Privacy Policy

We at LAIW PTY LTD (together with our affiliates, "Odella", "we", "our" or "us") respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Information we collect from or about you when you use our website and services (collectively, "Services").

1. Personal information we collect

We collect information that alone or in combination with other information in our possession could be used to identify you ("Personal Information") as follows:

Personal Information You Provide: We may collect Personal Information if you create an account to use our Services or communicate with us as follows:

• Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history, (collectively, "Account Information").
• Phone and Messaging Information: If you provide a phone number, enable phone-based features, or communicate with us by SMS, MMS, or voice, we may collect phone numbers, messaging preferences, SMS/MMS content, call records, delivery status, opt-in and opt-out records, consent records, and related support information.
• Customer Data and Content: When you use our Services, we may collect Personal Information that is included in Customer Data, Input, Output, or other Content. Customer Data, Input, Output, and Content have the meanings given in our Terms of Use.
• Communication Information: If you communicate with us, we may collect your name, contact information, and the contents of any messages you send ("Communication Information").
• Social Media Information: We have pages on social media sites like Instagram, Facebook, Medium, Twitter, YouTube and LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details (collectively, "Social Information"). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.

Personal Information We Receive Automatically From Your Use of the Services: When you visit, use, and interact with the Services, we may receive the following information about your visit, use, or interactions ("Technical Information"):

• Log Data: Information that your browser automatically sends whenever you user our website("log data"). Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with our website.
• Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, computer connection, IP address, and the like.
• Operational Data and AI Agent Traces: We may collect Operational Data, including AI Agent Traces, as those terms are described in our Terms of Use. This may include logs, telemetry, metadata, analytics, measurements, diagnostics, tool calls, tool results metadata, routing decisions, model selections, latency, error logs, success and failure signals, evaluation scores, state transitions, workflow run metadata, security events, and other machine-generated records of how the Services operate.
• Device Information: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
• Cookies: We use cookies to operate and administer our Services, and improve your experience on it. A "cookie" is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. For more details on cookies please visit All About Cookies.
• Analytics: We may use a variety of online analytics products that use cookies to help us analyze how users use our Services and enhance your experience when you use the Services.
• Third Party, Public, and Enrichment Information: We may receive information from third party providers, public sources, integrations, or enrichment services, including business contact information or other records that help operate, secure, or improve the Services, subject to applicable law.

2. How we use personal information

We may use Personal Information for the following purposes:

To provide, administer, maintain, improve and/or analyze the Services;

• To conduct research;
• To communicate with you, including by email, SMS, MMS, voice, in-product messages, and similar channels for transactional, operational, administrative, onboarding, security, support, workflow, notification, and internal team communication purposes;
• To develop new programs and services;
• To prevent fraud, criminal activity, or misuses of our Services, and to ensure the security of our IT systems, architecture, and networks; and
• To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties. Aggregated or De-Identified Information. We may aggregate or de-identify Personal Information and use the aggregated information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to reidentify the information.

We do not use information sourced from Google Workspace APIs to develop, improve, or train generalized AI and/or ML models.

Unless you opt out, we may use Customer Data, Content, and Operational Data, including AI Agent Traces, to develop, train, fine-tune, evaluate, test, secure, support, and improve the Services, including model routing, tool selection, workflow reliability, latency, safety systems, agent performance, and Odella models and features.

You may opt out of the use of Customer Data, Content, AI Agent Traces, and materially similar operational execution traces from your account for model training or generalized service improvement by using an available organization or account setting or by submitting a request to dsar@odella.ai. After the opt-out is applied, we will not use Customer Data, Content, AI Agent Traces, or materially similar operational execution traces from your account for model training or generalized service improvement, except that we may continue to collect and use Operational Data and process Customer Data and Content as necessary to provide, maintain, secure, debug, audit, bill for, and support the Services, comply with law, and enforce our policies. Opt-outs are prospective and do not require deletion of aggregated, de-identified, or already-trained model improvements, model weights, evaluations, or derived learnings created before the opt-out was applied.

3. Disclosure of personal information

In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:

• Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, cloud services, artificial intelligence model providers, API providers, and other information technology services providers, telecommunications carriers, SMS/MMS aggregators, voice providers, messaging platforms, event management services, email communication software and email newsletter services, and web analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us. Third party artificial intelligence models, APIs, and other services may also be subject to their own terms, privacy policies, and data handling practices; customers are responsible for reviewing those downstream terms and policies where they choose or configure such providers.
• SMS opt-in and consent data: We do not share phone numbers, SMS/MMS consent records, or opt-in information with third parties for marketing or promotional purposes. Phone-based information is shared only with our messaging infrastructure providers (such as Telnyx and the underlying mobile carriers) solely for the purpose of delivering the communications you have opted into, and with vendors and service providers acting on our behalf under written confidentiality obligations. We do not sell or rent SMS opt-in or consent data.
• Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively a "Transaction"), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
• Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.
• Affiliates: We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with LAIW PTY LTD. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.

4. Your rights

Depending on location, individuals in the EEA, the UK, and across the globe may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:

• Access your Personal Information.
• Delete your Personal Information.
• Correct or update your Personal Information.
• Transfer your Personal Information elsewhere.
• Withdraw your consent to the processing of your Personal Information where we rely on consent as the legal basis for processing.
• Object to or restrict the processing of your Personal Information where we rely on legitimate interests as the legal basis for processing.

You can exercise some of these rights through your Odella account. If you are unable to exercise your rights through your account, please send your request to support@odella.ai.

5. Data residency and Australian privacy rights

Organization accounts may allow an administrator to configure a data residency region for that organization. If your organization account is configured for Australia data residency, and otherwise where the Privacy Act 1988 (Cth) applies to our handling of Personal Information, we handle Personal Information, Customer Data, and Operational Data associated with that organization account in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles where they apply to us.

