Legal

Privacy policy

Learn how Olarm collects, uses, and protects your personal information when using our website, smart alarm devices, and mobile app.

Entities

These Terms of Use (“Terms”) are issued on behalf of:

South Africa:
Olarm (Pty) Ltd, Registration No. 2015/057946/07, incorporated in the Republic of South Africa, principal office at 3rd Floor, 325 Main Road, Kenilworth, Cape Town, 7708, South Africa (“Olarm SA”)

United Kingdom and European Union (including Italy and other EU Member States):
Olarm UK Ltd, Companies House No. 15792112, registered office at 71–75 Shelton Street, London, WC2H 9JQ, United Kingdom (“Olarm UK”). Olarm UK Ltd provides the Services to customers in both the United Kingdom and the European Union.

When these Terms refer to “Olarm”, “we”, “us”, or “our”, they refer to the relevant entity responsible for providing the Services in your territory, as set out above.

Preliminary — How to Read These Terms

These Terms govern your use of all Olarm Services. Certain clauses are marked with a territory indicator:

[SA] — applies to customers in South Africa
[UK] — applies to customers in the United Kingdom
[EU] — applies to customers habitually resident in the European Union (including Italy)
[ALL] — applies in all territories

Where a clause is not marked, it applies in all territories. Where local mandatory law grants you rights that exceed those described in these Terms, those statutory rights are not affected or limited by these Terms. Defined terms used in these Terms have the meanings given in Section 1.

1. Definitions

For the purposes of this Privacy Policy, the following terms have the meaning set out below:

Term - Definition

Company / Olarm - Olarm (Pty) Ltd (Reg. 2015/057946/07) (South Africa) and Olarm UK Ltd (CH 15792112) (United Kingdom and European Union), together “Olarm”. When this policy refers to “we”, “us”, or “our”, it refers to the relevant entity responsible for processing your data, depending on your territory.

You / Your / Customer / Data Subject - The person or entity using or receiving the Service(s) from Olarm. In a Direct Subscription, “Customer” and “End User” refer to the same party. In an Indirect Subscription, “Customer” may refer to a Channel Partner as Olarm’s contracting party, whose own customers or end users are the “End Users”. “You”, “your”, and “Customer” are used interchangeably. [SA] This definition includes juristic persons as data subjects under POPIA.

End User - The person or entity at whose premises an Olarm Device is installed and who uses the Service(s). In a Direct Subscription, the End User is also Olarm’s Customer. In an Indirect Subscription, the End User is the Channel Partner’s customer. “End User” and “Customer” may be used interchangeably where the context makes clear they refer to the same party.

Channel Partner - Any entity that has entered into a Channel Partner Agreement with Olarm to provide, distribute, install, or support the Service(s) to End Users, including Installers, Resellers, Distributors, Armed Response Companies [SA], and Alarm Receiving Centres [UK/EU].

Personal Information / Personal Data - Information relating to an identifiable individual, as defined under POPIA (South Africa), UK GDPR (United Kingdom), or EU GDPR (European Union).

Processing - Any operation performed on Personal Data, including collection, recording, storage, use, transfer, or disclosure.

Responsible Party / Controller - The entity that determines the purpose and means of Processing. Olarm (Pty) Ltd is the Responsible Party / Controller for South Africa. Olarm UK Ltd is the Controller for UK and EU data subjects.

POPIA - Protection of Personal Information Act 4 of 2013 (South Africa).

UK GDPR - UK General Data Protection Regulation, as retained and amended in UK law by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, and the Data Protection Act 2018.

EU GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).

Information Regulator - The South African Information Regulator established under POPIA.

ICO - The Information Commissioner’s Office (United Kingdom).

Service(s) - The Olarm website, Olarm APP, Command Centre, Remote Connect, Signals Proxy, and all Olarm devices including the Olarm MAX, Olarm PRO 4G, Olarm LINK, and Olarm ONE.

Olarm ONE Devices - The components of the Olarm ONE wireless security ecosystem: the Olarm HUB (central control unit) and all associated wireless detectors, sensors, key fobs, and accessories.

2. About This Policy and How to Read It

2.1 This Privacy Policy is issued on behalf of Olarm and explains how we collect, use, share, and protect your Personal Data when you use our Services.

