Legal
Effective date: [effective date] · Last updated: [date]
This Privacy Policy explains how [legal entity name], a U.S. C-corporation being formed in [state of incorporation](“Olive,” the “Company,” “we,” “us,” or “our”) collects, uses, shares, and protects personal data. It applies to:
We have written this policy to address the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”). Because our Site and beta are publicly accessible, we assume EU, UK, and California users may reach them.
Plain-language summary (not a substitute for the full policy):We collect account, contact, and device information to run a two-sided compute marketplace. The most important thing to understand is in Section 1: your compute jobs run on other people’s hardware that we do not physically control, so Olive is intended only for non-sensitive data today.
Unlike a traditional cloud provider, Olive is a decentralized compute platform. Jobs submitted by Customers are routed through our control plane (hosted on Amazon Web Services) and then scheduled to run on third-party consumer or corporate machines operated by independent Device Owners.
We apply meaningful technical safeguards, including running every workload inside a signed, network-isolated Docker sandbox on the host device, signing job artifacts and results with Ed25519 keys, and verifying results through sampled redundant execution. These measures protect the integrity of computation (that the job ran correctly and was not tampered with).
They do not guarantee secrecy. On commodity consumer hardware, we cannot cryptographically guarantee that the owner of a device is unable to access or inspect data while a job is running in memory. As a result:
A future “confidential tier” running on attested corporate hardware with Trusted Execution Environments (TEEs) is planned but not available. Nothing in this policy should be read as a present commitment to provide it.
| Data | Olive’s role | Notes |
|---|---|---|
| Account, marketing/contact, and device-profile data | Controller | We determine the purposes and means of processing this data. |
| Customer-submitted job inputs and outputs (“Job Content”) | Processor | The Customer is the Controller for any personal data inside Job Content. A Data Processing Addendum (DPA) governs this relationship — see Section 7 and the Customer Terms. |
| Device Owner’s handling of transient job execution data | Sub-processor | When a Device Owner runs a sandboxed job, transient connection metadata may be processed on their hardware. |
| Processing activity | Data involved | Lawful basis |
|---|---|---|
| Create and manage accounts | Name, email, password hash, API keys | Contract — Art. 6(1)(b) |
| Handle marketing leads / inquiries | Name, email, company, message | Consent — Art. 6(1)(a), and/or Legitimate interests — Art. 6(1)(f) |
| Schedule, execute, and verify compute jobs | Job Content; device profiles; region/IP | Contract — Art. 6(1)(b) |
| Issue payouts and meet tax-reporting duties | Payout and tax data | Legal obligation — Art. 6(1)(c) |
| Secure, monitor, and improve the platform; detect fraud; verify integrity | Telemetry, heartbeats, logs, IP | Legitimate interests — Art. 6(1)(f) |
Where we rely on legitimate interests, you may object (see Section 8). Where we rely on consent, you may withdraw it at any time.
We share personal data with service providers strictly as needed to operate the platform.
We require third parties to handle personal data under written agreements with appropriate confidentiality and security obligations.
Open-weight model licenses. Models offered through the platform (e.g., Llama, Phi, Whisper) carry their own upstream licenses. These licenses govern the models, not personal data, but Customers remain responsible for compliance (see Customer Terms).
We keep personal data only as long as needed for the purposes above or to meet legal obligations.
Olive is based in the United States. Personal data from the European Economic Area (“EEA”) or the UK will be transferred to and processed in the United States. We rely on one or more of the following safeguards:
Note that some sub-processors (e.g., AWS) may themselves be DPF-certified; that does not by itself cover transfers Olive receives directly from EEA/UK users.
You have the rights to: access your data; rectify inaccurate data; erase data (subject to exceptions); restrict or object to processing; data portability; and to withdraw consent. Because Olive does not use an immutable blockchain, erasure requests can be honored across our active systems.
To exercise these rights, contact us at privacy@olivecompute.com. We will respond within the period required by law (generally one month under GDPR). You may also lodge a complaint with your local supervisory authority.
You have the rights to know, delete, correct, and to opt out of the “sale” or “sharing” of personal information, and the right to non-discrimination for exercising these rights.
We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under CCPA/CPRA. Our disclosures to AWS and other vendors are made for business purposes to service providers under written contracts.
To make a request, contact us at privacy@olivecompute.com.
We use cookies that are strictly necessary to authenticate users and maintain sessions. Any non-essential or analytics cookies are set only with your consent via our cookie banner, and you can change your choice at any time. You can also configure your browser to refuse cookies, though some features may not work.
Olive is not directed to, and is not intended for, anyone under 18. We do not knowingly collect data from anyone under 18. If we learn we have, we will delete it.
We may update this policy to reflect changes to the platform or the law. We will post the updated version on the Site and update the “Last updated” date. Material changes will be communicated via [notice method].
[legal entity name]
Privacy Email: privacy@olivecompute.com
Mailing address: [registered address]