cooling, network, and physical security of the cabinet.
(b) Payment processing: Stripe, Inc. (Subscription Fees and the Service Fee charged on Tier 1 Merchant purchases).
(c) Messaging delivery and FindMy location retrieval: Blooio (iMessage relay, SMS carrier gateways for fallback delivery to non-Apple devices, and the FindMy location-sharing API used by the optional Location Feature described in Section 4.5). Blooio acts strictly as a processor for both messaging and location and is bound by contractual terms that limit use to delivering those data to the Service.
(d) Email and calendar APIs: Google LLC (Gmail and Google Calendar APIs) for messages and events you authorize through OAuth. Oluri's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
(e) Artificial intelligence inference and embeddings: operated solely by Oluri on hardware Oluri owns or leases. No third-party cloud AI provider is used for inference on User Content.
(f) Operational analytics, logging, and error monitoring providers (limited to operational metadata, never message content).
(g) Security, fraud prevention, and identity verification providers.
(h) Backup and offsite storage: an encrypted-at-rest object-storage provider for offsite copies of database backups; the encryption key is held by Oluri and the storage provider cannot decrypt.
(i) Legal, accounting, tax, and professional advisors, bound by professional confidentiality obligations.
A current list of subprocessors is available upon request at privacy@oluriai.com.
When you connect third-party services (including Google Workspace, Gmail, and Google Calendar), we exchange Personal Information with those services as necessary to perform the actions you authorize. Such third parties' use of your information is governed by their own privacy policies.
When you instruct the Service to perform actions on third-party websites (including purchases, bookings, and form submissions), we transmit information to those websites as necessary to execute the action. Such information becomes subject to the privacy practices of the receiving website.
If Oluri is involved in a merger, acquisition, reorganization, financing, sale of all or substantially all of its assets, bankruptcy, or similar transaction, Personal Information may be transferred to the successor or acquirer. We will use reasonable efforts to ensure that any such successor continues to Process your Personal Information in a manner consistent with this Policy or notify you of any material change and provide you with the opportunity to exercise applicable rights.
We may disclose Personal Information when we reasonably believe disclosure is required or permitted by law; to respond to valid legal process (such as subpoenas, court orders, or search warrants); to cooperate with government or law enforcement investigations; to enforce our Terms; to establish, exercise, or defend legal claims; to investigate or prevent fraud or security incidents; or to protect the rights, property, or safety of Oluri, our Users, or any other person.
We may use and disclose Aggregate Information for any lawful purpose, including product research, industry analysis, and marketing.
We will disclose Personal Information to any other party with your explicit direction or consent.
We retain Personal Information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:
7.1 Account data is retained for the life of your Account and for up to ninety (90) days thereafter to allow for account recovery, subject to longer retention where required by legal obligation;
7.2 Knowledge graph data is retained for the life of your Account. You may request deletion or correction of specific entries at any time through the Service or by contacting us;
7.3 Message content is retained for the life of your Account, with temporally-invalid (superseded) memory entries retained as historical records unless you request deletion;
7.4 Vault data is retained until you delete it or terminate your Account, and is cryptographically inaccessible to Oluri personnel under normal circumstances;
7.5 Transaction and payment records are retained for seven (7) years or the longer period required by applicable tax, accounting, or anti-money-laundering law;
7.6 Log and security data is retained for up to thirteen (13) months, except where longer retention is necessary to investigate a security incident or comply with a legal obligation;
7.7 Decision and policy traces are retained for up to twenty-four (24) months for auditability; and
7.8 Backups are retained for up to thirty (30) days and are overwritten on a rolling basis;
7.9 Location coordinate samples collected under the optional Location Feature (Section 4.5) are retained for a maximum of thirty (30) days and are then automatically and irreversibly purged. This thirty-day limit is enforced architecturally and is not subject to extension. Named places, episode anchors, and consent events related to the Location Feature are retained on the terms described in Section 4.5.
Upon termination of your Account or upon verified request, we will delete or de-identify Personal Information within a reasonable period, subject to legal or contractual retention obligations.
We implement and maintain administrative, physical, and technical safeguards designed to protect Personal Information against unauthorized access, disclosure, alteration, or destruction. Our measures include:
8.1 Encryption of Personal Information in transit using Transport Layer Security (TLS 1.2 or higher) and at rest using industry-standard algorithms (AES-256-GCM);
8.2 Envelope encryption of Vault contents with per-user key derivation (PBKDF2 with 210,000 iterations) tied to a User-chosen PIN not stored by Oluri;
8.3 Row-Level Security enforcement in our primary data store, scoped to the authenticated User identity;
8.4 Network-layer Server-Side Request Forgery protections on all outbound agent traffic;
8.5 Access controls, least-privilege permissions, and audit logging for Oluri personnel;
8.6 Multi-factor authentication for administrative access;
8.7 Regular security reviews, dependency monitoring, and vulnerability management;
8.8 HMAC signature verification on inbound webhooks; and
8.9 Incident response procedures designed to identify, contain, and remediate security incidents and notify affected Users where required by law.