2.2 References to “Data Protection Laws” mean:

South Africa: POPIA, PAIA, and the Electronic Communications and Transactions Act 25 of 2002 (ECTA)
United Kingdom: UK GDPR and the Data Protection Act 2018
European Union (including Italy): EU GDPR (Regulation 2016/679) and applicable national implementing legislation

2.3 Certain sections are marked with a territory indicator: [SA] (South Africa), [UK] (United Kingdom), [EU] (European Union, including Italy), [ALL] (all territories). Where a section is not marked, it applies in all territories.

2.4 This policy applies to Personal Data we process in connection with the Services. It does not apply to Personal Data processed solely by third parties who operate independently of Olarm.

3. Who We Are — Data Controllers

3.1 South Africa [SA]

Responsible Party: Olarm (Pty) Ltd
Registration No.: 2015/057946/07
Address: 3rd Floor, 325 Main Road, Kenilworth, Cape Town, 7708, South Africa
Tel: +27 21 009 0911
Email: legal@olarm.com

Information Officer (POPIA): Justin Zondagh, legal@olarm.com

3.2 United Kingdom [UK]

Controller: Olarm UK Ltd
Companies House No.: 15792112
Registered office: 71–75 Shelton Street, London, WC2H 9JQ, United Kingdom
Email: legal@olarm.com

Data Protection Officer / Data Protection Contact: Justin Zondagh, legal@olarm.com

Olarm UK Ltd is registered with the Information Commissioner’s Office (ICO). Registration reference: ZB747882

3.3 European Union (including Italy) [EU]

Controller: Olarm UK Ltd
Companies House No.: 15792112
Registered office: 71–75 Shelton Street, London, WC2H 9JQ, United Kingdom
Email: legal@olarm.com

Olarm UK Ltd provides the Services to, and acts as Controller for, customers in both the United Kingdom and the European Union.

Lead supervisory authority (EU): EU residents may contact the supervisory authority for data protection in their country of habitual residence. Italian residents may contact the Garante per la protezione dei dati personali (Garante): https://www.garanteprivacy.it.

4. What Personal Data We Collect [ALL]

4.1 Data You Provide Directly

Account information: Name, email address, phone number, username, billing address
Payment information: Olarm does not collect or store payment card details. All card payment processing is handled directly by our PCI-compliant payment processor. Olarm receives only a confirmation of payment status and, where applicable, a tokenised reference — never your card number, CVV, or expiry date.
Contact and support: Records of communications with our support team, including emails and in-app messages
Installation details: Premises address, alarm panel details (for installation by Channel Partners)
Survey and feedback: Information you voluntarily provide in surveys, reviews, or promotional activities

4.2 Data Collected Automatically from Services

Device and usage data: Device identifiers (device ID, hardware serial number), IP addresses, browser type and version, operating system, login timestamps and session activity, pages visited, features used, session duration
Alarm event data: Arm and disarm events, zone activation, alarm trigger events, tamper alerts
App interaction data: App usage timestamps, feature interactions, notification read receipts
Location signals: General location derived from IP address; precise location only if you grant location permission in the Olarm APP

4.3 Data Generated by Olarm Devices [ALL]

Olarm Devices (including the Olarm ONE ecosystem) generate operational data that may constitute Personal Data where it relates to identifiable individuals:

Motion detection events: Timestamps and zone identifiers when motion is detected by wireless detectors
Contact sensor events: Open/close events for doors and windows (Olarm ENTRY), with timestamps
Zone status data: Real-time and historical zone arm/disarm state
Tamper alerts: Alerts generated when any Olarm ONE Device is opened, moved, or tampered with
Connectivity status: Device online/offline status, signal strength, connectivity mode (4G/Wi-Fi/Ethernet)
Battery status: Battery level readings from wireless devices
Key fob events: Arm/disarm and panic button activations linked to assigned users
CCTV/video data: Where compatible cameras are connected to the Olarm APP, live and archived video and audio recordings are processed. See Section 7.5 below.