You may request access to, or correction of, Personal Information we hold about you by contacting support@odella.ai. You may also contact us to make a privacy complaint. We will take reasonable steps to respond within a reasonable period. If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.

Unless an organization account is configured for Australia data residency, Personal Information, Customer Data, and Operational Data may be processed in the United States and other locations where we or our service providers operate. This includes personal accounts and organization accounts configured for United States data residency. Data residency settings do not prevent transfers or access where required to provide support, security, incident response, billing, abuse prevention, legal compliance, or other Services functions, or where you choose to use a third party integration, API, or model provider outside the selected region.

6. U.S. state privacy rights

The following table provides additional information about how we disclose Personal Information. You can read more about the Personal Information we collect in "Personal information we collect" above, how we use Personal information in "How we use personal information" above, and how we retain personal information in "Security and Retention" below.

To the extent provided by applicable U.S. state privacy laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act, and subject to applicable exceptions, U.S. residents may have the following privacy rights in relation to their Personal Information:

• The right to know or access information about our processing of your Personal Information, including the specific pieces of Personal Information that we have collected about you;
• The right to request deletion of Personal Information;
• The right to correct inaccurate Personal Information;
• The right to obtain a portable copy of Personal Information;
• The right to opt out of certain processing, such as sale, sharing, targeted advertising, or profiling, where those concepts apply under applicable law; and
• The right to be free from discrimination or retaliation for exercising privacy rights.

We don't sell or share Personal Information as defined by the California Consumer Privacy Act, as amended by the California Privacy Rights Act. We also don't process sensitive personal information for the purposes of inferring characteristics about a consumer.

Exercising Your Rights. U.S. residents can exercise applicable state privacy rights by sending their request to support@odella.ai.

Verification. In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not provide, correct, or delete your Personal Information.

Authorized Agents and Appeals. You may submit a rights request through an authorized agent where permitted by applicable law. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. If applicable law gives you a right to appeal our decision on a privacy request, you may appeal by replying to our decision or contacting support@odella.ai. Authorized agent requests and appeals can be submitted to support@odella.ai.

7. Children

Our Service is not directed to children who are under the age of 13. Odella does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to Odella through the Service please email us at support@odella.ai. We will investigate any notification and if appropriate, delete the Personal Information from our systems.

8. Links to other websites

The Service may contain links to other websites not operated or controlled by Odella, including social media services ("Third Party Sites"). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.

9. Security and Retention

We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information, Customer Data, and Operational Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We use technical and organizational controls designed to keep Customer Data associated with one customer from being made available to other customers in our multi-tenant application environment, except as directed by the customer, permitted by our Terms of Use, required by law, or necessary to provide and secure the Services. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.

We'll retain your Personal Information and Customer Data for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, backup integrity, enforcing our agreements, or complying with our legal obligations. When you delete your account, we will delete Customer Data associated with your account in accordance with our standard deletion procedures, except to the extent retention is required by law, necessary for security, fraud prevention, dispute resolution, backup integrity, or another legitimate business purpose permitted by applicable law. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.

We may also anonymize or de-identify your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, as described above, in which case we may use this information indefinitely without further notice to you.

10. International users

By using our Service, you understand and acknowledge that your Personal Information may be transferred from your location to our facilities, servers, affiliates, and service providers in the United States and other countries, unless your organization account is configured for Australia data residency and the relevant processing is subject to the Australia data residency commitment described above.

For EEA, UK or Swiss users:

Legal Basis for Processing. Our legal bases for processing your Personal Information include:

• Performance of a contract with you when we provide and maintain our Services. This may include the processing of Account Information, Content, and Technical Information.
• Our legitimate interests in protecting our Services from abuse, fraud, or security risks, or when we develop, improve, or promote our Services. This may include the processing of Account Information, Content, Social Information, and Technical Information.
• Your consent when we ask for your consent to process your Personal Information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
• Compliance with our legal obligations when we use your Personal Information to comply with applicable law or when we protect our or our affiliates' or users' rights, safety and property.

EEA and UK Representative. We've appointed VeraSafe as our representative in the EEA and UK for data protection matters. You can contact VeraSafe in matters related to Personal Information processing using this contact form. Alternatively:

• For users in the EEA, you can contact VeraSafe at VeraSafe Ireland Ltd, Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland.
• For users in the UK, you can contact VeraSafe at VeraSafe United Kingdom Ltd., 37 Albert Embankment, London SE1 7TL, United Kingdom.

If you feel we have not adequately addressed an issue, you have the right to lodge a complaint with your local supervisory authority.

Data Transfers. Where required, we will use appropriate safeguards for transferring Personal Information outside of the EEA, Switzerland, and the UK. We will only transfer Personal Information pursuant to a legally valid transfer mechanism.

Data Controller. For the purposes of the UK and EU General Data Protection Regulation 2018, our data controller is LAIW PTY LTD.

11. Your choices

If you choose not to provide Personal Information that is needed to use some features of our Service, you may be unable to use those features.

You may opt out of SMS/MMS messages at any time by replying STOP to a message from us. You may reply HELP for help or contact us at support@odella.ai. Opting out of phone-based communications may limit or disable certain Services features.

12. Changes to the privacy policy

We may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or providing us with Personal Information after we have posted an updated Privacy Policy, or notified you by other means, you consent to the revised Privacy Policy.

13. How to contact us

Please contact support@odella.ai if you have any questions or concerns not already addressed in this Privacy Policy.

Changelog

• 2026-05-18: Added SMS opt-in and consent data sharing restrictions.
• 2026-05-15: Added phone, SMS/MMS, and voice communications privacy disclosures.
• 2025-01-02: Initial release