Privacy Policy

1. Information Collection and Use

Information You Provide

We collect information you voluntarily provide when using our Service, including but not limited to:

• Account Information: Name, email address, phone number, password, and authentication credentials.
• Profile Data: User preferences, profile pictures, and custom settings.
• Payment Information: Billing details processed securely through third-party payment processors (we do not store complete credit card numbers).
• Communications: Voice recordings, voicemail messages, custom greetings, SMS messages, call metadata, and any content you create or share through the Service.
• Support Communications: Information provided when you contact customer support.

Automatically Collected Information

We automatically collect certain information when you use our Service:

• Device Information: Device type, operating system, browser type, unique device identifiers, IP address, and mobile network information.
• Usage Data: Pages visited, features accessed, time spent on Service, clickstream data, and search queries.
• Location Data: General geographic location based on IP address (we do not collect precise GPS location without explicit consent).
• Call Data: Call duration, call quality metrics, timestamps, caller ID information, and call status.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to enhance user experience and analyze Service usage.

Third-Party Information

• Information from Twilio and other telecommunications service providers.
• Authentication data from OAuth providers (Apple Sign-In, Google, etc.).
• Payment verification data from third-party payment processors.
• Analytics data from third-party analytics providers.

2. How We Use Your Information

We use collected information for the following purposes:

Service Provision and Improvement

• Provide, maintain, and improve the Service.
• Process voice calls, recordings, and transcriptions (including processing by AI sub-processors for voicemail transcription services).
• Provision and manage phone numbers.
• Send notifications about calls, voicemails, and service updates.
• Personalize user experience and provide customized content.
• Develop new features and analyze usage patterns.
• Conduct research and development.

Business Operations

• Process payments and manage subscriptions.
• Send administrative communications and service updates.
• Respond to customer support inquiries.
• Send marketing communications (with your consent, where required).
• Conduct surveys and request feedback.

Security and Compliance

• Detect, prevent, and address fraud, abuse, and security issues.
• Comply with legal obligations and regulatory requirements.
• Enforce our Terms of Service and other agreements.
• Protect rights, property, and safety of OverShare®, users, and the public.
• Respond to legal process and law enforcement requests.

3. Information Sharing and Disclosure

Service Providers

We share information with trusted third-party service providers who perform services on our behalf:

• Twilio: Voice communication, SMS, phone number provisioning, call recording, and transcription services.
• Payment Processors: Payment processing (PCI-DSS compliant third-party providers).
• Cloud Infrastructure Providers: Data hosting and storage (AWS, etc.).
• Firebase/Google: Push notifications, authentication, and analytics.
• Analytics Providers: Service analytics and performance monitoring.
• Customer Support Tools: Help desk and support ticket management.
• AI Sub-Processors: Voicemail transcription and content processing services (such as OpenAI or Google Cloud AI).

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements and Protection

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, subpoenas, or legal process.
• Respond to law enforcement requests and government inquiries.
• Enforce our Terms of Service and other agreements.
• Protect against fraud, security threats, or illegal activity.
• Protect the rights, property, and safety of OverShare®, our users, or the public.
• Defend against legal claims or investigations.

Business Transfers

In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, or similar corporate event, or sale of all or substantially all of our assets, your information may be transferred to the successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

Aggregate and De-Identified Data

We may share aggregate, de-identified, or anonymized information that cannot reasonably be used to identify you for research, analytics, marketing, or other business purposes.

4. Data Storage, Retention, and Security

Data Storage

• Data is primarily stored on servers located in the United States.
• We use industry-standard encryption for data in transit (TLS 1.2+/SSL).
• Data at rest is encrypted using AES-256 encryption or equivalent.
• Voice recordings are stored using secure cloud storage with access controls.
• Database backups are encrypted and stored securely.

Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active, plus 90 days after account deletion (unless required longer by law).
• Voice Recordings: Retained until you delete them or close your account, plus up to 30 days for backup systems.
• Call Logs and Metadata: Retained for 3 years for billing, legal compliance, and dispute resolution.
• Payment Records: Retained for 7 years for tax, accounting, and legal compliance purposes.
• Support Communications: Retained for 5 years.
• Legal and Compliance Data: Retained as required by applicable laws and regulations.

Security Measures

We implement reasonable administrative, technical, and physical security measures to protect your information:

• Encryption of data in transit and at rest.
• Regular security audits and vulnerability assessments.
• Access controls and authentication mechanisms.
• Employee training on data protection and security.
• Incident response and breach notification procedures.
• Regular backup and disaster recovery planning.
• Third-party security certifications and compliance (where applicable).

5. Your Privacy Rights and Choices

Access and Portability

• Request a copy of your personal information.
• Export your data in a machine-readable format.
• Access and review information we have about you.

Correction and Update

• Update your account information through your profile settings.
• Correct inaccurate or incomplete information.
• Request corrections to information you cannot modify yourself.

Deletion and Account Closure

• Delete your account and associated data at any time (subject to legal retention requirements).
• Delete individual voice recordings, call history, or other content.
• Request deletion of specific information (subject to legal obligations).

Marketing and Communications

• Opt out of marketing emails via unsubscribe links.
• Disable push notifications through device settings.
• Control communication preferences in account settings.

Do Not Track Signals

We do not currently respond to "Do Not Track" (DNT) signals from browsers. There is no industry standard for how to respond to DNT signals, and we may implement DNT recognition in the future.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of personal information collected, used, disclosed, and sold.
• Right to Delete: Request deletion of personal information (subject to exceptions).
• Right to Opt-Out: Opt out of sale or sharing of personal information (we do not sell personal information).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information to purposes necessary to perform the services requested by you or as otherwise permitted by law.
• Right to Non-Discrimination: Exercise rights without discriminatory treatment.

To exercise your California privacy rights, contact us at admin@overshare.app. We will verify your identity before processing requests.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of data processing and access to personal data.
• Right to Rectification: Correct inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of personal data ("right to be forgotten").
• Right to Restrict Processing: Limit how we process your personal data.
• Right to Data Portability: Receive personal data in structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing.
• Right to Withdraw Consent: Withdraw consent for data processing at any time.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Legal Basis for Processing (GDPR): We process your personal data based on:

• Consent: You have provided explicit consent for specific processing activities.
• Contractual Necessity: Processing is necessary for the performance of our contract with you (Terms of Service).
• Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.
• Legitimate Interests: Processing is necessary for our legitimate interests (such as fraud prevention, service improvement, network and information security), provided that such interests are not overridden by your fundamental rights and freedoms.

6. Cookies and Tracking Technologies

Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and core Service functionality (cannot be disabled).
• Functional Cookies: Remember preferences, settings, and user choices.
• Analytics Cookies: Collect information about Service usage, performance, and user behavior (Ahoy, Google Analytics).
• Session Cookies: Temporary cookies deleted when you close your browser.
• Persistent Cookies: Remain on your device for a set period or until manually deleted.

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain Service features. For more information about managing cookies, visit your browser's help center.

Third-Party Analytics

We use third-party analytics services including Google Analytics. These services may collect information about your use of the Service and other websites. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7. Children's Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under 18.

If we discover that we have collected personal information from a child under 18, we will delete that information immediately. If you believe we have collected information from a child under 18, please contact us at admin@overshare.app.

Parents and legal guardians have the right to review information collected from their children and request deletion of such information.

8. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

These countries may have data protection laws that differ from your jurisdiction. By using the Service, you consent to the transfer of your information to countries outside your country of residence, including the United States.

For EEA, UK, and Swiss users, we ensure appropriate safeguards are in place for international data transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions by the European Commission.
• Other legally approved transfer mechanisms.