8.10 Confidential Compute Infrastructure. The artificial intelligence models that power the Service execute on dedicated hardware operated by Oluri and configured in a cryptographically attested "confidential compute" mode. Specifically: (a) inference runs on NVIDIA GPUs operating in Single-GPU Passthrough Confidential Compute mode (Trusted Computing Solutions release 580 driver or successor), producing a hardware-rooted attestation that the model code, the loaded weights, and the protected memory region have not been tampered with; (b) your User Content and knowledge-graph context are loaded into that protected memory region for inference and are not exposed to the underlying host operating system, the colocation facility, or any third party with physical access to the hardware; (c) Oluri does not route User Content through general-purpose third-party cloud artificial-intelligence providers (including, without limitation, OpenAI, Anthropic, Google Gemini, Cohere, or any other provider that processes inputs on shared multi-tenant infrastructure) for the generation of Output; and (d) embedding generation (for semantic search of your knowledge graph) and ancillary services run within the same operational boundary, on hardware Oluri controls. This architecture is a deliberate privacy choice, intended to provide stronger guarantees than industry-standard cloud AI deployments. No system is perfectly secure, and we do not warrant that confidential-compute attestation is unbreakable; we warrant only that we have configured the Service to operate in this mode and that we will not knowingly route User Content outside it for inference.
8.11 Architectural Safeguards on Automated Actions. The Service includes hard architectural fences designed to prevent specific classes of mistake when taking actions on your behalf. These include refusal to draft email or messages to a person you have designated as opposing counsel or an opposing party in a legal matter, refusal to delete documents associated with a legal matter you have flagged as subject to a litigation hold, and refusal by the Service to generate Outputs that purport to substitute for advice from a licensed professional in domains where the Service defers to a professional (medicine, mental health, law, tax, regulated finance). These safeguards reduce, but do not eliminate, the risk that an Output or an automated action is wrong, inappropriate, or harmful. They are a complement to, not a substitute for, the disclaimers in Section 13 and the human-in-the-loop responsibilities described in our Terms of Service.
No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect Personal Information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your Account credentials, including your Vault PIN.
In the event of a security incident resulting in unauthorized access to, acquisition of, disclosure of, or loss of Personal Information ("Data Breach"), Oluri will:
9.1 Investigate and contain the Data Breach as promptly as reasonably practicable;
9.2 Notify affected Users without undue delay and in any event within the time required by applicable law (for example, within seventy-two (72) hours of becoming aware of a notifiable Data Breach under the GDPR, or in the manner and time prescribed by state breach notification statutes);
9.3 Notify applicable regulators where required by law;
9.4 Provide affected Users with information about the nature of the Data Breach, the categories of Personal Information involved, the likely consequences, the measures taken to address the Data Breach, and steps Users can take to protect themselves; and
9.5 Provide appropriate remediation, which may include credit monitoring, where the nature of the Data Breach warrants.
Depending on your jurisdiction, you may have certain rights with respect to your Personal Information as described below. We will honor verified requests to the extent required by Applicable Privacy Laws and within the timelines specified therein.
Regardless of jurisdiction, you may:
(a) Access and review Personal Information associated with your Account through the Service;
(b) Update or correct inaccurate Personal Information;
(c) Delete your Account and associated Personal Information, subject to legal retention requirements;
(d) Export a copy of your Personal Information in a portable format; and
(e) Close your Account at any time.
If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:
(a) Right to Know. You have the right to request that we disclose: the categories of Personal Information collected; the categories of sources from which Personal Information was collected; the business or commercial purposes for collecting, selling, or sharing Personal Information; the categories of third parties with whom we shared Personal Information; and the specific pieces of Personal Information we collected about you, covering the preceding twelve (12) months or a longer period where you so request and we have the information.
(b) Right to Delete. You have the right to request deletion of Personal Information we collected from you, subject to enumerated exceptions under the CCPA.
(c) Right to Correct. You have the right to request correction of inaccurate Personal Information.
(d) Right to Opt Out of Sale or Sharing. Oluri does not sell Personal Information for monetary consideration and does not share Personal Information for cross-context behavioral advertising as those terms are defined under the CCPA. No opt-out is therefore required, but you may nonetheless submit a request, which we will honor.
(e) Right to Limit Use of Sensitive Personal Information. You have the right to direct Oluri to limit use of Sensitive Personal Information to purposes specified under the CCPA. Oluri does not use Sensitive Personal Information for purposes other than those permitted without opt-out.
