Privacy Policy

1. Introduction

Welcome to Ovrly. Atriumn Inc. ("Ovrly", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

This Privacy Policy is incorporated into and subject to our Terms of Service. Any capitalized terms not defined here have the meanings given in the Terms of Service.

2. Information We Collect

We collect several types of information from and about users of our Service:

2.1 Information You Provide to Us

Account Information: When you create an account, we collect:

• Email address
• Password (encrypted)
• Display name (optional)
• Profile photo (optional)
• Date of birth (to verify age eligibility)

Authentication via Third-Party Services: If you sign in using Apple Sign-In, Google Sign-In, or other third-party authentication services, we receive:

• Your name and email address from the authentication provider
• A unique identifier from the authentication provider
• Profile photo (if provided by the authentication service)

User Content: We collect content you create, upload, or share on the Service, including:

• Photos and images you upload
• Drawings and overlays you create
• Comments and interactions with other users
• Metadata associated with your content (timestamps, device information, etc.)

Communications: If you contact us, we collect your name, email address, message content, and any attachments you send.

Payment Information: If you purchase Premium Services, payment information is collected and processed by third-party payment processors (Apple App Store, Google Play Store, Stripe). We do not store full payment card details on our servers.

2.2 Information Collected Automatically

Usage Data: We automatically collect information about your interaction with the Service:

• Device information (device type, operating system, device identifiers)
• App usage data (features used, time spent, frequency of use)
• IP address and approximate geographic location
• Browser type and version (for web users)
• Crash reports and error logs

Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activity. See Section 10 for details.

Analytics: We use Amazon CloudWatch and other analytics services to understand how users interact with the Service.

2.3 Information from Third-Party Sources

Social Media Integration: If you connect your social media accounts (YouTube, Instagram, TikTok, X/Twitter, Reddit, Snapchat), we may receive information from those platforms according to your privacy settings on those platforms.

AI-Generated Data: When you use our AI overlay generation features, we process your images using AI/ML services (including Google Gemini). The AI analysis data is stored temporarily and used only to provide the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Maintain the Service

• Create and manage your account
• Process your drawings, photos, and overlays
• Store and display your User Content
• Provide customer support
• Send you service-related notifications

3.2 To Improve and Develop the Service

• Analyze usage patterns to improve features
• Develop new features and functionality
• Conduct research and analytics
• Train and improve our AI/ML models

3.3 To Personalize Your Experience

• Recommend content and features
• Customize your user interface
• Remember your preferences and settings

3.4 For Security and Fraud Prevention

• Detect and prevent fraudulent activity
• Monitor for security threats
• Enforce our Terms of Service
• Comply with legal obligations

3.5 For Marketing and Communications (with your consent)

• Send promotional emails and notifications
• Show you relevant advertisements
• Announce new features and updates

3.6 For Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and prevent harm
• Protect our rights and property

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Other Users

When you share User Content publicly on Ovrly, other users can view, share, and download your content according to your sharing settings. Your profile information (display name, profile photo) is visible to other users when you interact with them.

4.2 With Service Providers

We share your information with third-party service providers who perform services on our behalf:

• Amazon Web Services (AWS): Cloud hosting, data storage (S3, DynamoDB), authentication (Cognito), API services (API Gateway, Lambda), content delivery (CloudFront), and monitoring (CloudWatch)
• Google: AI/ML services (Gemini) for overlay generation, authentication (Google Sign-In)
• Apple: Authentication (Apple Sign-In), push notifications (APNs)
• Resend: Email delivery services
• Social Media Platforms: YouTube, Instagram, TikTok, X/Twitter, Reddit, Snapchat (when you connect your accounts)

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for other purposes.

4.3 For Legal Reasons

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, etc.)
• Requests from law enforcement or government agencies
• Situations involving potential threats to public safety
• Protection of our rights, property, or safety

4.4 Business Transfers

If Atriumn Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Retention

Active Accounts: We retain your personal information for as long as your account is active or as needed to provide you with the Service.

