Privacy policy.

Visitor data on your site (messages, click events, names/emails if you collect them), operator data (email, profile, action logs) and plan metadata (payments, usage of limits). We do NOT collect biometrics, special categories under GDPR Art. 9, or use cross-site tracking cookies.

GDPR Art. 6(1)(b) — performance of contract (delivering the service). For analytics cookies on overcap.ru — Art. 6(1)(a), your consent via the cookie banner, revocable any time.

To deliver the service: route conversations to operators, compute analytics, issue invoices, protect the service from abuse. We do not sell data to third parties and never use it for ads.

Our database (Supabase) and email service (Sendersy / Postal) sit on EU servers. Backups are encrypted and stay inside the EU. For users in Russia, 152-FZ applies; primary collection of personal data of Russian citizens uses databases that meet localization requirements.

Active conversations — for as long as you are a customer. Within 30 days of account closure all data is deleted. Security logs are kept for 12 months. Financial records — 6 years (tax law requirement).

We use three cookie categories: necessary (always on — required for the site), analytics (only with your consent), and we do NOT use marketing/tracking cookies. Your choice is stored for 1 year via the cookie banner; you may revisit it any time.

You can request export of all your data, rectification, deletion, restriction of processing, and portability. These are GDPR rights (Art. 15–22) and Russian 152-FZ rights (Art. 14–17). Email support@overcap.ru — we reply within 30 days. You may lodge a complaint with Roskomnadzor (RU) or your EU supervisory authority (list at edpb.europa.eu).