Ollie Health Privacy Policy

Version: 2.0
Effective Date: December 11, 2025
Data Controller: Ollie Health (Pty) Ltd
Information Officer (POPIA): Chimsante Wonani - bookings@ollie.health
Security Officer: Khaya Zulu - khaya@ollie.health
Governing Frameworks: POPIA (South Africa) | GDPR (EU) | HIPAA (USA, where applicable)

Your Privacy Matters to Us

Ollie Health processes sensitive mental and physical health data. We take our responsibility to protect this data with the utmost seriousness.

This Privacy Policy explains exactly what data we collect, why we collect it, how we use it, who we share it with, and what your rights are.

We will never sell your personal data. We will never share your individual health data with your employer. Your clinical data belongs to you.

1. Who We Are & How to Contact Us

Ollie Health (Pty) Ltd is a health orchestration platform providing integrated mental and physical health services to individuals through their employers (Corporate Clients).

  • Data Controller (GDPR) / Responsible Party (POPIA): Ollie Health (Pty) Ltd
  • Information Officer (POPIA): Chimsante Wonani - bookings@ollie.health
  • Security Officer / Deputy Information Officer: Khaya Zulu - khaya@ollie.health
  • Data Residency: Central EU Region (Frankfurt, Germany) - primary and read-replica database otherwise create a DB instance in RSA when required
  • POPIA Regulator: Information Regulator of South Africa (IRSA) - www.justice.gov.za/inforeg

2. What Personal Data We Collect

We collect the minimum data necessary to provide our Services. The data we collect falls into three categories:

2.1 Data You Provide Directly

  • Account & Identity Data: First name, last name, corporate email address, employer name, job function, where required by your Corporate Client.
  • Health Assessment Data: Your responses to validated health assessments: MBI (Maslach Burnout Inventory), WHO-5 Well-Being Index, and other physical or mental health screening tools administered through the Platform.
  • Consultation & Clinical Data: Notes and records from your consultations with GPs, Doctors, Psychologists, or Occupational Therapists. Triage outcomes and referral records. Your stated reason for booking.
  • Mental health & Biometric Data (Mobile Health Clinic): Mental and physical measurements and health indicators collected through ShenAI integration during mobile clinic assessments, such as heart rate, blood pressure indicators, and physical wellness metrics.
  • Ollie AI Session Context: The topics you discuss with Ollie AI and session timestamps.
  • Communications Data: Messages you send to our support team, feedback you provide, and your email/notification preferences.

2.2 Data Generated by Your Use of the Platform

  • Usage Data: Login events, features accessed, pages visited, session duration, appointment history.
  • Technical Data: IP address, browser type, device type, operating system. Used for security monitoring and fraud prevention.
  • Triage & Risk Flags: Risk indicators generated by assessment scoring thresholds. Reviewed by a Clinical Professional before any action is taken.
  • Progress Tracking Data: Longitudinal wellness trends generated from your assessment history over time to support your ongoing care.

2.3 Data We Do NOT Collect

We do not collect or store:

  • Your social media data or data from any platform unless you explicitly integrate it.
  • Data from your employer's HR systems. We receive only basic account provisioning data.

3. How & Why We Use Your Data (Lawful Basis)

We process your data only where we have a valid lawful basis under POPIA and GDPR. For Special Personal Information (health data), we obtain explicit consent in addition to any other lawful basis.

  • Provide health screening and assessments: Assessment responses and health data. Lawful basis: Explicit Consent + Contract. Framework: POPIA s.11/s.26; GDPR Art.6(1)(b) + Art.9(2)(a).
  • Deliver Ollie AI coaching: Session topics and assessment context. Lawful basis: Consent + Contract. Framework: POPIA s.11; GDPR Art.6(1)(a)/(b).
  • Facilitate clinical consultations: Clinical records and assessment results. Lawful basis: Contract + Vital Interests. Framework: POPIA s.11(1)(b)/(d); GDPR Art.9(2)(b)/(c).
  • Triage & emergency referral: Risk flags and assessment scores. Lawful basis: Vital Interests / Duty of Care. Framework: POPIA s.11(1)(d); GDPR Art.9(2)(c); HIPAA section 164.512(j).
  • Mobile clinic & biometric assessment: Physical health measurements and ShenAI data. Lawful basis: Explicit Consent. Framework: POPIA s.26; GDPR Art.9(2)(a).
  • Track your health progress: Assessment history, consultation history, and conversation history. Lawful basis: Consent + Contract. Framework: POPIA s.11; GDPR Art.6(1)(a)/(b).
  • Generate corporate wellness reports: Anonymised, aggregated data only. Lawful basis: Legitimate Interests. Framework: POPIA s.11(1)(f); GDPR Art.6(1)(f).
  • Platform security & fraud prevention: Technical data, login events, and audit logs. Lawful basis: Legitimate Interests. Framework: POPIA s.11(1)(f); GDPR Art.6(1)(f).
  • Legal and regulatory compliance: Financial records and breach records. Lawful basis: Legal Obligation. Framework: POPIA s.11(1)(c); GDPR Art.6(1)(c).
  • Crisis and suicide protocol: Risk flags and emergency contact, if provided. Lawful basis: Vital Interests. Framework: POPIA s.11(1)(d); GDPR Art.9(2)(c); HIPAA section 164.512(j).