Deleted Accounts: When you delete your account, we delete your personal information within 90 days, except:

• Information required for legal compliance, dispute resolution, or enforcement of our agreements may be retained for up to 7 years
• Backup copies may be retained for up to 90 days for technical recovery purposes
• User Content that other users have shared or downloaded may remain accessible

Usage Data and Analytics: We retain aggregated, anonymized usage data indefinitely for analytics and research purposes.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Data Portability: Request a copy of your data in a machine-readable format
• Opt-Out: Opt out of marketing communications at any time

6.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collected, the sources, purposes, and third parties we share it with
• Right to Delete: Request deletion of personal information we collected from you
• Right to Opt-Out of Sale: We do not sell personal information. If we ever do, you can opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to Limit Use of Sensitive Personal Information: Request limits on use of sensitive personal information

6.3 European Residents (GDPR Rights)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain confirmation of processing and access to your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Request restriction of processing
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@ovrly.co or through the app settings. We will respond to your request within 30 days (or as required by applicable law).

Identity Verification: For your security, we may need to verify your identity before processing your request.

7. Children's Privacy (COPPA Compliance)

Age Requirement: Ovrly is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA).

7.1 Information from Children Under 13

If we discover that we have collected personal information from a child under 13 without parental consent, we will delete that information immediately.

7.2 Parental Rights

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at privacy@ovrly.co. You have the right to:

• Review your child's personal information
• Request deletion of your child's personal information
• Refuse further collection or use of your child's information

7.3 Minors Aged 13-18

If you are between 13 and 18 years old (or the age of majority in your jurisdiction), you should review this Privacy Policy with your parent or legal guardian to ensure you both understand your rights.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

8.1 Security Measures

• Encryption: Data in transit is encrypted using TLS/SSL. Data at rest is encrypted using AWS encryption services.
• Access Controls: We restrict access to personal information to employees, contractors, and agents who need access to perform their job functions.
• Authentication: We use secure authentication mechanisms, including OAuth 2.0 and AWS Cognito.
• Monitoring: We monitor our systems for security threats and vulnerabilities using AWS CloudWatch and other tools.
• Regular Audits: We conduct regular security audits and assessments.

8.2 Your Responsibility

You are responsible for maintaining the security of your account credentials. Use a strong, unique password and do not share it with others. Notify us immediately if you suspect unauthorized access to your account.

8.3 No Guarantee

While we strive to protect your personal information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. International Data Transfers

Your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws different from your country.

Safeguards: When we transfer data internationally, we use appropriate safeguards such as:

• Standard Contractual Clauses approved by regulatory authorities
• Data Processing Agreements with our service providers
• Compliance with applicable data protection frameworks

AWS Infrastructure: We primarily use AWS US-East-1 (Virginia) region for data storage and processing. AWS maintains robust security and compliance certifications.

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files placed on your device to collect standard internet log information and visitor behavior information. We use cookies and similar technologies (web beacons, pixels, local storage) to enhance your experience.

10.2 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (session management, authentication)
• Analytics Cookies: Help us understand how you use the Service (via CloudWatch and other analytics tools)
• Preference Cookies: Remember your settings and preferences
• Marketing Cookies: Used to show you relevant advertisements (with your consent)

10.3 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of the Service.

• Browser Settings: Most browsers allow you to refuse cookies or delete cookies
• Do Not Track: We do not currently respond to "Do Not Track" signals

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services you interact with.

11.1 Social Media Integrations

When you connect social media accounts or share content to social platforms (YouTube, Instagram, TikTok, X/Twitter, Reddit, Snapchat), those platforms' privacy policies apply to the information they collect.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.1 Notification of Changes

If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on this page
• Updating the "Effective Date" at the top of this policy
• Sending an email notification to the address associated with your account
• Displaying a prominent notice within the app

12.2 Your Acceptance

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must stop using the Service and may delete your account.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: