Skip to content

Privacy Policy

Last updated: March 19, 2026

1. Who We Are

Overtura is a social media management platform operated by Insomniac Software SRL, a company registered in Romania. We act as the data controller for the personal data we collect through our platform and marketing website.

Contact details:

  • Company: Insomniac Software SRL
  • Email: privacy@overtura.ai
  • Website: https://overtura.ai

2. Marketing Website Visitors

Our marketing website at overtura.ai does not use cookies, analytics, or tracking scripts. We do not collect personal data from anonymous visitors. Our CDN provider may log IP addresses and request metadata in server logs for security and performance purposes; these logs are retained for a limited period as determined by the CDN provider.

If you contact us via email (support@overtura.ai), your email address and message content are processed to respond to your inquiry under our legitimate interest (Art. 6(1)(f) GDPR).

3. What Data We Collect (Platform Users)

When you create an account on the Overtura platform, we collect the following:

Account Data

  • Name and email address
  • Password (stored as a cryptographic hash)
  • Account preferences and settings

Social Media Data

When you connect your social accounts (Facebook, Instagram, X/Twitter, LinkedIn), we collect:

  • Account profile information (name, username, profile picture, biography)
  • Page and post engagement metrics (likes, comments, shares, reach)
  • Post content and media you publish through our platform
  • Follower demographics and audience insights
  • OAuth access tokens (stored encrypted)

AI-Generated Content

Overtura uses AI models from third-party providers to generate content (text, images, and videos) on your behalf. Your brand profile, content preferences, and conversation history are sent to these AI providers to generate relevant content. We do not use your data to train AI models. AI providers process data under strict data processing agreements.

Usage Data

  • IP address and browser information
  • Pages visited and features used
  • Session duration and interaction patterns

Payment Data

  • Billing information is processed by Stripe and not stored on our servers

4. How We Use Your Data

PurposeLegal Basis (GDPR)
Providing the social media management serviceContract performance (Art. 6(1)(b))
Publishing content to your social accountsContract performance (Art. 6(1)(b))
AI-powered content generationContract performance (Art. 6(1)(b))
Displaying analytics and insightsContract performance (Art. 6(1)(b))
Security monitoring and fraud preventionLegitimate interest (Art. 6(1)(f))
Service improvement and debuggingLegitimate interest (Art. 6(1)(f))
Tax and accounting recordsLegal obligation (Art. 6(1)(c))

5. Data Retention

Data CategoryRetention Period
Account dataDuration of account + 30 days
OAuth tokensDuration of active connection
Social media metrics24 months from collection
Published contentDuration of account
AI conversation historyDuration of account
Server logs (with IP)90 days
Payment/billing records10 years (Romanian fiscal code)

6. Data Sharing

We share your data with the following categories of recipients:

  • Cloud infrastructure providers for hosting and data storage
  • Meta (Facebook/Instagram) for social media API interactions
  • X/Twitter and LinkedIn for social media API interactions
  • AI model providers for content generation (under data processing agreements)
  • Stripe for payment processing
  • Law enforcement when legally required

We do not sell your personal data or share it with third parties for their own marketing purposes.

7. Data Isolation

Overtura is a multi-tenant platform. Each organization's data is stored in a separate, isolated database schema. One organization cannot access another organization's social media data, analytics, or account information.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — obtain a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to restriction — limit how we process your data
  • Right to data portability — receive your data in a structured format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent at any time

To exercise any of these rights, contact us at privacy@overtura.ai.

10. Facebook/Instagram Data Deletion

When you disconnect your Facebook Page or Instagram account from Overtura, or when you remove our app from your Facebook settings, we automatically delete all data obtained from Meta's APIs for that account.

11. Cookies

The marketing website at overtura.ai does not use cookies. The application at app.overtura.ai uses strictly necessary cookies for authentication and session management. These cookies are essential for the platform to function and do not require your consent. We do not use third-party tracking or advertising cookies.

12. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For Romania:

  • ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
  • B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucuresti, Romania
  • Website: dataprotection.ro

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes by email or through the platform. The "Last updated" date at the top reflects the most recent revision.