(f) Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights, including by denying service, charging different prices, providing a different level of service, or suggesting that you will receive a different price or service.
(g) Right to an Authorized Agent. You may designate an authorized agent to make requests on your behalf. We require verification of the agent's authority, including written permission or a power of attorney.
To exercise these rights, email privacy@oluriai.com with the subject line "California Privacy Request" or use the in-Service controls. We may require verification of your identity before fulfilling a request.
If you are a Tennessee resident, under the Tennessee Information Protection Act you have the right to: (a) confirm whether Oluri is processing your Personal Information; (b) access and obtain a copy of your Personal Information; (c) correct inaccuracies; (d) delete Personal Information provided by you or obtained about you; (e) obtain a portable copy of your Personal Information; and (f) opt out of targeted advertising, sale of Personal Information, and profiling in furtherance of decisions that produce legal or similarly significant effects. Oluri does not engage in any of the foregoing processing that would trigger opt-out rights. You also have the right to appeal denial of a rights request by emailing privacy@oluriai.com with the subject "TIPA Appeal."
If you are a resident of a state that has enacted a comprehensive consumer-privacy statute, you may have the right to: (a) access Personal Information we Process about you; (b) correct inaccurate Personal Information; (c) delete Personal Information; (d) obtain a portable copy; (e) opt out of targeted advertising, sale, and certain profiling (Oluri does not engage in targeted advertising, sale, or automated decision-making producing legal or similarly significant effects); and (f) appeal a denial of a rights request. Florida residents have additional rights under the Florida Digital Bill of Rights, including the right to opt out of the collection of sensitive data. Submit requests to privacy@oluriai.com.
If you are located in the EEA, UK, or Switzerland, you have rights under the GDPR or UK GDPR to: (a) access your Personal Information; (b) request rectification; (c) request erasure; (d) restrict Processing; (e) object to Processing based on legitimate interests; (f) data portability; (g) withdraw consent; and (h) lodge a complaint with your local supervisory authority.
We will respond to rights requests within forty-five (45) days where required by the CCPA, one (1) month where required by the GDPR, or the timeline set by other Applicable Privacy Laws. We may extend these timelines once by an additional forty-five (45) days (or two (2) months under the GDPR) where reasonably necessary, and will inform you of any extension.
To protect the security of your Personal Information, we will take reasonable steps to verify your identity before fulfilling a rights request. Verification may require you to provide information matching what we have on file or to authenticate through the Service. We will not request additional information for verification purposes beyond what is reasonably necessary.
If we deny any rights request, you may appeal by submitting a written request to privacy@oluriai.com with the subject line "Rights Request Appeal" within sixty (60) days of our denial. We will respond to an appeal within the timeframe required by law.
You may, through your interactions with the Service, choose to provide Sensitive Personal Information or special categories of data (as defined under the GDPR), including information relating to health, religious or philosophical beliefs, sexual orientation, and similar categories. Your provision of such information through the Service constitutes explicit consent under applicable law to our Processing of such information for the purpose of providing the Service. You may withdraw this consent at any time, though doing so may limit or prevent certain functionality of the Service.
Oluri does not use Sensitive Personal Information for cross-contextual behavioral advertising, to infer characteristics for the purpose of targeting, or for purposes unrelated to the Service.
The Service is not directed to children under the age of thirteen (13), and we do not knowingly collect Personal Information from children under thirteen (13). If you are a parent or guardian and believe your child has provided Personal Information to us, please contact privacy@oluriai.com and we will investigate and delete the information as required by COPPA.
Users between the ages of thirteen (13) and eighteen (18) must have the consent of a parent or legal guardian to use the Service. For Users who are known to be minors, Oluri does not engage in targeted advertising, sale of Personal Information, or profiling in furtherance of legal or similarly significant decisions. Texas residents under the age of eighteen (18) receive the additional protections of the Texas Securing Children Online through Parental Empowerment Act (SCOPE Act).
A parent or legal guardian of a minor User may contact privacy@oluriai.com to review, correct, or delete the Personal Information of the minor User, or to terminate the minor User's Account.
Oluri is not a covered entity or business associate under the Health Insurance Portability and Accountability Act ("HIPAA"). The Service is not designed to store Protected Health Information as that term is defined under HIPAA, and you agree not to provide Protected Health Information through the Service.
Information you provide about your own health, wellness, nutrition, medication, fitness, sleep, mood, or similar topics is stored as part of your knowledge graph to enable the Service to serve you, but it is not subject to HIPAA protection and is not medical information in any professional or clinical sense.
Oluri is not a substitute for professional medical, psychiatric, psychological, or therapeutic advice, diagnosis, or treatment. Any information, response, recommendation, or reminder provided through the Service is not a diagnosis, prescription, or course of treatment. Always consult a qualified health-care professional regarding your health. Never disregard professional medical advice or delay seeking it because of something you learned from the Service.
