Olympus
Back

Privacy Policy

Last Updated: March 30, 2026

Mono Labs SRL (“we,” “us,” “our”), a company registered in the Dominican Republic, operates the Olympus platform (“Service”) accessible at olympus.do. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using Olympus, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, and password when you create an account.
  • Client Profile Data: If you are a fitness coach using the Coach plan, you may input client information including name, age, weight, height, fitness goals, activity level, dietary restrictions, and coaching notes. You represent and warrant that you have obtained proper consent from your clients to input their information into the Service.
  • Payment Information: Billing details are processed by our Merchant of Record, Creem (Creem OÜ, Estonia). We do not store credit card numbers, bank account details, or other financial information on our servers. Creem handles all payment processing, tax collection, and financial compliance as the legal seller of the Service.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, frequency and duration of activities, and interaction patterns.
  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Log Data: IP address, access times, and referring URLs.
  • Cookies: We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Generate personalized meal plans using artificial intelligence based on the profile data you provide.
  • Process subscriptions and manage your account.
  • Communicate with you about your account, updates, and support inquiries.
  • Monitor usage to enforce subscription limits (plan quotas, revision limits, client limits).
  • Detect, prevent, and address technical issues, fraud, and security threats.
  • Comply with legal obligations.

We do not use your information for advertising, sell your personal data to third parties, or use your data to train AI models.

3. Google User Data

Olympus allows you to sign in using your Google account via our authentication provider, Clerk. This section describes how we handle data received from Google APIs in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

3.1 Data Accessed

When you sign in with Google, we access the following information from your Google account:

  • Basic profile information: Your name, email address, and profile picture.
  • Authentication tokens: OAuth tokens used to verify your identity and maintain your session.

We do not request access to your Google Drive, Google Calendar, Gmail, Google Contacts, or any other Google service data beyond what is necessary for authentication.

3.2 Data Usage

Google user data is used exclusively to:

  • Create and authenticate your Olympus account.
  • Display your name and profile picture within the application.
  • Communicate with you about your account (e.g., transactional emails).

We do not use Google user data for advertising, to train AI or machine learning models, or for any purpose unrelated to providing and improving the Olympus Service.

3.3 Data Sharing

Google user data received through the sign-in process is shared only with the following service providers, solely for the purposes described:

  • Clerk (Clerk, Inc.): Processes Google OAuth authentication on our behalf and stores your name, email, and profile picture as part of your user record.
  • Supabase (Supabase, Inc.): Stores your name and email as part of your account record in our database.

We do not sell, share, or transfer Google user data to any other third parties, except as required by law.

3.4 Data Storage & Protection

Google user data is protected with the same security measures described in Section 7 of this policy, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Access controlled through Row Level Security (RLS) policies, ensuring users can only access their own data.
  • OAuth tokens are managed by Clerk and are not stored directly in our database.

3.5 Data Retention & Deletion

Google user data is retained for as long as your Olympus account is active. You may request deletion of your data at any time by:

  • Deleting your Olympus account through the application settings, which removes all associated data within 30 days.
  • Contacting us at support@olympus.do to request data deletion.
  • Revoking Olympus's access to your Google account via your Google Account permissions page.

Upon account deletion or access revocation, all Google user data is permanently deleted from our systems within 30 days, except where retention is required by applicable law.

3.6 Limited Use Disclosure

Olympus's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4. Artificial Intelligence Data Processing

Olympus uses the Claude API (provided by Anthropic, PBC, San Francisco, USA) to generate meal plans. When a meal plan is generated:

  • The client profile data you provide (name, age, weight, height, goals, dietary restrictions) is sent to Anthropic's API to generate nutritional content.
  • Anthropic processes this data solely to generate a response and does not use it to train their models (per their API data usage policy).
  • No financial data, passwords, email addresses, or account credentials are ever sent to the AI service.
  • The AI-generated meal plan content is stored in our database so you can access it later.

5. Data Sharing and Third-Party Services

We share your information only with the following categories of service providers, solely for the purposes of operating the Service:

Service ProviderPurposeData SharedLocation
Creem (Creem OÜ)Payment processing (Merchant of Record)Email, name, payment methodEstonia / EU
Clerk (Clerk, Inc.)User authenticationEmail, name, session dataUnited States
Supabase (Supabase, Inc.)Database hostingAll account and plan dataUnited States
Anthropic (Anthropic, PBC)AI meal plan generationClient profile dataUnited States
Vercel (Vercel, Inc.)Application hostingLog data, IP addressesUnited States
Upstash (Upstash, Inc.)Rate limitingUser ID, request countsUnited States

We do not sell, rent, or trade your personal information to any third party for marketing or advertising purposes.

6. Data Retention

  • Account data is retained for as long as your account is active.
  • Meal plan data is retained according to your subscription tier (30 days for Starter, permanently for Coach).
  • Payment records are retained by Creem in accordance with applicable tax and financial regulations.
  • When you delete your account, we delete your personal data and associated client data within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3.
  • Data at rest is encrypted using AES-256 encryption.
  • Database access is controlled through Row Level Security (RLS) policies, ensuring users can only access their own data.
  • API endpoints are protected by authentication, rate limiting, and input validation.
  • We do not store passwords — authentication is handled by Clerk using secure, hashed credentials.
  • Administrative access to production systems is restricted and logged.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Data Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit the processing of your data.
  • Objection: Object to the processing of your data for certain purposes.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@olympus.do. We will respond within 30 days.

For EU/EEA residents (GDPR): Our legal basis for processing personal data is contractual necessity (to provide the Service you have subscribed to) and legitimate interests (to improve and secure the Service). You have the right to lodge a complaint with your local data protection authority.

For Canadian residents (PIPEDA): You have the right to access your personal information and challenge its accuracy. Contact our Privacy Officer at support@olympus.do.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the Dominican Republic, including the United States and the European Union. We ensure appropriate safeguards are in place for such transfers, including the use of service providers that maintain adequate data protection standards.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

11. Coach Responsibilities

If you use the Coach plan to manage client meal plans, you are the data controller for your clients' personal data. You are responsible for:

  • Obtaining informed consent from your clients before entering their data into Olympus.
  • Informing your clients about how their data will be processed, including the use of AI.
  • Responding to your clients' data access, correction, and deletion requests.
  • Complying with all applicable data protection laws in your jurisdiction.

We act as a data processor on your behalf for client data, processing it only according to the functionality of the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last Updated” date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

Mono Labs SRL
Dominican Republic
Email: support@olympus.do
Website: https://olympus.do

This Privacy Policy is governed by the laws of the Dominican Republic, and where applicable, by the General Data Protection Regulation (EU) 2016/679 and the Personal Information Protection and Electronic Documents Act (Canada).