1. What we collect
Visitor data on your site (messages, click events, names/emails if you collect them), operator data (email, profile, action logs) and plan metadata (payments, usage of limits). We do NOT collect biometrics, special categories under GDPR Art. 9, or use cross-site tracking cookies.
2. Legal basis
GDPR Art. 6(1)(b) — performance of contract (delivering the service). For analytics cookies on overcap.ru — Art. 6(1)(a), your consent via the cookie banner, revocable any time.
3. Why we process it
To deliver the service: route conversations to operators, compute analytics, issue invoices, protect the service from abuse. We do not sell data to third parties and never use it for ads.
4. Where it lives
All customer data lives in the EU (Frankfurt and Amsterdam). Backups are encrypted and stay inside the EU. Cross-border transfers outside EU/EEA only via Standard Contractual Clauses (SCCs).
5. Retention
Active conversations — for as long as you are a customer. Within 30 days of account closure all data is deleted. Security logs are kept for 12 months. Financial records — 6 years (tax law requirement).
6. Cookies
We use three cookie categories: necessary (auth, language, security — required), analytics (first-party stats; can be disabled via the cookie banner), and we do NOT use marketing cookies. Manage your choice any time via the cookie banner.
7. Your rights
You can request export of all your data, rectification, deletion, restriction of processing, and portability. These are GDPR rights (Art. 15–22). Email privacy@overcap.ru — we reply within 30 days. You may also lodge a complaint with the supervisory authority in your country (EU list at edpb.europa.eu).
8. Contact
All privacy questions — privacy@overcap.ru. Reach our DPO (Data Protection Officer) at the same address with [DPO] in the subject. Legal entity: Overcap GmbH, Berlin, DE.