Privacy Policy

1. Introduction and data controller

This Privacy Policy explains how Over It (“Over It”, “we”, “us”) collects, uses, shares and protects your personal data when you use the Over It app, website and related services (the “Service”).

The data controller is Over It, located in the Argentine Republic. You can contact us at privacy@over-it.app. The supervisory authority in Argentina is the Agencia de Acceso a la Información Pública (AAIP). This Policy also reflects the standards of the GDPR (European Union) and the CCPA/CPRA (California) for our global audience.

2. Data we collect

Data you provide

• Account data: name or alias, email and, depending on the sign-in method, your Google or Apple identifier.
• Profile data: the information you choose to add.
• User-generated content: community posts, comments and messages.
• Wellbeing data: mood logs, progress, challenge responses and exercise usage.
• Communications: messages you send us (for example, to support).

Data we collect automatically

• Usage and analytics data: interactions, features used and session times.
• Device data: model, operating system, language and device identifiers.
• Crash and performance reports.
• Approximate location derived from your IP address (we do not collect precise location without your consent).

Data from third parties

• Authentication providers (Google, Apple) share basic profile data when you sign in.
• App stores (Apple, Google) process your payments; we receive confirmation of subscription status but not your full payment details.

3. Data about your emotional wellbeing

Mood tracking and other emotional logs may be considered sensitive data. To the extent the law treats them as special categories (for example, health-related data under the GDPR), we process them only on the basis of your explicit consent and with enhanced safeguards. You can withdraw your consent at any time by deleting this data or your account.

4. How and why we use your data (legal bases)

We process your data for the following purposes and legal bases:

• To provide and operate the Service, your account and its features (performance of the contract).
• To process subscriptions and prevent fraud (performance of the contract and legitimate interest).
• To personalize your experience and show relevant content (legitimate interest or consent).
• To record your progress and mood (explicit consent).
• To send push notifications and communications (consent; you can disable them).
• To analyze usage, measure and improve the Service and diagnose crashes (legitimate interest or consent, depending on the jurisdiction).
• To comply with legal obligations and protect rights (legal obligation and legitimate interest).

Where the basis is consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

5. Notifications and communications

With your permission, we may send you push notifications (for example, daily quotes or reminders) and Service-related emails. You can disable push notifications in your device settings and unsubscribe from marketing emails at any time.

6. Cookies, analytics and similar technologies

On our website and app we use cookies, SDKs and similar identifiers to authenticate users, remember preferences, measure usage and improve the Service. Where required by law, we request your consent for non-essential cookies, which you can manage via the consent banner or your device settings.

7. How we share your data

We do not sell your personal data. We may share it with:

• Service providers (processors) acting on our behalf: cloud hosting, analytics, crash reporting, notification delivery, authentication and support.
• App stores, to process payments and subscriptions.
• Authorities or third parties where required by law, to protect rights or safety, or as part of a corporate transaction (merger, acquisition or asset sale).
• Other users, with respect to the User Content you post in the community.

Our providers include Google and Apple sign-in services, the Apple App Store and Google Play for payments, and Resend for email delivery. We also use cloud hosting, analytics, crash-reporting and push-notification providers.

8. International data transfers

Your data may be processed and stored in countries other than yours, including the United States. When we transfer data outside the EEA, the UK or other protected regions, we apply appropriate safeguards, such as the European Commission's Standard Contractual Clauses or other legally recognized mechanisms.

9. Data retention

We keep your data while your account is active and for as long as necessary for the purposes described, unless the law requires or permits a longer period (for example, accounting or tax obligations). When no longer needed, we securely delete or anonymize it.

10. Information security

We apply reasonable technical and organizational measures to protect your data (encryption in transit, access controls, among others). However, no system is completely secure; we cannot guarantee absolute security and we ask you to protect your credentials.

11. Your rights (GDPR — EEA and UK)

If you are in the EEA or the UK, you have the right to:

• Access your data and obtain a copy.
• Rectify inaccurate data.
• Erase your data (“right to be forgotten”).
• Restrict or object to certain processing.
• Data portability.
• Withdraw your consent at any time.
• Lodge a complaint with your local supervisory authority.

To exercise these rights, email us at privacy@over-it.app. We will respond within the legal timeframes.

12. Your rights (CCPA/CPRA — California residents)

If you are a California resident, you have the right to: know what personal information we collect and how we use it; request access or a copy; request correction or deletion; and not be discriminated against for exercising your rights.

We do not sell or “share” your personal information within the meaning of the CCPA/CPRA for cross-context behavioral advertising. If this changes, we will say so and provide the corresponding opt-out. You can exercise your rights by emailing privacy@over-it.app.

13. Your rights (Argentina — Law 25,326)

If you are located in the Argentine Republic, Personal Data Protection Law No. 25,326 grants you the rights of access, rectification, update and deletion of your data (the “habeas data” right). You can exercise them free of charge, within the intervals set by law, by emailing privacy@over-it.app.

The supervisory authority is the Agencia de Acceso a la Información Pública (AAIP), with which you may file complaints. As a data subject, you may request the removal or blocking of your information from our databases under applicable regulations.

14. Account and data deletion

You can delete your account directly from the app, in settings. When you do, we will delete or anonymize your associated personal data, except data we must retain for legal reasons. You can also request deletion by emailing privacy@over-it.app.

15. Children's privacy

The Service is intended only for people aged 18 and over. We do not knowingly collect data from minors. If you believe a minor has provided us with data, contact us at privacy@over-it.app and we will delete it.

16. Automated decision-making

We do not make decisions that produce legal or similarly significant effects on you based solely on automated processing. Content personalization does not produce such effects.

17. Store-specific disclosures

As required by the Apple App Store and Google Play, we keep Apple's privacy nutrition label and Google's Data safety section up to date with the categories of data we collect and their purpose. In case of discrepancy, this Policy prevails.

18. Changes to this Policy

We may update this Policy from time to time. When changes are material, we will notify you by reasonable means and update the “last updated” date. Continued use of the Service constitutes acceptance of the current version.

19. Contact

For privacy questions, email us at privacy@over-it.app or write to Over It, Argentine Republic.