1. Introduction
Reminiscentia Inc. ("we", "us", "our") operates the Hey Olympia app, companion hardware device, and related services (together, the "Service"). Olympia is an AI-powered conversational companion designed primarily for older adults. This Privacy Policy explains what personal data we collect, how we collect it, how we use it, when we share it, and the choices and rights available to you.
We are committed to protecting the privacy of all our users, and we recognise that some primary users may be vulnerable adults. We take particular care to ensure that our data practices are transparent, proportionate, and respectful.
Data Controller: Reminiscentia Inc., 83 Goswell Road, London EC1V 7ER, United Kingdom. For data protection queries, contact our Data Protection Officer at dpo@heyolympia.com.
2. Data We Collect, How We Collect It, and How We Use It
2.1 Account and Identity Data
We collect account data such as your name, email address, role, timezone, authentication details, and account setup details when you create an account, sign in, are invited to join a family group, or update your profile. We use this data to create and manage your account, authenticate you, connect family members to primary users, communicate with you about the Service, and provide customer support.
2.2 Profile, Onboarding, and Preference Data
We collect profile and preference data that you or an authorised proxy enter in onboarding forms or settings, including biography, interests, preferred name, preferred times, selected voice, language and personality preferences, and optional health information or support notes such as health conditions or allergies. We use this data to personalise Olympia's behaviour, prompts, reminders, tone, and responses, and to help the service provide more relevant conversations.
2.3 Conversation, Transcript, and Memory Data
We collect typed chat messages, conversation transcripts, generated summaries, memories, reactions or feedback, and related conversation metadata when you use chat or voice features. We collect this data from your direct interactions with the app and device, and we generate some of it automatically from those interactions. We use this data to deliver conversations, maintain continuity between sessions, provide chat history, analyse conversation quality, and support troubleshooting and safety review.
2.4 Voice and Audio Data
We collect voice audio when you speak to Olympia, use realtime voice features, or when family members record or upload voice messages. We collect this data through your device microphone, the Olympia device, and uploaded media files. We use voice and audio data to transcribe speech, generate spoken responses, deliver family voice messages, provide text-to-speech output, and diagnose quality or reliability issues.
2.5 Family Member and Connected Account Data
If you use family member features, we collect family member profile data, relationship and connection data, recorded or uploaded voice messages, and information shown in family dashboards such as conversation summaries, mood and energy data, and activity timelines for connected primary users. We use this data to connect accounts, deliver family features, present shared updates, and support communication between family members and primary users.
2.6 Uploaded Files and Attachments
We collect files and attachments that you upload through the Service, including voice message audio and other content submitted through supported features. We use uploaded content to provide the requested feature, store and retrieve your content, and associate the content with the relevant account or conversation.
2.7 Device, Usage, and Diagnostic Data
We collect technical and operational data such as IP address, device identifiers, app and browser information, hardware details, interaction logs, session timestamps, error reports, performance diagnostics, and request traces. We collect this data automatically from the app, device, backend services, and monitoring tools when you use the Service. We use it to operate, secure, maintain, debug, and improve the Service and to detect abuse or misuse.
2.8 Location Data
If you grant location permission, we collect geographic coordinates and derived approximate location information such as city, state, and country from your device's location services while you use relevant features. We use location data to personalise conversations, provide time and weather context, and improve the relevance of responses. If location permission is not granted, location-based features may be limited.
2.9 Sensor Data
The Olympia device may use ambient sensor data, such as presence-detection signals from device sensors, to support convenience features such as detecting whether a user is nearby and tailoring device behaviour accordingly.
3. Lawful Basis for Processing
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we rely on the following lawful bases for processing your personal data:
Performance of a contract (Article 6(1)(b)): Processing account data, profile and onboarding data, conversation content, memories, uploaded files, and voice data is necessary to provide the core Olympia service under our Terms of Service.
Legitimate interests (Article 6(1)(f)): We process device, usage, diagnostic, security, and limited operational review data to maintain, secure, debug, and improve the Service, prevent abuse, and investigate incidents. We have considered these interests and believe they do not override your rights and freedoms.
Consent or permission (Article 6(1)(a), where applicable): We rely on your permission or consent where required for access to device capabilities such as microphone or location services, and where platform rules require an in-app permission flow before personal data is shared with third-party AI providers for AI-powered features.
Legal obligation (Article 6(1)(c)): We may process data where required to comply with applicable laws, regulations, court orders, or lawful requests from public authorities.
4. How We Share Your Data (Third-Party Processors)
Before the app sends personal data to OpenAI or ElevenLabs for AI-powered chat and voice features, the app presents an in-app disclosure and asks for your agreement. If you do not agree, you will not be able to continue to those AI-powered features in the app.
We use carefully selected third-party AI and infrastructure providers to power the Service. We select providers whose contractual, technical, and organisational commitments provide at least equal protection for the personal data we share with them.