4. Special Personal Information & Protected Health Information

The following categories of data are classified as Special Personal Information (POPIA) and/or Protected Health Information (HIPAA) and receive the highest level of protection on our platform:

  • Mental health assessment results (MBI, WHO-5, and all other psychological assessments).
  • Physical health assessment results and biometric data (ShenAI mobile clinic measurements).
  • Clinical consultation notes and records (GP, Doctor, Psychologist, Occupational Therapist).
  • Triage flags, risk indicators, and referral records.
  • Crisis protocol activation records.
  • Health progress tracking data.

This data is subject to:

  • Explicit consent at the point of collection. You are always informed of exactly what is being collected and why.
  • Strict Role-Based Access Control (RBAC). Only you and the Clinical Professional directly involved in your care can access your clinical records.
  • Full AES-256 encryption at rest and TLS 1.3 in transit.
  • A complete data access audit trail.
  • The absolute prohibition on disclosure to your employer in any identifiable form.

5. Personal Data Shared with Ollie AI

This section specifically describes how your personal data interacts with the Ollie AI system, in accordance with your rights under POPIA, GDPR Art.22, and HIPAA.

5.1 What Ollie AI Receives About You

When you interact with Ollie AI (via the web platform or WhatsApp), the following data is made available to the AI system to generate responses:

  • Your health assessment scores: Ollie AI uses your MBI, WHO-5, and other assessment scores to personalise wellness guidance. Your scores indicate your current wellbeing levels and are the primary input to Ollie AI's coaching logic.
  • Session topics: The broad topics you discuss in each AI session, such as work stress, sleep, or relationships, are recorded and used to track your wellness themes over time. Full conversation content is not stored.
  • Session timestamps: The date and time of each interaction with Ollie AI, used to track engagement frequency and generate progress insights.
  • Mood check-in data: If you complete mood check-ins within the Platform, this data is used by Ollie AI to provide contextually appropriate guidance.
  • Current session context: During an active session, the content of the current conversation is sent to AI to generate Ollie AI's responses. This is processed in real-time and is stored as a conversation record by Ollie Health.

5.2 How Ollie AI Uses Your Data to Generate Responses

Ollie AI operates on the following logic. It is important you understand this to make an informed choice about using it:

  • Assessment Scoring: Your responses to validated assessments (MBI, WHO-5) are scored against clinically established benchmarks. Ollie AI receives your scores, not your raw responses.
  • Topic Context: Ollie AI accesses the topics from your recent sessions to maintain continuity in your coaching experience. For example, if you discussed work stress last week, Ollie AI can refer to this theme.
  • Real-Time Processing: The text of your current message is sent to Google Gemini API, our AI processing sub-processor, to generate a response. Google processes this under a Data Processing Agreement with Ollie Health. Google does not use this data to train its public AI models.
  • Risk Threshold Detection: If your assessment scores or session content meets predefined clinical risk thresholds, Ollie AI generates a triage flag. This flag is reviewed by a qualified Clinical Professional. It does not automatically trigger any action.

5.3 Automated Decision-Making by Ollie AI (GDPR Art.22 / POPIA s.71)

Ollie AI does not make solely automated decisions that produce legal or similarly significant effects on you. Specifically:

  • Ollie AI triage flags and risk assessments are reviewed by a qualified Clinical Professional before any clinical action is taken.
  • No diagnosis, treatment, or clinical intervention is initiated by the AI alone.
  • You will always be informed if you are being referred to a Clinical Professional.
  • You have the right to request human review of any AI-generated output that has influenced your care pathway.

To exercise your right to human review of any AI decision, contact: bookings@ollie.health.

