Back to Octalius

Privacy Policy for Octalius

Last updated: 24 May 2026

This Privacy Policy describes how Omalius BV ("we", "us", or "our") collects, uses, and processes personal data in connection with Octalius, an AI-powered workspace for company search, assistants, knowledge management, and operational workflows (the "Service").

We are committed to protecting your privacy and handling your data in a transparent and secure manner, in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Data Controller

The data controller responsible for your personal data is:

Omalius BV

Enterprise number: 1006.207.328

Hasselt, Belgium

Email: contact@octalius.com

2. Scope of this Policy

This Privacy Policy applies to all users of Octalius, including:

  • Visitors to the public website
  • Registered users with an account
  • Company workspace members and administrators
  • Subscribers to paid plans

3. Categories of Personal Data

We collect and process the following categories of data:

3.1 Account and Workspace Information

When you create or use an account:

  • Email address
  • Name and profile information
  • Password, stored as a secure hash by our authentication provider
  • Company membership, role, and access permissions

3.2 Company Information

For company workspaces, we may process:

  • Company name and business identifiers
  • Billing address and country
  • VAT number or tax registration number
  • Workspace settings, invitations, and seat information

3.3 User Content

We process content you submit through the Service, including:

  • Chat prompts and messages
  • AI-generated responses
  • Search queries and research requests
  • Custom AI assistant configurations
  • Knowledge base files, document metadata, and categories

This data is necessary for providing the core workspace functionality.

3.4 Usage and Operational Data

We collect limited operational data, including:

  • Feature usage, such as search, assistants, and knowledge workflows
  • Processing volume and technical usage metrics
  • Subscription, plan, and seat status
  • Security, error, and system reliability logs

3.5 Billing and Invoice Information

For paid workspaces:

  • Subscription details
  • Billing profile and invoice recipient information
  • Billing identifiers, such as Stripe customer and subscription IDs
  • Payment and invoice metadata

Payment card information is processed by Stripe and is not stored by us. Official billing and Peppol network invoices may be sent through a separate accounting or invoicing system.

3.6 Cookies, Local Storage, and Analytics

We use:

  • Essential cookies and browser storage for authentication and application state
  • Self-hosted Umami analytics to understand aggregate website usage
  • Technical storage needed for security, preferences, and session continuity

We do not use advertising tracking technologies or sell personal data.

4. Purposes of Processing

We process personal data for the following purposes:

  • To provide and operate the Service
  • To enable AI interactions, search functionality, and knowledge workflows
  • To authenticate users and manage accounts
  • To manage company workspaces, roles, invitations, and seats
  • To process payments, subscriptions, and invoices
  • To ensure security and prevent abuse
  • To maintain and improve system performance and reliability
  • To respond to support, billing, and other contact requests

5. AI Processing and Third-Party Services

5.1 AI Infrastructure

User inputs, such as chat prompts and knowledge queries, may be processed by AI models and infrastructure providers used to generate responses.

  • Data is transmitted for response generation and related workspace functionality
  • We do not use user data to train our own public AI models
  • We aim to configure AI providers so they do not train on Octalius user data

When you use Octalius assistants and search experiences, you are interacting with AI-generated outputs.

5.2 Search and External Content

Search functionality may involve:

  • Sending queries to external search providers
  • Retrieving content from third-party websites
  • Displaying source links, snippets, and previews

Such processing is necessary to deliver search results, summaries, and source-aware answers.

5.3 Payment and Accounting Providers

Payments are processed by Stripe. Official invoices and Peppol network billing may be handled by a separate accounting or invoicing system.

  • Stripe acts as an independent data controller for payment data
  • Sensitive payment card details are never stored on our systems
  • Invoice data may be shared with accounting providers where required for billing and legal compliance

6. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

  • Contractual necessity (Article 6(1)(b)) - to provide the Service
  • Legitimate interests (Article 6(1)(f)) - to operate, secure, and improve the Service
  • Legal obligations (Article 6(1)(c)) - for accounting, tax, and compliance requirements
  • Consent (Article 6(1)(a)) - where applicable

7. Data Retention

We retain personal data only as long as necessary:

  • Account and company data: while the account or workspace remains active, unless deletion is requested
  • User content: while needed to provide workspace functionality or until deletion according to product capabilities
  • Usage and operational data: retained for operational, security, and reliability purposes
  • Billing and invoice data: retained for legal, accounting, and tax purposes

Certain data may be retained longer where required for compliance, dispute resolution, fraud prevention, or security.

8. Data Subject Rights

You have the following rights under GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to data portability

You may exercise these rights by contacting: contact@octalius.com

Current Service capabilities include:

  • Management of profile, company, and billing data
  • Workspace member and invitation management
  • Manual handling of deletion, export, or correction requests where needed

9. Data Sharing and International Transfers

We may share data with:

  • AI infrastructure providers
  • Search service providers
  • Payment processors, including Stripe
  • Accounting and invoicing providers
  • Hosting, storage, analytics, and technical service providers

Some providers may operate outside the European Economic Area (EEA).

Where applicable, we use appropriate safeguards, such as Standard Contractual Clauses or equivalent legal mechanisms.

10. Security Measures

We implement appropriate technical and organizational measures, including:

  • Encryption of sensitive data in transit
  • Secure password hashing through the authentication provider
  • Token-based authentication
  • Role-based workspace access controls
  • System monitoring and operational logging

Despite these measures, no system can guarantee absolute security.

11. Children's Data

The Service is intended for professional and business use. It is not intended for children, and we do not knowingly collect personal data from minors.

12. AI Transparency and User Notice

Octalius includes conversational, search, and document-based experiences that produce AI-generated responses.

  • We aim to make AI interaction clear in the product interface
  • AI-generated outputs may be inaccurate, incomplete, or outdated
  • Users should review important outputs before relying on them or publishing them

Where Octalius introduces sharing, export, or publication workflows for AI-generated content, additional disclosure notices may be shown in-product.

13. Updates to this Policy

We may update this Privacy Policy periodically.

The updated version will be indicated by the "Last updated" date.

14. Contact

For any questions or requests regarding this Privacy Policy:

Omalius BV

Hasselt, Belgium

Enterprise number: 1006.207.328

Email: contact@octalius.com