4.4 Data from Third Parties

Integration partners: Where you connect third-party smart home platforms (e.g., Home Assistant), data may flow between those platforms and Olarm’s systems
Payment processors: Confirmation of payment status and tokenised payment references from our PCI-compliant payment processor. Olarm does not receive or store your card number, CVV, or expiry date.
Channel Partners: Contact details and account information provided by Channel Partners when setting up your account

4.5 Data We Do Not Collect

We do not knowingly collect:

Special categories of sensitive personal data (e.g., health data, biometric data, racial or ethnic origin, political opinions, religious beliefs, sexual orientation), unless required by law
Personal data relating to criminal offences or convictions, unless required by law
Personal data from children under 18 (or, for EU/UK digital consent purposes, children under 13 where parental consent has not been obtained and verified)

5. How We Use Your Personal Data — Lawful Basis [ALL]

We process your Personal Data only where we have a lawful basis to do so. The table below maps our processing activities to the applicable lawful basis for each territory.

Processing Activity	Lawful Basis (SA — POPIA)	Lawful Basis (UK — UK GDPR)	Lawful Basis (EU — EU GDPR)
Creating and managing your account	Contract	Contract (Art. 6(1)(b))	Contract (Art. 6(1)(b))
Providing the Service(s) and operating Olarm Devices	Contract / Legitimate interest	Contract (Art. 6(1)(b))	Contract (Art. 6(1)(b))
Processing payments	Contract / Legal obligation	Contract (Art. 6(1)(b))	Contract (Art. 6(1)(b))
Delivering OTA firmware updates to Olarm Devices	Contract / Legitimate interest	Contract / Legitimate interest (Art. 6(1)(f))	Contract / Legitimate interest (Art. 6(1)(f))
Processing alarm event and sensor data for monitoring	Contract / Legitimate interest	Contract (Art. 6(1)(b))	Contract (Art. 6(1)(b))
Communicating with you about your account	Contract / Legitimate interest	Contract / Legitimate interest (Art. 6(1)(f))	Contract / Legitimate interest (Art. 6(1)(f))
Responding to support requests	Contract / Legitimate interest	Contract / Legitimate interest (Art. 6(1)(f))	Contract / Legitimate interest (Art. 6(1)(f))
Complying with legal obligations	Legal obligation	Legal obligation (Art. 6(1)(c))	Legal obligation (Art. 6(1)(c))
Preventing fraud and ensuring system security	Legitimate interest	Legitimate interest (Art. 6(1)(f))	Legitimate interest (Art. 6(1)(f))
Improving and developing our Services	Legitimate interest	Legitimate interest (Art. 6(1)(f))	Legitimate interest (Art. 6(1)(f))
Sending marketing communications (existing customers)	Consent	Legitimate interest + opt-out (Art. 6(1)(f))	Consent (Art. 6(1)(a))
Sending marketing communications (new prospects)	Consent	Consent (Art. 6(1)(a))	Consent (Art. 6(1)(a))
AI-based feature optimisation and analysis	Legitimate interest	Legitimate interest (Art. 6(1)(f))	Legitimate interest (Art. 6(1)(f))
Analytics (aggregated, anonymised)	Legitimate interest	Legitimate interest (Art. 6(1)(f))	Legitimate interest (Art. 6(1)(f))

6. Sharing of Personal Data [ALL]

We may share your Personal Data with:

6.1 Olarm group companies — for the purpose of providing and improving the Services.

6.2 Channel Partners — to facilitate installation, support, and account management where you have been onboarded through a Channel Partner.

6.3 Service providers and sub-processors — including IT infrastructure providers, cloud hosting providers, payment processors, analytics providers, and customer communication tools. All sub-processors are subject to data processing agreements that meet the requirements of applicable Data Protection Laws.

6.4 Regulators, law enforcement, and authorities — where required by applicable law, court order, or regulatory authority. [SA] This includes the South African Information Regulator, Police Service, or other competent authority. [UK] This includes the ICO, Police, or other competent UK authority. [EU] This includes relevant EU supervisory authorities, national police services, or other competent authorities.

6.5 Business transfers — in connection with a merger, acquisition, restructuring, or sale of all or part of Olarm’s business, personal data may be transferred to the acquiring entity. We will provide notice of any such transfer where required by law.