Oluri is based in the United States and processes Personal Information in the United States and other jurisdictions where our service providers operate. If you access or use the Service from outside the United States, your Personal Information may be transferred to, stored, and processed in a country with different data protection laws than your country of residence.
For transfers of Personal Information out of the EEA, UK, or Switzerland, we rely on: (a) the European Commission's Standard Contractual Clauses or the UK's International Data Transfer Agreement; (b) adequacy decisions where applicable; or (c) other lawful transfer mechanisms. You may request a copy of the transfer safeguards we have implemented by emailing privacy@oluriai.com.
The Website uses cookies, local storage, session storage, web beacons, pixel tags, and similar technologies (collectively, "Tracking Technologies") for authentication, session management, preferences, analytics, and security.
(a) Strictly necessary Tracking Technologies are required to provide the Service, including authentication, security, load balancing, and fraud prevention. These cannot be disabled without preventing the Service from functioning.
(b) Functional Tracking Technologies remember your preferences and settings.
(c) Analytics Tracking Technologies help us understand how the Service is used in aggregate to improve performance and experience.
We do not permit third parties to place Tracking Technologies on the Service for cross-site tracking, targeted advertising, or any purpose other than the services the third party performs for Oluri under contract.
You can control Tracking Technologies through your browser settings. Disabling strictly necessary Tracking Technologies may prevent the Service from functioning. Instructions for managing Tracking Technologies on common browsers are available at the respective browser provider's help pages.
Some browsers transmit Do Not Track ("DNT") signals. Because there is not yet a common understanding of how to interpret DNT signals, we do not currently respond to DNT signals. We honor opt-out signals consistent with applicable law, including the Global Privacy Control ("GPC") signal, by treating such signals as a valid request to opt out of sale or sharing for California residents and a corresponding opt-out request for residents of other states that recognize such signals.
The Service uses artificial intelligence models to generate responses, execute Tasks, and maintain your knowledge graph. Oluri does not make decisions producing legal or similarly significant effects concerning you based solely on automated Processing within the meaning of GDPR Article 22 or analogous state statutes. Certain Service features (for example, browser-agent execution and scheduled action proposals) involve automated Processing but always under your authorization and with human-in-the-loop controls for high-stakes actions. You may request human review of any automated action taken in connection with your Account by emailing privacy@oluriai.com.
We may amend this Policy from time to time. If we make material changes, we will provide notice through the Service, by email, by in-app notification, or by other reasonable means at least fourteen (14) days before the effective date of the amendment, and we will update the "Last Updated" date above. Non-material changes take effect upon posting. Continued use of the Service following such notice constitutes acceptance of the amended Policy. If you do not agree to an amended Policy, you must discontinue use of the Service.
In the preceding twelve (12) months, we have collected the categories of Personal Information identified in Section 4 for the purposes described in Section 5. We have disclosed these categories to the categories of recipients described in Section 6. We have not sold Personal Information for monetary consideration and have not shared Personal Information for cross-context behavioral advertising.
California Civil Code Section 1798.83 permits California residents to request a notice identifying the categories of Personal Information we share with our affiliates or third parties for marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.
Nevada residents may opt out of the "sale" of Personal Information under Nevada law by emailing privacy@oluriai.com. Oluri does not sell Personal Information within the meaning of Nevada law.
Marketing email messages sent by Oluri (sent only to Users who have opted in) include the physical postal address of Oluri, accurate sender identification, and a functional unsubscribe mechanism, consistent with the CAN-SPAM Act (15 U.S.C. §§ 7701 et seq.). You may opt out of marketing email at any time by clicking the unsubscribe link in any marketing message or by emailing hi@oluriai.com. Opting out of marketing email does not affect transactional emails necessary to provide the Service.
Oluri's text-messaging practices comply with the Telephone Consumer Protection Act (47 U.S.C. § 227) and its implementing regulations. Transactional messages — namely, Oluri's responses to your messages, confirmations of Tasks, payment receipts, account notices, and similar Service-related communications — are sent in reliance on your express consent given by providing your mobile telephone number and accepting the Terms of Service, which is the same consent the Service requires in order to function. Marketing or promotional messages will not be sent without your separate prior express written consent. You may reply STOP at any time to stop non-essential messages or HELP for help. Standard message and data rates may apply.
If you have questions, concerns, or requests regarding this Policy or our Processing of your Personal Information, contact us at:
Oluri AI LLC
Attention: Privacy Officer
370 Mallory Station Road, Suite 503
Franklin, Tennessee 37067, United States
Privacy requests: privacy@oluriai.com
Legal: legal@oluriai.com
Support: hi@oluriai.com
Website: oluriai.com