Policy

Privacy Policy

This privacy notice for Odin AI describes how and why we might process your information when you use our services.

Last updated: September 21, 2023

Trust center

Policy brief

Overview

Note to Odin Task Automator Customer End Users

1. What information do we collect?

Overview

We're One Realm Inc., proprietors and governors of Odin, also referred to as the application, Service, or app. This privacy notice for Odin explains how and why we may collect, store, use, and/or share your details when you use our Services, including when you visit getodin.ai or engage with us through sales, marketing, events, or related interactions. Reading this notice helps you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. Questions may be sent to support@getodin.ai.

Note to Odin Task Automator Customer End Users

Our Service allows Customers to create automated flows, sometimes using APIs. A Customer may access Customer End User Personal Data and use our Service to work with it as it is stored with them and their other processors, and may transmit and store it through our Service. We do not control a Customer's use of Personal Data they collect from you and provide to us. Customer-stored information may include names, email addresses, physical addresses, phone numbers, payment information, location, organizational contacts, usernames, aliases, roles, authentication credentials, support communications, images, voice, identity information, corporate and financial information, VAT numbers, and other tax identifiers. If you are a Customer End User and wish to exercise rights over your Personal Data, please contact the Customer directly.

1. What information do we collect?

We collect personal information that you voluntarily provide when you register for the Services, express interest in our products and Services, participate in activities on the Services, or otherwise contact us. The personal information we collect depends on your interactions, choices, products, and features used, and may include email addresses, names, and contact or authentication data. We do not process sensitive information. Payment data needed to process purchases is stored by Stripe. You must provide true, complete, and accurate personal information and notify us of changes.

  • Information automatically collected may include IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, usage details, and other technical information.
  • Log and usage data may include IP address, device information, browser type, settings, activity in the Services, pages and files viewed, searches, feature usage, content prompts and inputs, Odin-generated responses, system activity, error reports, and hardware settings.
  • Device data may include device and application identifiers, location, browser type, hardware model, internet service provider or mobile carrier, operating system, and system configuration.
  • Location data may be precise or imprecise depending on device settings. You may opt out by refusing access or disabling location settings, though some Services may be affected.
  • Calendar schedule and information may be used to deliver Odin's Note-Taking services.

2. How do we process your information?

We process personal information for a variety of reasons depending on how you interact with our Services, including to facilitate account creation and authentication, manage user accounts, deliver and administer Services, process payments, provide customer support, respond to inquiries, send administrative information, protect vital interests, improve Services and the Site, conduct direct marketing, detect fraud and misuse, and provide third-party service integrations.

  • For direct marketing and improvement, Odin and affiliates may use Personal Data and non-identifiable information to improve content and functionality, better understand users, improve Services, and send promotional information about features, pricing, integrations, and service providers. Marketing communications include opt-out instructions.
  • For fraud and misuse detection, we review logs and Personal Data to detect fraud, misuse, illegal activity, or violations of our terms.
  • For third-party service integrations, Customers may authenticate with or log into Third-Party Services through Odin. We collect relevant information and Login Credentials needed to enable the Service to access those Third-Party Services and Customer data.
  • When Third-Party Services are linked, those services may provide access to information Customer provided to them, which we use, store, and disclose according to this Privacy Policy and Customer rules. Third-Party Service privacy practices remain governed by those services' policies.
  • Aggregated Personal Data may be used to research customer demographics, interests, and behavior, improve offerings, and disclose aggregate statistics that do not identify users personally.

3. What legal bases do we rely on?

If you are located in the EU or UK, the GDPR and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on consent, performance of a contract, legal obligations, and vital interests. If you are located in Canada, we may process your information based on express or implied consent, and in some exceptional cases where processing without consent is permitted by applicable law, such as investigations, fraud detection, business transactions, legal compliance, emergency interests, or publicly available information specified by regulation.

Rights under SPDI Rules and GDPR

Odin describes rights under applicable security practices and sensitive personal data rules, including the right to be informed and give consent, access your data, correct mistakes, and withdraw consent. If you are located in the EEA, UK, or Switzerland, GDPR rights may include the right to be informed, right of access, rectification, erasure, restriction of processing, data portability, objection, rights related to automated decision-making and profiling, and the right to lodge a complaint with a competent supervisory authority. To exercise rights, contact us using the details in this notice. We may need to verify your identity before processing a request.

4. When and with whom do we share your personal information?

We may share data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to do that work. Contracts with these third parties are designed to safeguard personal information. Third parties may include Google Site Search for content optimization, Stripe for invoice and billing, Google Analytics for web and mobile analytics, OpenAI for content generation, and Recall and Deepgram for meeting management.

  • Business transfers: we may share or transfer information during negotiations of, or in connection with, a merger, sale of assets, financing, or acquisition.
  • Law enforcement and internal operations: Personal Data may be provided where required by law or where reasonably necessary to respond to claims, comply with legal process, enforce policies, prevent fraud, support product development, debug issues, or protect rights, property, or safety.
  • Third parties: we may share Personal Data with companies and individuals that perform functions or services on our behalf, while taking steps to ensure appropriate privacy protections.
  • Third-party integrations: we share Customer login data and End User Personal Data to provide the Services as instructed by Customer.
  • Odin account collaborators: Team account administrators and collaborators may access certain information such as name, email address, task usage, workflows, and Third-Party Services linked to the Team account.
  • We do not use Google Workspace APIs to develop, improve, or train any AI and/or ML models available on Odin AI or otherwise.