6.6 Armed response and monitoring companies — where you or your Channel Partner have connected your Olarm Device(s) to an armed response or monitoring service, alarm event data (trigger events, arm/disarm status) will be shared with that monitoring company. You are responsible for ensuring that the relevant monitoring company has its own appropriate privacy and data protection arrangements in place.

6.7 We do not sell your Personal Data to third parties for their own marketing purposes.

7. Special Categories of Data

7.1 Video and Audio Data (CCTV) [ALL]

Where you integrate compatible CCTV cameras with the Olarm APP, video and audio recordings are processed by Olarm for the purpose of providing live and recorded surveillance functionality. Such data may constitute Personal Data where individuals are identifiable. You are responsible for ensuring that appropriate notices are in place at your premises informing persons that recording is taking place.

[UK] Processing of CCTV data must comply with the ICO’s surveillance camera code of practice. Where cameras are placed in areas accessible to members of the public, a DPIA may be required.

[EU] Processing of video data that monitors individuals constitutes processing of personal data under EU GDPR. Where the processing is systematic and on a large scale, a DPIA is required under Article 35 EU GDPR. Italian data subjects should note that the Garante has issued specific guidelines on CCTV data processing, including requirements for signage and data retention limits.

7.2 Location Data [ALL]

Precise location data (GPS) is only collected if you explicitly grant location permission in the Olarm APP. Location permission is used to improve feature relevance (e.g., geofenced arm/disarm suggestions). You may revoke this permission at any time through your device settings.

8. International Transfers of Personal Data

8.1 Overview [ALL]

Olarm’s primary data infrastructure is located in South Africa and in cloud service regions. Where Personal Data is transferred across borders, Olarm ensures that appropriate safeguards are in place.

8.2 EU to South Africa [EU]

Transfers of Personal Data from the EEA to South Africa are conducted subject to appropriate safeguards in accordance with EU GDPR. Further information is available on request from legal@olarm.com.

8.3 UK to South Africa [UK]

Transfers of Personal Data from the United Kingdom to South Africa are conducted subject to appropriate safeguards in accordance with UK GDPR. Further information is available on request from legal@olarm.com.

8.4 South Africa [SA]

Any transfer of Personal Information outside South Africa is conducted in compliance with POPIA. Further information is available from legal@olarm.com.

9. Data Retention [ALL]

We retain Personal Data only for as long as necessary for the purpose for which it was collected, or as required by applicable law. Retention periods vary depending on the nature of the data and the purpose of processing. When Personal Data is no longer required, it will be securely deleted or anonymised. You may request details of applicable retention periods for your data by contacting legal@olarm.com.

10. Your Rights [ALL]

You have the following rights in respect of your Personal Data, subject to applicable law and any exemptions:

Right	SA (POPIA)	UK (UK GDPR)	EU (EU GDPR)
Access	Yes	Yes	Yes
Correction / Rectification	Yes	Yes	Yes
Deletion / Erasure ("right to be forgotten")	Yes (limited grounds)	Yes (Art. 17)	Yes (Art. 17)
Object to processing	Yes	Yes (Art. 21)	Yes (Art. 21)
Restrict processing	—	Yes (Art. 18)	Yes (Art. 18)
Data portability	—	Yes (Art. 20)	Yes (Art. 20)
Withdraw consent	Yes	Yes (Art. 7(3))	Yes (Art. 7(3))
Lodge a complaint with authority	Yes	Yes	Yes
Object to automated decision-making	—	Yes (Art. 22)	Yes (Art. 22)

How to Exercise Your Rights

To exercise any of the above rights, contact us at:

Email: legal@olarm.com
Subject line: “Data Subject Rights Request — [Your Name] — [Territory: SA / UK / EU]”

[SA] You may also request access to your Personal Information under PAIA by completing a Form C request as prescribed by the PAIA regulations.

[UK] You may make a Subject Access Request (SAR) at any time. We will respond within 30 calendar days.

[EU] You may exercise your rights under EU GDPR by contacting legal@olarm.com. We will respond within 30 calendar days (extendable by a further 60 days for complex requests, with notice). [IT] Italian data subjects may also contact the Garante: https://www.garanteprivacy.it.

