Skip to content

Privacy & Trust

The short version: the microphone data stays in your house, and we designed the system so we could not change that quietly even if we wanted to.

What never leaves your house

  • Raw audio. Ever. Wake-word detection and speech-to-text run on the Hub, in your home. Microphone audio is processed there and discarded; there is no code path that uploads it.
  • Your family's memory. What Olsie remembers about your household - names, preferences, routines, notes - lives in a database on the Hub, not on our servers.
  • Voice prints. Speaker recognition profiles are computed and stored on the Hub only.

What goes to the cloud, and when

  • Routed transcripts only. When a request genuinely needs cloud-scale reasoning, the Hub sends the text transcript of that request - never the audio - to our cloud, gets an answer, and that's the end of it. Simple commands (lights, timers, music control) never leave the Hub at all.
  • Heartbeats and updates. Devices report health (version, uptime, basic diagnostics) and download signed software updates.
  • Encrypted backups - opt-in only. If you turn backups on, the Hub's memory is encrypted before it leaves the house, with a key we do not hold. Off by default.

Per-person permissions

Olsie knows who is speaking, so permissions are per-person:

  • Adults can do everything their household role allows.
  • Kids mode: recognised children get age-appropriate answers, no purchases, no device settings, and quiet hours that actually hold.
  • Guests (unrecognised voices) get a minimal, harmless command set.

The business model, plainly

  • No ads. Ever. We sell hardware and a subscription. You are the customer, not the product.
  • We do not sell, share, broker, or "anonymise and aggregate" your data.
  • Devices are outbound-only: nothing on the internet can connect in to your Hub or Minis. They dial out to fetch updates and deliver heartbeats, and that is the only direction a connection is ever made.

Trust, verified

  • Support access to your Hub (for white-glove debugging) happens only with your explicit consent per session, and every session is logged and auditable.
  • Software updates are cryptographically signed; devices refuse anything unsigned.
  • When we get a transparency-report request, the honest answer about your audio is: we do not have it, and cannot get it.