1. Who We Are
Overtura is a social media management platform operated by Insomniac Software SRL, a company registered in Romania. We act as the data controller for the personal data we collect through our platform and marketing website.
Contact details:
- Company: Insomniac Software SRL
- Email: privacy@overtura.ai
- Website: https://overtura.ai
2. Marketing Website Visitors
Our marketing website at overtura.ai does not use cookies, analytics, or tracking scripts. We do not collect personal data from anonymous visitors. Our CDN provider may log IP addresses and request metadata in server logs for security and performance purposes; these logs are retained for a limited period as determined by the CDN provider.
If you contact us via email (support@overtura.ai), your email address and message content are processed to respond to your inquiry under our legitimate interest (Art. 6(1)(f) GDPR).
3. What Data We Collect (Platform Users)
When you create an account on the Overtura platform, we collect the following:
Account Data
- Name and email address
- Password (stored as a cryptographic hash)
- Account preferences and settings
Social Media Data
When you connect your social accounts (Facebook, Instagram, X/Twitter, LinkedIn), we collect:
- Account profile information (name, username, profile picture, biography)
- Page and post engagement metrics (likes, comments, shares, reach)
- Post content and media you publish through our platform
- Follower demographics and audience insights
- OAuth access tokens (stored encrypted)
AI-Generated Content
Overtura uses AI models from third-party providers to generate content (text, images, and videos) on your behalf. Your brand profile, content preferences, and conversation history are sent to these AI providers to generate relevant content. We do not use your data to train AI models. AI providers process data under strict data processing agreements.
Usage Data
- IP address and browser information
- Pages visited and features used
- Session duration and interaction patterns
Payment Data
- Billing information is processed by Stripe and not stored on our servers
4. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the social media management service | Contract performance (Art. 6(1)(b)) |
| Publishing content to your social accounts | Contract performance (Art. 6(1)(b)) |
| AI-powered content generation | Contract performance (Art. 6(1)(b)) |
| Displaying analytics and insights | Contract performance (Art. 6(1)(b)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Service improvement and debugging | Legitimate interest (Art. 6(1)(f)) |
| Tax and accounting records | Legal obligation (Art. 6(1)(c)) |
5. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 30 days |
| OAuth tokens | Duration of active connection |
| Social media metrics | 24 months from collection |
| Published content | Duration of account |
| AI conversation history | Duration of account |
| Server logs (with IP) | 90 days |
| Payment/billing records | 10 years (Romanian fiscal code) |
6. Data Sharing
We share your data with the following categories of recipients:
- Cloud infrastructure providers for hosting and data storage
- Meta (Facebook/Instagram) for social media API interactions
- X/Twitter and LinkedIn for social media API interactions
- AI model providers for content generation (under data processing agreements)
- Stripe for payment processing
- Law enforcement when legally required
We do not sell your personal data or share it with third parties for their own marketing purposes.
7. Data Isolation
Overtura is a multi-tenant platform. Each organization's data is stored in a separate, isolated database schema. One organization cannot access another organization's social media data, analytics, or account information.
8. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access — obtain a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion of your data
- Right to restriction — limit how we process your data
- Right to data portability — receive your data in a structured format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — withdraw consent at any time
To exercise any of these rights, contact us at privacy@overtura.ai.
10. Facebook/Instagram Data Deletion
When you disconnect your Facebook Page or Instagram account from Overtura, or when you remove our app from your Facebook settings, we automatically delete all data obtained from Meta's APIs for that account.
11. Cookies
The marketing website at overtura.ai does not use cookies. The application at app.overtura.ai uses strictly necessary cookies for authentication and session management. These cookies are essential for the platform to function and do not require your consent. We do not use third-party tracking or advertising cookies.
12. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority. For Romania:
- ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal)
- B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucuresti, Romania
- Website: dataprotection.ro
13. Changes to This Policy
We may update this privacy policy from time to time. We will notify registered users of significant changes by email or through the platform. The "Last updated" date at the top reflects the most recent revision.