4.1 OpenAI
We send conversation text, transcripts, memories, selected profile and onboarding data, preferences, and location context to OpenAI so Olympia can generate and personalise AI responses and analyse conversations. This may include information you choose to provide in onboarding or settings, such as biography, interests, preferred name, preferred times, and optional health information or support notes. Transcribed family voice messages may also be included in the conversation context processed by OpenAI. For details, see the OpenAI Privacy Policy at https://openai.com/privacy.
4.2 ElevenLabs
We send voice audio to ElevenLabs for speech transcription, and we send assistant response text plus selected voice settings to ElevenLabs for text-to-speech generation. Family member voice messages may also be sent to ElevenLabs for transcription. For details, see the ElevenLabs Privacy Policy at https://elevenlabs.io/privacy.
4.3 Supabase
We use Supabase for database hosting, user authentication, and file storage. Account data, conversation data, memories, uploaded files, and stored voice message content may be processed or stored on Supabase infrastructure. For details, see the Supabase Privacy Policy at https://supabase.com/privacy.
4.4 Render
We use Render to host and run our backend application servers. Requests you make to the Service, and data processed by those backend services in order to respond to you, are handled on Render infrastructure. For details, see the Render Privacy Policy at https://render.com/privacy.
4.5 SigNoz
We use SigNoz for application monitoring, logging, and performance diagnostics. Operational logs and telemetry data, such as request traces, timing information, and error reports, are sent to SigNoz to help us maintain and improve service reliability. For details, see the SigNoz Privacy Policy at https://signoz.io/privacy.
Where relevant, third-party providers process personal data under their standard terms, privacy policies, and applicable data processing agreements.
5. Data Retention and Deletion
Conversational transcripts and audio recordings may be retained for up to 90 days for system debugging, support, and service improvement, after which they are automatically deleted unless we need to retain them for a longer period to investigate abuse, incidents, or legal claims.
Account data, profile data, conversation transcripts, memories, family connection data, and uploaded content are retained while your account is active so we can provide the Service to you.
If you request account deletion, we delete the personal data associated with your account, including profile details, conversation transcripts, memories, uploaded voice messages or files, and family-member data associated with your own account, except where we are required by law to retain specific records for a longer period.
You may request deletion of your personal data at any time (see Section 7).
6. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the United Kingdom and the European Economic Area (EEA), including the United States, where some of our third-party providers operate.
Where data is transferred outside the UK or EEA, we use appropriate safeguards, including:
Standard Contractual Clauses (SCCs) approved by the European Commission and the UK's International Data Transfer Agreement (IDTA) or UK Addendum, as applicable;
Adequacy decisions where the UK Secretary of State or European Commission has determined that a country provides an adequate level of data protection.
7. Your Rights Under UK GDPR
Depending on your location, including the UK and EEA, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you, including transcripts and memories.
Rectification: Request correction of inaccurate or incomplete personal data.
Erasure: Request deletion of your account and associated personal data, subject to legal retention obligations.
Restriction: Request that we restrict processing of your data in certain circumstances.
Data portability: Request an export of your data in a structured, commonly used, machine-readable format.
Objection: Object to processing based on legitimate interests.
To exercise these rights, use the Delete account option in the Hey Olympia app, visit the Manage your personal data page on our website, or email us at dpo@heyolympia.com. We will respond within one month, as required by law.
Right to complain: If you are not satisfied with how we handle your data or your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk/make-a-complaint/
8. Proxy Consent and Family Member Data
Olympia is often set up by a family member or carer on behalf of an older adult. If you are creating an account on behalf of another person, you confirm that you have their informed consent to do so, or that you hold a valid Lasting Power of Attorney or equivalent legal authority that authorises you to act on their behalf. Both you and the primary user may independently exercise applicable data rights under Section 7.
8.1 Family Member Accounts and Data
Family members can create their own accounts to connect with a primary user. If you use family member features, the following data practices apply:
Voice messages that family members record or upload are stored on our servers and associated storage providers.
Voice message audio may be sent to ElevenLabs for transcription (see Section 4.2).
Transcribed voice messages may be included in the primary user's conversation context, which may be processed by OpenAI (see Section 4.1).
Family members can view conversation summaries, mood and energy data, and activity timelines for connected primary users through the Service.
Family members may delete their account at any time through the app. Deletion removes the personal data associated with their account, including profile details, stored voice messages, and voice message transcripts, except where we are required by law to retain specific records for a longer period.
9. Children's Privacy
The Olympia service is not designed for, directed at, or intended for use by children under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such data promptly. If you believe a child has provided us with data, please contact us at dpo@heyolympia.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify you of material changes by email or through the Hey Olympia app where appropriate before they take effect. Your continued use of the Service after such notice constitutes acceptance of the updated policy.
11. Contact Us
For any privacy questions or to exercise your rights, contact us at:
Data Protection Officer: dpo@heyolympia.com
General support: support@heyolympia.com
Post: Reminiscentia Inc., 83 Goswell Road, London EC1V 7ER, United Kingdom