Privacy Policy
Last updated: 27 April 2026
Olive AI (“Olive”, “we”, “us”) is committed to protecting your personal data. This policy explains what data we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Olive AI is operated by CSQS Ltd, a company registered in England and Wales operating as Olive AI. For data protection purposes, CSQS Ltd is the data controller.
Contact: [email protected]
2. What data we collect
| Data | Source | Purpose |
|---|---|---|
| Name, email, company name | Portal sign-up | Account creation and identification |
| Phone number, company website, Companies House number | Portal sign-up (optional) | Client onboarding and verification |
| Sector | Portal sign-up | Tailoring the service to your industry |
| Password (hashed) | Portal sign-up | Account authentication |
| Payment information | Stripe (our payment processor) | Processing top-ups. We do not store card details — Stripe handles this. |
| Email content and attachments | Emails you send to Olive | Delivering the service — producing the work you request |
| Session identifier | Portal cookie | Keeping you logged in |
| Usage records | Service delivery | Job tracking, billing, and quality assurance |
3. Lawful basis for processing
We process your personal data on the following bases:
- Contract: To provide the service you have signed up for and paid for (Article 6(1)(b)).
- Legitimate interests: To improve and secure the service, and to communicate about your account (Article 6(1)(f)).
- Legal obligation: To comply with financial and regulatory requirements (Article 6(1)(c)).
4. How we use your data
- To create and manage your account
- To process your requests and deliver work to your inbox
- To process payments via Stripe
- To learn your preferences and improve the quality of work we deliver to you
- To communicate with you about your account and the service
- To detect, prevent, and address technical issues or misuse
5. AI processing
Olive uses artificial intelligence to process your requests and produce deliverables. When you send an email to Olive, the content (including any attachments) is processed by AI models to understand your request and generate the work product. Your data is processed for the sole purpose of delivering the service to you. We do not use your data to train AI models.
As amazing as Olive is — always check the work. Humans make mistakes; so does Artificial Intelligence. AI-generated outputs should be reviewed and verified before being relied upon. See our Terms (section 7) for the full disclaimer.
6. Data sharing
We do not sell your personal data. The third parties with whom we share data are:
- Anthropic PBC (United States): Provides the AI model (Claude) that processes the content of your messages and any attachments you send to us. Anthropic acts as our processor. The contents of API requests are not used to train Anthropic’s models when processed via the commercial API. Anthropic is certified under the EU–US Data Privacy Framework and its UK Extension. See Anthropic’s Privacy Policy.
- Brave Software Inc. (United States): Provides the web search API used by our AI to research industry data and public sources. Acts as our processor.
- Cloudflare, Inc. (United States, with UK points-of-presence): Provides DNS, CDN, edge security and DDoS protection for our website and portal. Acts as our processor.
- Stripe Payments UK Limited: Payment processing. Stripe acts as an independent data controller for payment data. See Stripe’s Privacy Policy.
- GoDaddy / Titan Email (United States): Email delivery and mailbox hosting for Olive’s correspondence with you. Acts as our processor.
- Cloud infrastructure providers: Server hosting and backup of project data, solely for the purpose of running the service.
A current list of our sub-processors is maintained at /sub-processors.
We do not share your data with any other third parties unless required by law.
7. Data storage and security
Your data is stored on secure servers in the United Kingdom and the European Union. We use encryption in transit (TLS) for all connections. Passwords are hashed using bcrypt. Session data is stored server-side. We retain your data for as long as your account is active and for a reasonable period afterwards to comply with legal obligations.
8. International transfers
Some of your data — including the contents of your emails to us and any attachments you send — is processed outside the United Kingdom by service providers based in the United States. The most material transfer is to Anthropic PBC, which provides the AI model (Claude) that processes your requests.
These transfers rely on the following safeguards:
- UK Extension to the EU–US Data Privacy Framework. Anthropic, Brave and Cloudflare are certified under the EU–US Data Privacy Framework and its UK Extension. The UK Government has determined that this provides an adequate level of protection for personal data transferred from the UK to certified US organisations.
- UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses are used where a sub-processor is not DPF-certified or where additional safeguards are needed.
Anthropic’s DPF certification can be verified on the US Department of Commerce DPF programme website.
8a. Third-party personal data in client work
If you are an Olive client, the emails and attachments you send us may contain personal data about third parties — for example, the name of a homeowner or vendor on a property document, or a colleague’s contact details on a project. When that happens, you remain the data controller for that information and Olive acts as your processor under our Data Processing Addendum.
You are responsible for ensuring that you have a lawful basis under UK GDPR to share third-party personal data with us, and (where required) for informing those data subjects in line with Articles 13 and 14 UK GDPR. Olive will process that data only to deliver the work you have asked for, and will not use it for any other purpose.
9. Your rights
Under UK GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Erase your personal data (“right to be forgotten”)
- Restrict processing of your personal data
- Data portability — receive your data in a structured, commonly used format
- Object to processing based on legitimate interests
To exercise any of these rights, email [email protected]. We will respond within 30 days.
10. Cookies
We use a single, strictly necessary session cookie on the client portal to keep you logged in. We do not use tracking cookies, analytics cookies, or any third-party cookies. See our Cookie Policy for details.
11. Children
Olive is a business service. We do not knowingly collect data from anyone under 18. If you believe we have, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email. The “last updated” date at the top reflects the most recent revision.
13. Complaints
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO):
ico.org.uk/make-a-complaint
Telephone: 0303 123 1113