Legal

Privacy Policy

Last updated · 17 April 2026

Olakh exists to protect your privacy — so it would be deeply odd if we didn’t respect it ourselves. This page explains, in plain English, what we collect, why we collect it, and what we never will. It is written to meet the transparency requirements of the EU General Data Protection Regulation (GDPR) and the UK GDPR.

Who we are

Olakh is operated by Olakh B.V., Amsterdam, the Netherlands (“we”, “us”). For the purposes of the GDPR we act as the data controller of the personal data described below. You can reach our privacy team at privacy@olakh.app.

What we collect

  • Your email address and name, used to sign you in and to send you the alerts you’ve asked for.
  • The email addresses and aliases you ask us to monitor for leaks.
  • Minimal, anonymised usage telemetry (e.g. crash reports) so we can fix things that break.
  • On this marketing website: only a small amount of localStorage needed to remember your cookie choices. See our Cookie Policy for the full list.

What we never collect

  • Your passwords. Olakh never sees them.
  • Financial account numbers, card numbers, or government IDs.
  • Your location, your contacts, your photos.

What we don’t do

  • Sell your data. Not now, not later, not to “trusted partners”.
  • Run ad pixels, behavioural trackers, or fingerprinting.
  • Share your data with anyone you haven’t explicitly authorised.

Legal bases for processing

We process your personal data only where we have a lawful basis:

  • Contract — to provide you the Olakh service you’ve asked for (Art. 6 (1) (b) GDPR).
  • Legitimate interest — to operate the service securely, prevent abuse, and improve reliability (Art. 6 (1) (f)).
  • Consent — for anything non-essential, such as optional analytics on this website. You can withdraw it at any time (Art. 6 (1) (a)).

How we store your data

Sensitive data is encrypted at rest with keys only you hold. We forget aggressively: anything we don’t need to protect you, we don’t keep. Our infrastructure is hosted inside the European Union.

Your rights

If you are in the EU/EEA, UK or Switzerland, you can:

  • ask for a copy of your data (right of access);
  • correct anything that’s wrong (rectification);
  • delete your data (erasure / “the right to be forgotten”);
  • receive your data in a portable format (portability);
  • object to processing or ask us to restrict it;
  • withdraw consent at any time (no questions asked).

You can do most of this from inside the app, or by emailing privacy@olakh.app. Deletions are permanent and usually processed within 72 hours. You also have the right to lodge a complaint with your national data-protection supervisory authority.

Cookies & local storage

This site sets only strictly-necessary storage by default. Everything else (including analytics) is off unless you opt in. See the full breakdown in our Cookie Policy, and change your choices any time from the footer.

Contact

Questions, concerns, requests — privacy@olakh.app. A human reads them.