Supervisory Authority Complaints

If you are not satisfied with our response, you have the right to complain to your local data protection supervisory authority:

South Africa: Information Regulator — https://www.justice.gov.za/inforeg
United Kingdom: Information Commissioner’s Office (ICO) — https://www.ico.org.uk
Italy: Garante per la protezione dei dati personali — https://www.garanteprivacy.it
France: CNIL — https://www.cnil.fr
Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI) — https://www.bfdi.bund.de
Other EU Member States: Contact your national data protection authority (see https://edpb.europa.eu/about-edpb/about-edpb/members_en)

11. Security [ALL]

11.1 Olarm implements appropriate technical, organisational, and administrative safeguards to protect your Personal Data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These include:

Encrypted data transmission (TLS/HTTPS) for all data in transit
Encrypted storage for sensitive data at rest
Access controls and role-based permissions for internal systems
Encrypted wireless communication within the Olarm ONE ecosystem
Regular security assessments and penetration testing
Incident response procedures

11.2 In the event of a Personal Data breach that is likely to result in a risk to your rights and freedoms, Olarm will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by applicable law. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

[SA] Olarm will notify the Information Regulator and the affected data subjects of any breach as required by POPIA section 22.

12. Artificial Intelligence and Automated Processing [ALL]

12.1 Olarm uses AI-driven analysis of device interaction patterns (such as arming history, app usage times, and signal data) to enable intelligent Service features, including automated arming/disarming suggestions, predictive alerts, and context-aware notifications.

12.2 This automated processing does not use personal identifiers (such as your name or contact details) as direct inputs.

12.3 Olarm’s AI features do not produce legally significant automated decisions about you — they generate recommendations and alerts that are presented to you or your armed response company, but you retain control over all security actions.

12.4 [EU/UK] In the event that any AI-driven feature is determined to constitute automated decision-making with significant effects under Article 22 EU GDPR or equivalent UK GDPR provisions, you have the right to: (i) request human review of the decision; (ii) express your point of view; and (iii) contest the decision. Contact legal@olarm.com to exercise this right.

13. Children’s Data [ALL]

13.1 [SA] In South Africa, processing of personal information of children (persons under 18) without appropriate consent is prohibited under POPIA. The Service(s) are not directed at children under 18. If we become aware that we have collected Personal Information from a child under 18 without appropriate parental consent, we will delete it promptly.

13.2 [UK] In the United Kingdom, we comply with the ICO Children’s Code (Age-Appropriate Design Code). The Service(s) are not directed at children under 18. For digital services where age verification is not technically implemented, UK law treats anyone under 13 as a child for data protection purposes, and children aged 13–15 may require parental consent for certain processing activities.

13.3 [EU] Under Article 8 EU GDPR, where processing is based on consent, the minimum age of digital consent is 16, unless the relevant EU Member State has set a lower age (minimum 13). The Service(s) are not directed at children below the legal age of digital consent in their Member State. For Italian data subjects, the age of digital consent in Italy is 14. Parental or guardian consent is required for processing personal data of children below the applicable age.

14. Links to Third-Party Services [ALL]

The Service(s) may contain links to or integrate with third-party websites or services. Olarm is not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you use.

15. Changes to This Privacy Policy [ALL]

15.1 We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law.

15.2 Material changes will be communicated to you by email to your registered address or by notice on our website, with reasonable advance notice before the change takes effect.

15.3 [EU] Where changes to the Privacy Policy require fresh consent (e.g., a new processing activity based on consent), we will seek your explicit consent before commencing that processing.

15.4 The current version of this Privacy Policy is always available at: https://olarm.com/legal/privacy-policy

16. Contact Details [ALL]

Email (all territories): legal@olarm.com

South Africa:
Olarm (Pty) Ltd
Information Officer: Justin Zondagh
3rd Floor, 325 Main Road, Kenilworth, Cape Town, 7708, South Africa
Tel: +27 21 009 0911

United Kingdom and European Union (including Italy):
Olarm UK Ltd
Data Protection Contact: Justin Zondagh
71–75 Shelton Street, London, WC2H 9JQ, United Kingdom

All notices and submissions to Olarm must be directed exclusively to: legal@olarm.com. No other channel is recognised for the purposes of this Privacy Policy.

‍