5.4 Data Retention for Ollie AI Sessions

  • Full conversation content: Retained. Conversation logs are stored by Ollie Health, but anonymized by ID. Deleted when the account is closed.
  • Session topics: Retained for the duration of your active use of the Platform. Deleted when your account is closed.
  • Session timestamps: Retained for the duration of your active use. Deleted when your account is closed.
  • Assessment scores used by Ollie AI: Retained as clinical records for the period required by applicable health law, minimum 5 years.
  • Triage flags generated by Ollie AI: Retained as clinical records for the period required by applicable health law.

5.5 Ollie AI and Your Employer

Your Ollie AI session data is completely ringfenced from your employer. Specifically:

  • Your employer cannot see your Ollie AI session topics, the themes you have discussed, your mood check-in history, or any AI-generated insights about you as an individual.
  • The only Ollie AI-derived data that reaches your employer's dashboard is an anonymised contribution to population-level wellness trend scores, mathematically impossible to trace back to you individually.
  • If Ollie AI generates a triage flag resulting in a medical intervention, your employer sees only an anonymised count of employees who received medical intervention, not who, not why, and not the clinical details.

5.6 Withdrawing Consent for Ollie AI Processing

You may withdraw your consent for Ollie AI processing at any time by contacting bookings@ollie.health to request deletion of your Ollie AI session context data.

Withdrawal of consent does not affect processing that has already taken place. Withdrawal will mean Ollie AI can no longer provide personalised coaching.

Ollie AI session topic data is deleted when you close your account. If you wish to delete your session topic history while keeping your account active, contact jessica@ollie.health.

6. Who We Share Your Data With

6.1 Clinical Professionals

When you book a clinical consultation, the relevant Clinical Professional is given access to:

  • Your assessment results relevant to the booked consultation.
  • Previous consultation notes from prior sessions with the same professional.
  • Any triage flags relevant to your clinical care.

Clinical Professionals are bound by professional confidentiality obligations (HPCSA, SACSSP, or equivalent) in addition to our contractual data protection obligations.

6.2 Your Corporate Client (Employer)

Your employer receives only:

  • Aggregated, anonymised population-level wellness metrics.
  • Anonymised counts, such as number of employees who accessed medical support, never individual identities.

Your employer has no access to your individual health data, AI session data, clinical records, biometric data, or any information that could identify you in connection with a health outcome.

6.3 Technology Sub-Processors

We use the following sub-processors to deliver our Services. All are bound by Data Processing Agreements and, where applicable, HIPAA Business Associate Agreements:

  • PlanetScale: Primary database. All user and clinical data. AES-256 at rest. Hosted in EU (Frankfurt). AWS KMS key management.
  • Vercel: Platform hosting and deployment. Application code, static assets. WAF, DDoS protection. EU region. Encrypted env vars.
  • Google Gemini API: Ollie AI response generation. Current session content, real-time only. AES-256. Not used to train Google's models. DPA in place.
  • ShenAI: Biometric / physical health data. Physical assessment measurements. BAA + DPA. Explicit consent required.
  • Cal.com: Clinical appointment scheduling. Booking data, availability. SOC 2 Type II + ISO 27001. DPA in place.
  • Stripe: Payment processing. Payment card processing only. PCI-DSS Level 1. No card data touches Ollie Health servers.
  • WhatsApp Business API (Meta): AI coach communication channel. Message content in transit only, end-to-end encrypted at WhatsApp layer. DPA with Meta.
  • Mailchimp / Mandrill: Email communications. Email address and communication preferences. DPA in place. Unsubscribe honoured immediately.

6.4 Legal & Regulatory Disclosures

We may disclose your data where required by law, court order, or regulatory authority. We will notify you of any such disclosure unless prohibited by law.

6.5 We Do Not Sell Your Data

Our Data Sale Policy

Ollie Health does not sell, rent, or trade your personal information or health data to any third party.

We do not use your data for advertising or allow third-party advertisers to access your data.

We do not use your health data to train public AI models.

7. Data Retention

We retain your data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.

  • Clinical & assessment records: 5-25 years, jurisdiction-dependent. Basis: Clinical record law, professional body obligations, HIPAA.
  • AI session topics & timestamps: Duration of active platform use. Basis: Contract performance. Deleted on account closure.
  • Biometric data (ShenAI): Duration of active platform use. Basis: Explicit consent and minimal retention principle.
  • Triage & referral records: Clinical record retention period. Basis: Clinical and duty-of-care obligations.
  • Active account identity data: Duration of active use. Basis: Contract performance.
  • Cancelled account identity data: 30 days post-cancellation. Basis: Automated deletion, POPIA s.14.
  • Financial records: 7 years. Basis: SARS minimum, HIPAA financial records.
  • Security & audit logs: 12 months active, 24 months archived. Basis: SOC 2 CC7.2, ISO 27001 A.8.15.
  • Incident & breach records: 7 years. Basis: GDPR Art.33(5), HIPAA, ISO 27001.
  • Anonymised corporate reports: Indefinite. Basis: Not personal information.

