1. Introduction
Olyve ("we," "us," or "our") operates the website olyve.co and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our digital business card platform, NFC card ordering, contact management, and team management features.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Account Information: name, email address, password, and profile photo when you create an account.
- Business Card Data: job title, company, phone numbers, email addresses, physical addresses, social media links, website URLs, and any other information you choose to include on your digital business card.
- Scanned Card Data: when you use our card scanning feature, we process images of business cards to extract contact information. The original images are processed in real-time and are not permanently stored.
- Payment Information: billing address and payment details when you purchase subscriptions or physical NFC cards. Payment processing is handled by third-party processors (Stripe, SSLCommerz); we do not store full credit card numbers.
- Contact Profiles: information about contacts you save from card exchanges or manually add to your contact list.
- Organization Data: if you create or join an organization, we collect organization name, branding assets, and team member details.
- Communications: messages and information you provide when you contact us for support or feedback.
2.2 Information Collected Automatically
- Usage Analytics: we collect data about how your digital card is viewed, including view counts, geographic location of viewers (city/country level), and timestamps. This powers your card analytics dashboard.
- Device Information: device type, browser type, operating system, and screen resolution.
- Log Data: IP address, access times, pages viewed, and referring URLs.
- Cookies: we use essential cookies for authentication and session management. See Section 7 for details.
2.3 Information from Third Parties
- Social Sign-In: if you sign in with Google, Facebook, Microsoft, or Apple, we receive your name, email, and profile picture from that provider.
- CRM Integrations: if you connect third-party services (Google Contacts, HubSpot, Salesforce, Zoho), we access contact data as authorized by you to sync your Olyve contacts. We only access the scopes you explicitly grant.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the Service
- Create and manage your account and digital business cards
- Process transactions and send related information (confirmations, invoices)
- Deliver card analytics and insights to you
- Facilitate contact exchanges between users
- Sync contacts with connected CRM platforms at your request
- Send important service updates, security alerts, and support messages
- Respond to your inquiries and provide customer support
- Detect, prevent, and address technical issues and fraud
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your business card data to send you marketing from other companies.
4. How We Share Your Information
4.1 Public Profile Information
Your digital business card is designed to be shared publicly. Information you add to your card (name, title, contact details, links) will be visible to anyone who views your card via QR code, NFC tap, or direct link. You control what information appears on your card.
4.2 Organization Members
If you belong to an organization on Olyve, organization administrators may view and manage your card and contact data within that organization.
4.3 Service Providers
We share information with trusted third-party providers who assist in operating the Service:
- Hosting & Infrastructure: cloud hosting and database providers
- Payments: Stripe, SSLCommerz
- Email: for transactional emails (verification, password reset)
- Analytics: aggregated, anonymized usage data
4.4 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Olyve, our users, or the public.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes (e.g., resolving disputes, enforcing agreements).
Card analytics data is retained in aggregated form and cannot be tied back to individual viewers after 90 days.
6. Data Security
We implement industry-standard security measures to protect your data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Contact profile encryption: sensitive contact profile fields (email, phone, website, location, bio, social links, and payment details) are encrypted at the application level using AES-256-GCM before being stored in our database. This means even in the event of a database breach, your sensitive contact data remains unreadable.
- Secure password hashing (bcrypt)
- JWT-based session management with secure, HTTP-only cookies
- Regular security audits and vulnerability assessments
- Role-based access controls for organization data
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Cookies
We use the following types of cookies:
- Essential Cookies: required for authentication, session management, and core functionality. These cannot be disabled.
- Preference Cookies: remember your settings such as theme preferences and region.
We do not use third-party advertising or tracking cookies. You can manage cookies through your browser settings.
8. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data ("right to be forgotten")
- Export your data in a portable format
- Withdraw consent for optional data processing
- Object to processing based on legitimate interests
- Disconnect third-party integrations at any time
To exercise these rights, contact us at privacy@olyve.co or delete your account from your dashboard settings.
9. Third-Party Integrations
When you connect a third-party service (Google Contacts, HubSpot, Salesforce, Zoho CRM), you authorize Olyve to access specific data from that service. We only request the minimum scopes necessary:
- Google Contacts: read and write access to your contacts for syncing Olyve contact profiles.
- HubSpot / Salesforce / Zoho: create and update contact records in your CRM.
You can disconnect any integration at any time from your dashboard. Upon disconnection, we revoke access tokens and stop syncing data. Data already synced to those platforms is governed by their respective privacy policies.
10. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in compliance with applicable data protection laws.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy, contact us at: