5500 Alpha

At Olavi Group, LLC, we are committed to protecting your privacy and being transparent about the data we collect and how we use it. This Privacy Policy explains our practices for the 5500 Retirement Plan Smart Search service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect the following:

Email address: Used for authentication, account communications, and administrative notifications.
Name: For personalization, account identification, and administrative notifications to platform operators.
Company affiliation: Optional, to understand our user base.
Authentication provider data: If you sign up via Google, Apple, or Microsoft, we receive basic profile information (name, email) from those services.

1.2 Usage Data

We collect limited usage information to operate and improve the Service:

Query count: Total number of queries executed (NOT the content of queries).
Account activity: Login timestamps, last active date.
Subscription status: Trial vs. paid status, billing cycle dates.
Feature usage: Which features you use (e.g., CSV export, saved queries).

Search quality ratings: When you voluntarily submit a thumbs up or down rating on search results, the content of your query and the SQL query generated from it are logged solely to improve search accuracy. This logging only occurs when you actively submit a rating, is never used for any other purpose, and is not applied to unrated queries. Feedback logs are retained for up to 24 months and then permanently deleted.

1.3 Technical Data

Standard web server logs collect the following:

IP address (for security and fraud prevention).
Browser type and version.
Device type (desktop, mobile, tablet).
Referring URL (how you arrived at our site).

1.4 Analytics & Cookies

We use Google Analytics to understand how users interact with our Service and to improve the user experience. Google Analytics is a web analytics service that tracks and reports website traffic using cookies and anonymous identifiers.

What Google Analytics Collects:

Pages you visit and time spent on each page.
How you arrived at our site (search engine, direct link, referral).
General location (city/region level, not precise GPS).
Device type, browser, and screen resolution.
Anonymous user behavior patterns (clicks, scrolling, navigation).

Google Analytics data is used solely for improving the Service and is not shared with third parties for marketing purposes. Google Analytics does NOT collect your name, email, or any personally identifiable information through our implementation. All data is aggregated and anonymized.

How to Opt-Out of Google Analytics:

Install the Google Analytics Opt-out Browser Add-on.
Enable "Do Not Track" in your browser settings (most modern browsers support this).
Use browser extensions that block analytics scripts (e.g., Privacy Badger, uBlock Origin).

For more information about how Google uses data, see Google's Privacy Policy.

2. Corporate Data vs. Personal Data

2.1 Public Corporate Information

5500Alpha processes publicly available information about companies, including:

Fortune 500 status and rankings.
Business addresses and industry classifications.
Retirement plan data from Form 5500 filings.

This corporate data does not constitute personal information under GDPR, CCPA, or other privacy regulations, as it relates to business entities, not individuals.

2.2 Your Search Activity Remains Private

When you search for companies (including Fortune 500 firms or specific industries), we do NOT log, track, or store:

Your search queries or terms.
Companies you've researched or viewed.
Filters you've applied (e.g., "Fortune 500 tech companies in California").
Benchmarking comparisons you've run.

See our Zero Query Logging Guarantee in Section 4 for complete details.

3. How We Process Your Queries

When you submit a search question in plain English, we use artificial intelligence (AI) to translate your request into a database query. This AI-powered translation happens instantly, enabling you to search retirement plan data without learning complex query languages.

AI Technology: We use Google Gemini AI models to convert your natural language questions into structured database queries (a process called NLP-to-SQL). This AI processing occurs within our secured infrastructure.

We do not use your search queries or personal data to train AI models. Your queries are processed solely to deliver search results to you. We do not store the content of your queries or share them with AI providers for model training purposes.

4. Information We DO NOT Collect

We deliberately do NOT collect or store the following:

Query content: We do not save your search terms or natural language questions.
Query results: We do not store the data returned from your searches.
Downloaded data: CSV/JSON exports are generated on-demand and not retained.
Financial information: Payment processing is handled by third-party providers (Stripe); we never see your credit card details.
Browsing behavior outside our Service: We do not track your activity on other websites.

