olla.talk Privacy Policy
Published and effective July 10, 2026.
1. Controller
OllaAI is the controller of personal data processed through olla.talk. Representative and Privacy Officer: Jeongui Lee. Business registration number: 551-24-02346. Mail-order business report: 2026-Gyeonggi Dongducheon-0104.
Address: 2488 Pyeonghwa-ro, Dongducheon-si, Gyeonggi-do, Republic of Korea. Telephone: +82-10-9611-9152. Email: support@olla.talk.
2. Data, purposes, and collection
- Email accounts: email, display name, password hash, email verification status, preferred language, and consent records for registration, authentication, translation preferences, and account administration.
- Social sign-in: Google, Apple, or Kakao provider name, provider user ID, verified email where supplied, and display name for sign-in and account linking.
- Guests: display name, preferred language, room ID, session identifier, and expiry for temporary access to one invited room.
- Chat: original and translated message text, timestamps, room membership, and reactions for real-time chat and AI translation.
- Images: profile or message images selected by the user, file name, type, size, and dimensions for upload and display.
- Contacts and invitations: relationships formed within olla.talk, aliases, visibility, and invitation status.
- Safety: reporter and reported party, room and message identifiers, a snapshot of the reported message and attachment metadata, reason, optional details, status, block relationship, and timestamps for reports, blocking, enforcement, user protection, and review after deletion.
- Notifications: FCM token or Web Push subscription and notification language and preferences.
- Payments: order, payment, and billing identifiers, product, amount, approval, cancellation, and refund status. OllaAI does not store full card numbers.
- Automatically generated: IP address, user agent, access, error, and security records, and token hashes for security, incident response, and abuse prevention.
Contacts are relationships inside olla.talk; the app does not upload the device address book. Camera access is used for QR scanning. Photos are sent to the server only when the user chooses to upload them.
3. AI translation
Message text and source and target language parameters are sent to the OpenAI API for translation. We do not intentionally include account email or passwords in translation requests. AI output may contain errors or omissions and must not be the sole basis for important legal, medical, financial, or safety decisions.
4. Processors and international transfers
- OpenAI, L.L.C. (United States): message text and language parameters for AI translation, transferred through encrypted APIs and retained under the applicable contract and provider policy.
- Resend, Inc. (United States): email addresses and OTP or invitation email content for email delivery, transferred through encrypted APIs and retained for delivery and security purposes.
- Google LLC / Firebase (United States and other service processing locations): FCM tokens and notification information for mobile push, retained until deletion or token expiry.
- Toss Payments: order, payment, and billing information for authorization, cancellation, and refunds, retained under applicable law and contract.
- Google, Apple, and Kakao: OAuth identity information exchanged when the user selects that sign-in provider.
You may choose email sign-up instead of social sign-in. Declining processing essential to AI translation or another overseas service may prevent use of that feature. Actual processing regions and subprocessors may change under each provider's current service policy.
5. Retention
- Account, profile, and consent records: until account deletion.
- Guest sessions: 24 hours from creation plus the minimum operational cleanup period.
- Chat, translations, and attachments: while the room or account is maintained. On account deletion, that user's message text and sender link are removed, and related translations, reactions, and uploaded attachment files are deleted.
- Blocks: until unblocked or account deletion.
- Reports: three years after submission. The reported message snapshot and attachment metadata are retained as review evidence; free-text details and display names that may directly identify a deleted user are removed or minimized on deletion.
- Access and security logs: three months.
- Contract, withdrawal, payment, and supply records: five years where legally required.
- Consumer complaint and dispute records: three years where legally required.
6. Deletion
You can delete your account in Settings. Email, password hash, OAuth links, profile, push subscriptions, contacts, and blocks are deleted or irreversibly replaced. Authored messages become deleted records with no body or sender link; translations, reactions, and uploaded files are deleted. A message snapshot and attachment metadata already included in a submitted report may be retained separately, with identifying information minimized, for the report retention period for user protection and dispute handling. Payment and dispute records required by law are isolated and deleted after their statutory period. Backups are overwritten according to the operational backup cycle.
7. Your rights
You can update your profile, notification and language preferences, manage blocks, and delete your account in the app. Contact support@olla.talk to request access, correction, deletion, suspension of processing, or withdrawal of optional marketing consent. We may verify account ownership before acting on a request. Withdrawing optional marketing consent does not affect core service access.
8. Security
We use password hashing, HTTPS, short-lived access tokens, refresh-token rotation and reuse detection, role-based administration, access controls, restricted personal-data logging, backups, and security reviews. Because the server processes messages for translation, olla.talk is not an end-to-end encrypted messenger.
9. Cookies and device permissions
The web service may use cookies and browser storage for login and OAuth security. The mobile app requests camera, photo, and notification permissions when the relevant feature is used; these permissions can be withdrawn in operating-system settings.
10. Changes and contact
Material changes are normally announced at least seven days before taking effect; changes materially adverse to users will, where practicable, be announced 30 days in advance. Privacy inquiries: Privacy Officer Jeongui Lee, support@olla.talk, +82-10-9611-9152.