Privacy Policy

Impero Agency, LLC (“we”, “us”, “our”), a Delaware limited liability company, operates Olivia AI (“Platform”) at lunarolivia.com.

This policy applies to three categories of individuals:

• Agency Users — individuals who create accounts and use the Platform
• Leads and Contacts — individuals whose information is stored by agencies using the Platform
• Call Recipients — individuals who receive voice calls from AI agents configured on the Platform

Effective date: April 6, 2026.

By using the Platform, you agree to this Privacy Policy. See also our Terms of Use.

Account Data (Agency Users)

• Email address (required — via Google OAuth or magic link authentication)
• First name, last name (optional profile fields)
• Avatar/profile image URL (optional)

Lead and Contact Data (Managed by Agencies)

• First name, last name, email address, phone number
• Status, source, tags, and custom fields
• External identifiers from CRM integrations (e.g., GoHighLevel contact ID)

Voice and Call Data

• Call recordings and full transcripts
• Sentiment analysis scores
• Call duration, status, disposition, and metadata
• Timestamps and associated cost information

Integration Data

• Encrypted OAuth tokens for GoHighLevel and Google Calendar
• External account identifiers and synchronization timestamps
• Integration credentials are encrypted using AES-256-GCM and never exposed to end users

Payment Data

• Payment processing is handled entirely by Stripe
• We store only Stripe customer identifiers and subscription identifiers
• We never store credit card numbers, bank account details, or other direct payment credentials

Automatically Collected Data

• Session cookies for authentication (Supabase Auth — essential, functional)
• Anonymous usage analytics via datafa.st (privacy-focused, no personal identifiers)
• Crisp chat widget interactions when used for support

• Account management and authentication
• Service delivery including voice calls, lead management, and calendar booking
• Billing and subscription management via Stripe
• Customer support and issue resolution
• Platform improvement and anonymous analytics
• Security monitoring and fraud prevention

We do not sell, rent, or trade your personal information. Data is shared only with the following processors as necessary to provide the Platform services.

The Platform uses artificial intelligence technologies from multiple providers to deliver its core services, including but not limited to:

• Retell AI — powers voice agent calls, processes audio, and generates transcripts
• Anthropic (Claude) — powers conversational intelligence and agent behavior
• OpenAI (ChatGPT) — may be used for text generation and prompt processing
• Google (Gemini) — may be used for text generation and prompt processing

Additional AI providers may be incorporated as the Platform evolves.

Agency prompt content and lead data may be processed by these providers during the course of service delivery.

Each provider's data handling is governed by their respective privacy policies and data processing agreements.

We do not use agency data to train AI models. All data processing by AI providers is strictly for real-time service delivery.

Under applicable data protection laws, agencies using the Platform are data controllers for the lead and contact data they collect, store, and manage.

Olivia AI acts as a data processor, processing data on behalf of agencies as instructed.

Agencies are responsible for:

• Obtaining lawful consent from their contacts before storing or processing their data
• Configuring appropriate call disclosure and recording consent language per applicable local laws
• Complying with telemarketing regulations and recording consent laws in their operating jurisdictions
• Setting appropriate data retention policies for their workspace

A Data Processing Agreement (DPA) is available upon request by contacting support@operations.lunarolivia.com.

• Agencies control retention periods for their leads, call recordings, and transcripts
• The Platform provides data deletion and CSV export tools for agencies to manage their data
• Billing and financial records are retained for 7 years as required by applicable tax and legal obligations, and are anonymized upon account deletion
• Upon agency account closure, account data is deleted after a 30-day grace period to allow for data export
• GDPR deletion requests are processed via soft-delete with anonymization of personally identifiable information

The Platform and its data are hosted and processed in the United States using Supabase and Vercel infrastructure.

EU/EEA Users: For personal data transferred from the European Union or European Economic Area, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to provide appropriate safeguards.

California Residents: Please refer to the “Your Rights” section below for information specific to your rights under the California Consumer Privacy Act (CCPA).

Other Jurisdictions: We are committed to providing adequate protections for personal data consistent with applicable law in your jurisdiction.

All Users

• Right to access your personal data
• Right to correction of inaccurate data
• Right to deletion of your data
• Right to data portability (CSV export)

GDPR Rights (EU/EEA Residents)

• Right to restrict processing of your data
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with your local supervisory authority
• A Data Processing Agreement (DPA) is available upon request

CCPA Rights (California Residents)

• Right to know what personal information is collected about you
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, contact us at support@operations.lunarolivia.com. We will respond within 30 days.

• Supabase Session Cookies — essential for authentication; cannot be disabled without losing access to the Platform
• datafa.st — privacy-focused analytics service that collects anonymous usage data without personal identifiers or tracking cookies
• Crisp — customer support chat widget; functional cookies for support sessions
• Impersonation Cookie (olivia_impersonate_agency_id) — admin-only functional cookie used for platform administration; not set for regular users

We do not use third-party advertising cookies or cross-site tracking technologies.

The Platform is not directed at individuals under the age of 18.

We do not knowingly collect personal information from minors.

If you believe that a minor's data has been collected through the Platform, please contact us immediately at support@operations.lunarolivia.com and we will take steps to delete such information.

• AES-256-GCM encryption for all integration credentials and sensitive tokens
• Row-Level Security (RLS) for strict tenant-level data isolation between agencies
• Supabase Auth with secure session management
• HTTPS encryption for all data in transit

While we implement reasonable security measures to protect your data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

• We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements
• Updates will be posted on this page with a revised effective date
• For material changes, we will notify affected users via email
• Your continued use of the Platform after changes are posted constitutes acceptance of the updated Privacy Policy

Impero Agency, LLC
Registered in Delaware, United States
Email: support@operations.lunarolivia.com
Website: lunarolivia.com