5. Do we use cookies and other tracking technologies?

We may use cookies and similar tracking technologies, such as web beacons and pixels, to access or store information. Specific information about how we use these technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. Is your information transferred internationally?

Our servers are located in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where we or third parties operate. If you are a resident of the EEA or UK, we will take necessary measures to protect your personal information according to this notice and applicable law, including use of European Commission Standard Contractual Clauses where applicable.

7. How long do we keep your information?

We keep personal information only as long as necessary for the purposes in this notice, unless a longer retention period is required or permitted by law. No purpose in this notice requires us to keep personal information longer than the period in which users have an account with us. When we no longer have a legitimate business need to process personal information, we delete or anonymize it, or securely store and isolate it until deletion is possible.

8. How do we keep your information safe?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Transmission of personal information to and from our Services is at your own risk, and you should only access the Services within a secure environment.

9. Do we collect information from minors?

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of a minor and consent to that minor dependent's use of the Services. If we learn that personal information from users under 18 has been collected, we will deactivate the account and take reasonable measures to delete the data. If you become aware of data collected from children under 18, contact support@getodin.ai.

10. What are your privacy rights?

In some regions, including the EEA, UK, and Canada, you may have rights to request access and obtain a copy of personal information, request rectification or erasure, restrict processing, request data portability, and object to processing. We will consider and act on requests according to applicable law. If we rely on consent, you may withdraw consent at any time. You may also opt out of marketing and promotional communications by using unsubscribe links or contacting us. Account information can be reviewed or updated through account settings, and account termination requests may result in deactivation or deletion subject to retention for fraud prevention, troubleshooting, investigations, enforcement, or legal compliance.

11. Controls for Do-Not-Track features

Most web browsers and some mobile operating systems and applications include a Do-Not-Track feature or setting. No uniform technology standard for recognizing and implementing DNT signals has been finalized, so we do not currently respond to DNT browser signals or other mechanisms that automatically communicate a choice not to be tracked online. If a standard is adopted that we must follow, we will inform you in a revised version of this notice.

12. Do EU, UK, and EEA residents have specific privacy rights?

If you are located in the EEA or UK, you have additional rights, including the right to withdraw consent, request deletion of Personal Data where legally required, and request data portability. Deleting Personal Data may terminate access to Services because Personal Data is required to provide them. We take steps to delete Personal Data and content no longer necessary to provide Services within 12 months after account termination, subject to legal, contractual, and legitimate retention obligations.

13. Do California residents have specific privacy rights?

California residents may request information under California Civil Code Section 1798.83 about categories of personal information disclosed to third parties for direct marketing and the names and addresses of those third parties. California residents under 18 with registered accounts may request removal of unwanted data publicly posted on the Services. Under the CCPA, California residents have rights regarding categories of personal information collected, purposes of use, disclosures, deletion, non-discrimination, verification, correction, restriction, authorized agents, and opt-out requests where applicable. Odin has not sold personal information to third parties for a business or commercial purpose in the preceding twelve months.

14. Do Nevada and California residents have specific privacy rights?

This notice states that we do not currently respond to Do-Not-Track browser signals or other mechanisms that automatically communicate a tracking preference because no uniform technology standard has been finalized. If a standard for online tracking is adopted that we must follow, we will update this notice.

15. Do children have specific privacy rights?

One Realm Inc. does not knowingly collect Personal Data from children under the age of 16. If you are under 16, do not submit Personal Data through the Services. Parents and guardians should monitor children's Internet usage and instruct children not to provide Personal Data without permission. If you believe a child under 16 provided Personal Data to One Realm Inc. or Odin through the Services, contact us and we will take necessary steps to comply with the law.

16. Do we make updates to this notice?

The Services and our business may change, so Odin may update or modify this Privacy Policy from time to time. If we do, we will post changes on this page and indicate the date these terms were last revised. We may also notify you through the Service interface, email, or other reasonable means. Changes become effective no earlier than fourteen days after posting, except changes addressing new Service functions or legal reasons, which may be effective immediately. Continued use after changes become effective constitutes acceptance of the new Privacy Policy.

17. Terms of service

Your access to and use of the Services is subject to the Terms of Service at https://getodin.ai/terms-of-service.

18. How can you contact us about this notice?

To keep your Personal Data accurate, current, and complete, contact us as specified in this notice. We will take reasonable steps to update or correct Personal Data in our possession that you previously submitted through the Services. If you have questions about Odin's Privacy Policy or the information practices of the Services, email support@getodin.ai.

19. How can you review, update, or delete the data we collect from you?

You have the right to request access to personal information we collect from you, change that information, or delete it. To request review, update, or deletion of personal information, email support@getodin.ai. Odin's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including Limited Use requirements.