Olyxee Logo
OlyxeeOlyxee, Legal Document

Compliance

An overview of Olyxee's compliance program, the frameworks we align with, and how we support customer obligations under applicable law.

Doc

OLX-CMP-001

Version

1.6

Effective

May 2026

§01

Framework Alignment

Olyxee aligns its security and privacy program with industry-recognized frameworks including SOC 2, ISO/IEC 27001, and the NIST Cybersecurity Framework. Formal attestations are pursued in accordance with our roadmap and are made available to customers and prospects under NDA.

§02

Data Protection Laws

We process personal data in accordance with applicable data protection laws, including: • EU General Data Protection Regulation (GDPR) • UK General Data Protection Regulation (UK GDPR) • California Consumer Privacy Act (CCPA) and CPRA, where applicable For cross-border transfers, we rely on Standard Contractual Clauses (SCCs) and supplementary measures where required.

§03

AI Governance

Olyxee maintains internal AI governance policies aligned with emerging regulatory expectations, including the EU AI Act and NIST AI Risk Management Framework. Our governance covers risk classification, model documentation, evaluation requirements, human oversight, and incident response specific to AI systems.

§04

Data Processing Agreements

A Data Processing Agreement (DPA) is available for customers acting as data controllers. Our DPA incorporates the EU SCCs and addresses obligations under GDPR, UK GDPR, and other applicable laws. Contact compliance@olyxee.com to request the current DPA.

§05

Subprocessors

Olyxee uses a limited set of vetted subprocessors for hosting, analytics, and operational tooling. Each subprocessor is subject to security and privacy diligence and contractually bound to obligations consistent with our customer commitments. A current list of subprocessors is available on request.

§06

Vendor Due Diligence

Enterprise customers and prospects can request: • Security questionnaire responses (SIG, CAIQ) • Architecture and data-flow overviews • Pen test summary letters • Insurance certificates • DPA and SCCs These materials are made available under NDA.

§07

Audit and Logging

Olyxee maintains comprehensive audit logging for administrative and customer-facing actions. Logs are retained in accordance with policy and made available to enterprise customers via supported export interfaces.

§08

Regulatory Cooperation

Olyxee cooperates with regulatory authorities as required by law and works in good faith with customers to support their own compliance obligations, including responding to data subject requests and supervisory authority inquiries.

§09

Contact

For compliance inquiries, including DPAs, security reviews, and audit support, contact compliance@olyxee.com.

Olyxee

Olyxee, Inc.

© 2026 All rights reserved.

Questions? compliance@olyxee.com

OLX-CMP-001 · v1.6 · effective May 2026