8. Data Security

We apply a comprehensive set of technical and organisational security measures to protect your data, particularly your clinical health data:

  • Encryption in transit: TLS 1.3 preferred / TLS 1.2 minimum for all data transmission.
  • Encryption at rest: AES-256 for all databases, file storage, and backups.
  • Application-level encryption: Sensitive credentials, such as OAuth tokens, encrypted by our application layer before database storage.
  • Role-Based Access Control (RBAC): Clinical data accessible only by you and your directly assigned Clinical Professional.
  • Multi-Factor Authentication (MFA): Mandatory for all Ollie Health team members accessing production systems.
  • Immutable backups: Tamper-resistant backups tested weekly for integrity.
  • Annual external penetration testing: Conducted by an independent qualified security firm.
  • 24/7 security monitoring: Automated alerts for suspicious access patterns.
  • Vercel WAF: Web Application Firewall providing DDoS protection and bot mitigation.

If you discover a potential security vulnerability, please report it to khaya@ollie.health. We operate a responsible disclosure programme.

9. International Data Transfers

All primary storage of your data is located in the Central EU Region (Frankfurt, Germany). Where we transfer your data outside the EEA or South Africa:

  • Transfers are governed by EU Standard Contractual Clauses (SCCs) per GDPR Art.46(2)(c).
  • Transfers comply with POPIA s.72 cross-border transfer requirements.
  • All receiving parties are assessed for adequate data protection standards.
  • HIPAA Business Associate Agreements cover all PHI transfers to US-based sub-processors where applicable.

10. Your Rights

You have the following rights regarding your personal information under POPIA and GDPR. To exercise any right, contact bookings@ollie.health. We will respond within 30 days (POPIA) / 1 month (GDPR).

  • Access: Receive a copy of all personal data we hold about you, including your health data and AI session context. Email bookings@ollie.health. We will respond within 30 days.
  • Correction / Rectification: Request correction of any inaccurate data we hold about you. Exercise this right via Account Settings or email.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data. Note: clinical records may be subject to minimum retention periods under health law that take precedence. Email bookings@ollie.health. Legal holds and clinical record obligations noted.
  • Restriction of Processing: Request that we stop processing your data while a dispute about its accuracy or our legal basis is resolved. Email bookings@ollie.health. Processing paused immediately pending review.
  • Data Portability: Receive your personal data in a structured, machine-readable format. Email bookings@ollie.health.
  • Objection to Processing: Object to processing based on legitimate interests. Email bookings@ollie.health. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Withdraw Consent: Withdraw any consent you have given at any time. This includes consent for Ollie AI processing. Exercise this right via Account Settings or email. Effective immediately.
  • Human Review of AI Decisions: Request human clinical review of any AI-generated risk flag or triage outcome that has affected your care pathway (GDPR Art.22 / POPIA s.71). Email marc@ollie.health.
  • Lodge a Complaint: Lodge a complaint with the Information Regulator of South Africa (POPIA) or the relevant EU Supervisory Authority (GDPR). IRSA: www.justice.gov.za/inforeg.

11. Cookies & Tracking

The Ollie Health web platform uses essential cookies and local storage necessary for the platform to function, such as session management and authentication state. We do not use advertising cookies, tracking pixels, or third-party analytics that share your data with advertisers.

A Cookie Preference Centre is available in your Account Settings allowing you to manage non-essential cookies.

12. Children's Privacy

The Ollie Health Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact bookings@ollie.health immediately and we will delete such data without delay.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email and in-platform notification at least 30 days before taking effect. We will also update the "Effective Date" at the top of this document. Your continued use of the Platform following notification of changes constitutes acceptance of the updated Privacy Policy.

We will never make changes that reduce your rights or expand how we use your health data without obtaining fresh explicit consent.

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data:

  • Information Officer (POPIA) / Data Contact: Chimsante Wonani - bookings@ollie.health
  • Security Officer: Khaya Zulu - khaya@ollie.health
  • Information Regulator of South Africa (IRSA): www.justice.gov.za/inforeg | inforeg@justice.gov.za
  • EU Supervisory Authority: Your local EU data protection authority, if you are located in the EEA.
  • US HHS (HIPAA complaints): www.hhs.gov/hipaa, if you are a US individual whose PHI is processed.

End of Privacy Policy | Ollie Health (Pty) Ltd | v1.0 | December 2025