9. Third-Party Services and Links

The Service may contain links to third-party websites, services, or applications not operated by OverShare®. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

Third-party services we integrate with include:

• Twilio (voice communication) - Privacy Policy
• Apple (authentication) - Privacy Policy
• Google/Firebase (notifications, analytics) - Privacy Policy

10. Recording Consent and Legal Compliance

Your Recording Responsibilities

• Determine applicable recording laws in your jurisdiction and the jurisdiction of all call participants.
• Obtain all necessary consents before recording any conversation.
• Provide clear notice to all parties that a call is being recorded.
• Comply with "one-party" or "all-party" (two-party) consent requirements as applicable in your jurisdiction.
• Maintain records of consents obtained.
• Comply with data protection laws regarding storage and use of recordings.

Automated Recording Disclosure

The Service includes an automated "This call is being recorded" announcement that plays at the beginning of recorded calls. However, this announcement does not replace your obligation to comply with applicable recording laws. You remain solely responsible for ensuring compliance with all local, state, and federal recording laws, including two-party consent requirements.

Our Role and Limitations

OverShare® provides tools and technology to enable call recording. We do not:

• Determine whether you have obtained proper consent.
• Provide legal advice regarding recording laws.
• Monitor your compliance with recording laws.
• Assume responsibility for your use of recording features.

You acknowledge and agree that you are solely liable for any violations of recording laws and related damages, claims, or penalties.

11. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Investigate the breach and assess its scope and impact.
• Notify affected users without undue delay (generally within 72 hours of discovery, where required by law).
• Notify relevant regulatory authorities as required by law.
• Provide information about the breach, affected data, and recommended actions.
• Take remedial measures to prevent future breaches.

We will notify you of material changes by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date.
• Sending an email notification to your registered email address.
• Displaying an in-app notification.
• Requesting your consent where required by law.

Notifications will be provided via email, in-app notification, or public notice on our website, as appropriate.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date.
• Sending an email notification to your registered email address.
• Displaying an in-app notification.
• Requesting your consent where required by law.

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Service and close your account.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

13. Legal Disclaimers and Limitations

No Warranty

YOUR INFORMATION IS PROVIDED TO US ON AN "AS IS" BASIS. WE DO NOT WARRANT THAT OUR SECURITY MEASURES WILL PREVENT UNAUTHORIZED ACCESS, LOSS, MISUSE, OR ALTERATION OF YOUR INFORMATION.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, OverShare® SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR USE, ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY OR YOUR INFORMATION, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IN JURISDICTIONS THAT DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OUR LIABILITY SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW.

OUR TOTAL LIABILITY TO YOU FOR ANY CLAIMS ARISING FROM OR RELATED TO THIS PRIVACY POLICY SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE 12 MONTHS PRECEDING THE CLAIM, OR $100, WHICHEVER IS GREATER.

Indemnification

You agree to indemnify, defend, and hold harmless OverShare® and its officers, directors, employees, agents, and affiliates from any claims, damages, losses, liabilities, and expenses (including reasonable attorney's fees) arising from:

• Your violation of this Privacy Policy.
• Your violation of any privacy, data protection, or recording laws.
• Your misuse of the Service or unauthorized disclosure of information.
• Your failure to obtain necessary consents for call recording.
• Your violation of any third-party rights.

Assumption of Risk

You acknowledge and agree that:

• Internet and electronic communications inherently pose security risks.
• No data transmission or storage system is completely secure.
• Unauthorized access, hacking, data loss, and other security incidents may occur despite reasonable security measures.
• You use the Service at your own risk and assume all risks associated with data transmission and storage.

14. Governing Law and Dispute Resolution

Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law provisions.

Dispute Resolution

Any disputes arising from or related to this Privacy Policy shall be resolved through:

• Good-faith negotiations between the parties.
• Binding arbitration under the rules of the American Arbitration Association if negotiations fail.
• Arbitration conducted by a single arbitrator in California.

You waive the right to participate in class action lawsuits or class-wide arbitration related to privacy claims.

Severability

If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact OverShare®.

16. Your Acceptance of This Policy

By using the Service, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Service. Your continued use of the Service following the posting of changes to this Privacy Policy will be deemed your acceptance of those changes.