5. How We Use Your Information

We use the collected information solely for the following purposes:

Service delivery: Providing access to the search tool and managing your account.
Authentication: Verifying your identity and maintaining secure sessions.
Administrative operations: Platform monitoring, security management, and user support activities.
Billing: Processing subscription payments and managing trial limits.
Support: Responding to your questions and troubleshooting issues.
Service improvement: Understanding aggregate usage patterns to enhance features.
Security: Detecting and preventing fraud, abuse, or unauthorized access.
Legal compliance: Meeting regulatory requirements and enforcing our Terms of Service.

6. Data Sharing & Disclosure

6.1 We Do Not Sell Your Data

We do NOT sell, rent, or trade your personal information to third parties for marketing purposes. Period.

6.2 Service Providers

We share limited data with trusted service providers who help us operate the Service:

Cloud infrastructure: Application hosting and database services.
AI processing: Google Gemini models (for natural language search translation — no query content stored or used for training).
Authentication providers: OAuth services (Google, Apple, Microsoft) for sign-in.
Payment processor: Stripe (for subscription billing).
Email service: Transactional emails (account notifications, password resets).
Analytics provider: Google Analytics (for anonymous usage analytics).

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

6.3 Legal Requirements

We may disclose your information if required by law, such as:

In response to a valid subpoena, court order, or legal process.
To protect our rights, property, or safety, or that of our users.
To investigate fraud, security issues, or Terms of Service violations.
In connection with a merger, acquisition, or sale of assets (with notice to you).

7. Data Retention

Active accounts: We retain your account data as long as your account is active.

After cancellation:

Account credentials and profile information: Retained for 90 days to allow reactivation, then permanently deleted.
Query count metadata: Deleted after 90 days.
Billing records: Retained for 7 years per IRS and tax law requirements.
Aggregated, anonymized usage statistics: May be retained indefinitely (contains no personally identifiable information).

Never retained:

Query content: Never stored in the first place (see Section 2.2).
Search results: Generated on-demand only, not stored.
Downloaded data: CSV/JSON exports are not retained on our servers.

8. Data Security

We implement industry-standard security measures:

Encryption: All data transmitted between your browser and our servers uses HTTPS/TLS encryption.
Database security: Passwords are hashed using bcrypt; sensitive data is encrypted at rest.
Access controls: Only authorized personnel can access user data, on a need-to-know basis.
Regular audits: We conduct security reviews and apply patches promptly.

However, no system is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].

9. Your Privacy Rights

You have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Update or correct inaccurate information in your account settings.
Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
Portability: Receive your data in a structured, machine-readable format.
Opt-out: Unsubscribe from marketing emails (transactional emails cannot be opted out).

To exercise these rights, contact us at [email protected].

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, please contact us immediately, and we will delete it.

11. International Users

The Service is operated in the United States. If you are accessing from outside the U.S., your data will be transferred to and processed in the United States, which may have different data protection laws than your country. By using the Service, you consent to this transfer.

12. Third-Party Links

The Service may contain links to external websites (e.g., government data sources). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via:

Email notification to your registered address.
In-app notification when you next log in.
Updating the "Last Updated" date at the top of this page.

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Olavi Group, LLC
Email: [email protected]
Website: www.olavigroup.com

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know: Request details about the categories and specific pieces of personal information we collect.
Right to delete: Request deletion of your personal information (with certain exceptions).
Right to opt-out: We do not sell personal information, so no opt-out is necessary.
Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at [email protected] with "CCPA Request" in the subject line.

Note: Although we do not sell personal information and therefore are not required to display a "Do Not Sell My Personal Information" link, we are committed to full transparency about our data practices. If you have questions about how we handle California resident data, contact us at [email protected].

16. European Users (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Legal basis for processing: We process your data based on consent (for marketing) and legitimate interests (for service delivery).
Data controller: Olavi Group, LLC is the data controller for your personal information.
Right to lodge a complaint: You may file a complaint with your local data protection authority.

17. Third-Party Assets

This Service uses icons from third-party providers. We acknowledge and attribute these resources as required by their licenses:

Icons: Uicons by Flaticon

By using the 5500 Retirement Plan Smart Search, you acknowledge that you have read and understood this Privacy Policy.