Privacy Policy
Last updated: 10 April 2026
This Privacy Policy describes how OVERLAY Tools ("we", "us", "our") collects, uses, and protects your personal information when you use the OVERLAY web application ("Service"). We are committed to handling your data responsibly and transparently.
1. Information We Collect
Information you provide
| Data | When | Purpose |
|---|---|---|
| Email address | Account creation | Authentication, account communications |
| Full name | Account creation | Personalisation, account identification |
| Password | Account creation | Authentication (stored as a salted hash — we never see your plaintext password) |
| Payment details | Subscription checkout | Payment processing (handled entirely by Stripe — we do not store card numbers) |
Content you upload
PDF files, annotations, measurements, project data, and other content you create within the Service ("Your Content") are stored to provide the Service. We do not access, analyse, or use Your Content for any purpose other than delivering the Service to you.
Information collected automatically
| Data | Purpose |
|---|---|
| Session tokens | Maintaining login state and enforcing single-session policy |
| Timestamps (last active, subscription dates) | Service operation, billing |
We do not use cookies for advertising or tracking. We do not use analytics services such as Google Analytics. We do not collect IP addresses, browser fingerprints, or device identifiers beyond what is necessary for standard HTTPS connections.
2. How We Use Your Information
We use your information solely to:
- Provide, maintain, and improve the Service
- Process your subscription payments
- Send transactional emails (account confirmation, password reset, subscription receipts)
- Enforce our Terms of Service (including single-session policy)
- Respond to support requests
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Third-Party Services
We use a small number of third-party services to operate OVERLAY. Each processes only the minimum data necessary:
| Service | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Supabase | Authentication, database, file storage | Email, name, password hash, project data, PDF files | supabase.com/privacy |
| Stripe | Payment processing | Email, payment method details | stripe.com/privacy |
| Vercel | Web hosting | Standard HTTP request data | vercel.com/legal/privacy-policy |
| Cloudflare | DNS and domain management | Standard DNS request data | cloudflare.com/privacypolicy |
4. Data Storage and Security
Your data is stored on Supabase infrastructure in the Singapore region. All data is transmitted over encrypted HTTPS connections. Database access is protected by Row Level Security — users can only access their own data.
PDF files are stored in a private Supabase Storage bucket accessible only to the file owner. We use Stripe for all payment processing — we never store, see, or have access to your credit card numbers.
While we implement commercially reasonable security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.
5. Data Retention
We retain your account data and content for as long as your account is active. If you cancel your subscription, your data remains accessible until your billing period ends. After that, your data may be retained for up to 90 days before deletion.
If you wish to delete your account and all associated data, contact us at hello@overlay-tools.com and we will process your request within 30 days.
6. Your Rights
Under the Australian Privacy Act 1988 and applicable privacy laws, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of your personal information
- Export your project data (using the .overlay export feature or PDF export)
- Withdraw consent for data processing (by cancelling your account)
To exercise any of these rights, contact us at hello@overlay-tools.com.
7. Children's Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to remove that information.
8. International Data Transfers
Our infrastructure providers (Supabase, Stripe, Vercel, Cloudflare) may process data in jurisdictions outside Australia. By using the Service, you consent to the transfer of your information to these providers in accordance with their respective privacy policies.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service. Your continued use of the Service after the changes take effect constitutes your acceptance of the updated policy.
10. Contact
If you have questions about this Privacy Policy or how we handle your data, contact us at hello@overlay-tools.com.
← Back to overlay-tools.com