olostep

Privacy Policy

Date of last revision: July 15, 2025

1. Introduction and Scope

This Privacy Policy ("Policy") explains how Olostep Technologies Inc. ("Olostep," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with our websites, products, services, APIs, agents, extensions, and related offerings (collectively, the "Services"). This Policy is intended to be read together with our Terms of Service and is designed to comply with applicable laws, including the EU/UK GDPR and the California Consumer Privacy Act as amended by the CPRA (together, "CCPA").

By accessing or using the Services, you acknowledge this Policy and consent to the practices it describes. If you do not agree, you should not access or use the Services.

2. Who We Are and How to Contact Us

Olostep Technologies Inc. is the provider of the Services. If you have questions about this Policy or our privacy practices, contact us at info@olostep.com.

3. Description of the Services and Our Roles

Olostep is the programmatic layer to access and interact with the Web. We enable customers to discover, access, extract, parse, transform, and interact with public web content from sources including search engines, e-commerce sites, and general web pages, and to build reliable automations for AI and agents.

  • Controller role: For our own website operations, account management, billing, security, support, marketing, and compliance, we act as a data controller.
  • Processor role: For data that customers direct us to process via the Services (for example, fetching and transforming public web content or running automations), we generally act as a data processor/service provider and process such data on the customer’s documented instructions.

4. Information We Collect

The information we collect depends on how you interact with us and the Services:

  • Account and Contact Information: Name, email address, organization, role, and authentication identifiers (including via third-party Single Sign-On, if used).
  • Billing and Payment Information: Payment method details and billing information processed by our payment provider(s).
  • Service Usage Information: Logs, metadata, request/response sizes, timestamps, error diagnostics, IP address, device and browser information, and settings related to your use of the Services (e.g., API calls, rate limiting, security events).
  • Customer-Directed Content: Web content, prompts, instructions, configurations, and other data that you or your users submit or request we process via the Services.
  • Support and Communications: Information you provide when you contact support, submit feedback, or participate in testing, surveys, or compliance reviews (including identity verification to the extent required by law or our policies).
  • Cookies and Similar Technologies: We may use cookies or similar technologies for essential functionality, analytics, and security. See “Cookies and Tracking” below.

We do not intentionally collect sensitive personal information unless strictly necessary and permitted by law and our agreements with you.

5. Legal Bases for Processing (GDPR/UK GDPR)

We rely on the following legal bases, as applicable:

  • Performance of a contract and to take steps at your request prior to entering into a contract;
  • Legitimate interests, such as securing, improving, and operating our Services;
  • Compliance with legal obligations; and
  • Consent, where required by law and where we specifically request it.

6. How We Use Information

  • Provide, maintain, and improve the Services and our infrastructure.
  • Authenticate users; manage accounts, subscriptions, and billing.
  • Detect, prevent, and investigate fraud, abuse, security incidents, and misuse.
  • Comply with law, enforce agreements, and protect rights.
  • Provide support, communications, service updates, and product information.
  • Conduct analytics and aggregate reporting to improve performance and reliability.

7. How We Share Information

  • Service Providers and Subprocessors: Infrastructure, security, analytics, customer support, payment processing, and other vendors who process data on our behalf under appropriate contractual safeguards.
  • Affiliates: Within our corporate group to the extent necessary for the purposes described in this Policy.
  • Legal and Compliance: To comply with applicable law, legal process, or lawful requests; to enforce our agreements; to protect the rights, property, or safety of Olostep, our users, or others.
  • Business Transfers: In connection with mergers, acquisitions, reorganizations, or similar corporate transactions, subject to applicable law.

We do not sell personal information and do not share it for cross-context behavioral advertising as defined by the CCPA/CPRA.

8. International Transfers

We may transfer personal data outside your country, including to jurisdictions that may not provide the same level of protection. Where required, we implement appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

9. Data Retention

We retain information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on data category and our legitimate business needs. When data is no longer required, we will delete or anonymize it.

10. Security

We implement technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction, appropriate to the risks presented. No system is perfectly secure; we encourage you to use strong credentials and safeguard your account access.

11. Cookies and Tracking

We may use cookies and similar technologies for essential functionality, security, and analytics. You can control cookies via your browser settings. If we implement additional tracking for advertising, we will update this Policy and provide required disclosures and choices.

12. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your personal data; to restrict or object to certain processing; and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with a supervisory authority.

California residents may have rights under the CCPA/CPRA including the right to know, delete, correct, and opt out of sale or sharing. We do not sell or share personal information as defined by the CCPA/CPRA. You will not be discriminated against for exercising your rights.

To exercise your rights, contact us at info@olostep.com. We may need to verify your identity before responding.

13. Children’s Privacy

The Services are not directed to individuals under 18, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

14. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated date. Your continued use of the Services after changes become effective constitutes acceptance of the updated Policy.

15. Additional Information for California Residents

We provide the disclosures required by the CCPA/CPRA regarding the categories of personal information collected, sources of personal information, purposes of processing, and disclosures to third parties in the sections above. You may exercise your rights as described in “Your Rights and Choices.”