Privacy Policy
Last updated: January 10, 2026
1. Introduction
Oversearch ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI search optimization platform.
Oversearch is operated as a sole proprietorship registered in Germany (Gewerbe). Full legal identity and address are provided in our Legal Notice / Impressum.
2. Information We Collect
Account Information
- Email address, name, and company details
- Billing information (processed securely by third-party payment providers)
Usage Data
- Website pages and URLs you analyze
- Keywords and prompts you configure
- Scan results and citation data
- Log data including IP addresses and browser information
3. How We Use Your Information
We use collected data to:
- Provide and improve our services
- Process your scans and generate reports
- Send service notifications and updates
- Analyze platform usage and performance
4. Data Sharing
We do not sell your personal information. We may share data with:
- Service providers who assist in platform operations
- Legal authorities when required by law
5. Data Security
We implement industry-standard security measures to protect your data. See Section 11: Security for details.
6. Your Rights
You have the right to access, correct, or delete your personal data. EU users have additional rights under GDPR. See Section 8: Your GDPR Rights for more information.
7. Contact Us
Privacy contact: hello@oversearch.ai
8. Your GDPR Rights
Oversearch is committed to compliance with the General Data Protection Regulation (GDPR) for all EU users.
Your Rights Under GDPR
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing of your data
Legal Basis for Processing
We process your data based on:
- Contractual necessity (to provide our services)
- Legitimate interests (platform improvement and security)
- Your consent (for marketing communications)
Data Retention
We retain personal data for as long as your account is active or as needed to provide services. Scan results are retained according to your plan's history limits.
International Data Transfers
Data may be transferred to and processed in countries outside the EU. We ensure appropriate safeguards are in place through standard contractual clauses.
Exercising Your Rights
To exercise your GDPR rights, contact us at hello@oversearch.ai.
9. Cookie Policy
What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us provide and improve our services.
Types of Cookies We Use
Essential Cookies
Required for the platform to function. These cannot be disabled.
- Authentication and session management
- Security and fraud prevention
Analytics Cookies
Help us understand how users interact with our platform.
- Page views and navigation patterns
- Feature usage statistics
Preference Cookies
Remember your settings and preferences.
- Dashboard configurations
- Display preferences
Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may limit platform functionality.
Third-Party Cookies
We use select third-party services that may set their own cookies:
- Analytics providers
- Payment processors
Cookie Policy Updates
We may update this policy periodically. Continued use of our platform constitutes acceptance of changes.
10. DPA
This Data Processing Agreement ("DPA") forms part of the agreement between Oversearch ("Processor") and you ("Controller") for the provision of AI search optimization services.
Definitions
Terms used in this DPA have the meanings assigned in the GDPR (Regulation EU 2016/679) unless otherwise defined.
Scope and Purpose
This DPA applies to personal data processed by Oversearch on your behalf when providing services under our Terms of Service.
Processor Obligations
Oversearch shall:
- Process personal data only on documented instructions from you
- Ensure persons authorized to process data are bound by confidentiality
- Implement appropriate technical and organizational security measures
- Assist you in responding to data subject requests
- Notify you of any personal data breaches without undue delay
- Delete or return personal data upon termination of services
Controller Responsibilities
You are responsible for:
- Ensuring you have a legal basis for processing
- Providing clear instructions for data processing
- Obtaining necessary consents from data subjects
- Maintaining records of processing activities
Subprocessors
We engage subprocessors to assist in service delivery. We will notify you of changes to subprocessors.
Data Subject Rights
We will assist you in fulfilling data subject requests (access, rectification, erasure, etc.) within a reasonable timeframe.
Security Measures
Technical and organizational measures include:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security audits and testing
- Incident response procedures
Data Breach Notification
We will notify you within 48 hours of becoming aware of a personal data breach affecting your data.
Audits and Compliance
Enterprise customers may request security audits. Contact us at hello@oversearch.ai to arrange.
Termination
Upon termination, we will delete or return personal data within 30 days unless legally required to retain it.
DPA Contact
For DPA inquiries: hello@oversearch.ai
11. Security
Oversearch implements comprehensive security measures to protect your data and maintain platform integrity.
Infrastructure Security
Data Encryption
- In Transit: TLS 1.3 for all connections
- At Rest: AES-256 encryption for stored data
Hosting and Network
- Infrastructure hosted on secure, certified cloud providers
- Firewalls and network segmentation
- DDoS protection and rate limiting
- Regular vulnerability scanning
Application Security
Access Controls
- Role-based access control (RBAC)
- Multi-factor authentication (MFA) available
- Session management and timeout policies
- Password requirements and hashing (bcrypt)
Development Practices
- Secure code review processes
- Dependency vulnerability monitoring
- Automated security testing in CI/CD
- Regular penetration testing
Data Protection
Data Minimization
We collect only data necessary for service provision.
Data Retention
Scan results are retained according to your plan limits. Account data is deleted within 30 days of account closure.
Backups
Automated daily backups with encryption. Backup retention for 30 days.
Operational Security
Incident Response
- 24/7 security monitoring
- Documented incident response procedures
- Breach notification process (within 48 hours)
Employee Access
- Background checks for team members
- Principle of least privilege
- Security training and awareness programs
- Confidentiality agreements
Compliance
We maintain compliance with:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- Industry best practices and standards
Third-Party Security
All subprocessors undergo security reviews.
Reporting Security Issues
If you discover a security vulnerability:
- Email: hello@oversearch.ai
- Do not publicly disclose until we've addressed the issue
- We aim to respond within 24 hours
Security Updates
We continuously improve our security posture. Material changes to this policy will be communicated to customers.
Enterprise Security
Enterprise customers can request:
- Security audits and assessments
- Custom DPA terms
- SLA agreements
- Dedicated support
Contact us at hello@oversearch.ai for details.