Legal

Neola Privacy Policy

Effective date: July 5, 2026 · Version 1.0

The short version

1. Who we are

Neola is operated by Oleta Technologies Inc., a corporation incorporated under the laws of Canada, operating in British Columbia (“Neola,” “we,” “us”). We comply with the British Columbia Personal Information Protection Act (PIPA) and the federal Personal Information Protection and Electronic Documents Act (PIPEDA), as each applies. Our Privacy Officer is accountable for our compliance and is your contact for access requests, corrections, withdrawals, and complaints: privacy@oleta.ca.

2. The words we use

A Goer is a parent or legal guardian (or a person with their authority) who books care. A Neo is a verified caregiver. A Nene is a child receiving care. A booking is a care session arranged through the platform.

3. What we collect, and why

4. What we never do

5. Consent

Neola uses unbundled, affirmative consent: one consent, one purpose, each presented separately and recorded. You may withdraw a consent at any time by contacting the Privacy Officer; withdrawal applies going forward. Withdrawing a verification consent ends the eligibility it supports. If we make material changes to a document you consented to, we present it again before you continue using the affected features.

6. Your privacy settings

Every Goer holds privacy settings from day one: profile name display, location reveal timing, photo policy for your Nene, scope of personal information shared, communication channel timing, and visibility in social proof. Defaults are protective, and you can change them at any time. These settings are enforced by our systems, not by promises: what a Neo can see about a Goer is computed through a visibility layer with no path around it.

7. Verification, background checks, and the safety identifier

Both sides of every booking are verified before a first booking: Neos complete identity verification and an enhanced criminal record check; Goers complete identity verification. Checks are performed by Certn. Results are used only to assess eligibility, assessed only for relevance consistent with applicable human rights law, and treated as confidential. Where a result is anything other than clear, a human reviews it before any decision, and you have the right to be informed, to access the result through the provider, and to dispute its accuracy. Neos consent to annual re-verification. The safety identifier is retained independently of your account to prevent re-registration after a permanent removal for safety reasons.

8. Nene information

9. How information is shared

With the other side of a booking, filtered through privacy settings. Addresses are revealed per the Goer's location setting: by default 24 hours before a booking, or on confirmation for bookings that begin sooner.

With service providers, each receiving only what its function requires under confidentiality and security obligations: Certn (verification, Canada); Stripe (payments, US and globally); Google Firebase (authentication, database, US and globally); Twilio (SMS and safety alerts, US); Netlify (website hosting).

For legal reasons, where required by law, including lawful demands by authorities, or where permitted in urgent circumstances involving risk to safety or life. We do not promise information will never be disclosed to authorities, because the law does not allow that promise.

Duty to report. Everyone in British Columbia, including our team and every Neo, has a legal duty to report a child who may need protection. Nothing here limits that duty.

Business changes. In a merger, acquisition, financing, or sale, personal information may be transferred under confidentiality, with notice where the law requires.

10. Where information lives

Some service providers store and process information outside Canada, including in the United States, where it is subject to local law, which may permit access by authorities. We choose providers with strong security practices, bind them contractually, and limit what each receives.

11. How long we keep information

We keep personal information only as long as necessary for the purposes identified and to meet legal, regulatory, insurance, and dispute-resolution obligations:

12. How we protect information

Encryption in transit; access controls and role-based administrative access; an append-only audit log of administrative actions, including any access to message content; payment isolation through Stripe; document isolation through Certn's hosted capture; and the rule that user-to-user visibility passes through the privacy settings layer. No system is perfectly secure, and we do not claim ours is. We design so that the most sensitive information is the information we never hold.

13. Your rights

You may request access to the personal information we hold about you, request correction, withdraw consents, and make complaints, by contacting the Privacy Officer at privacy@oleta.ca. We respond within the time the law allows (PIPA: 30 business days, extendable in limited circumstances). If you are not satisfied, you may contact the Office of the Information and Privacy Commissioner for British Columbia or the Office of the Privacy Commissioner of Canada.

14. If something goes wrong

If a privacy breach creates a real risk of significant harm, we will notify affected individuals and the appropriate regulators as the law requires, and tell you what happened, what information was involved, and what we are doing about it.

15. Marketing communications

Marketing email is sent only with your separate, optional consent, which is never pre-checked and which you can withdraw with one click. Booking, safety, and account messages are sent regardless, because the platform cannot operate without them.

15a. Text messaging (SMS)

When you provide your mobile number and opt in through the Go Neola app at goneola.com, we use it to send you text messages about your account and your care: booking confirmations, visit start and completion notices, check-in reminders, and time-sensitive trust and safety alerts during a live visit.

16. Cookies and similar technologies

We use the minimum necessary cookies and local storage for sign-in sessions, security, and preferences. We do not use advertising cookies.

17. Changes to this policy

We post changes here with a new version number and effective date. Material changes trigger renewed consent before continued use of the affected features.

18. Contact

Privacy Officer, Oleta Technologies Inc. · privacy@oleta.ca