Privacy Policy for Overhere
Effective Date: January 2025
1. Introduction
This Privacy Policy governs the data collection, usage, and sharing practices of the Overhere browser extension ("Extension", "we", "us", or "our"). We are committed to protecting your privacy and ensuring transparency in how we handle your personal information.
By installing and using the Overhere extension, you consent to the data practices described in this policy.
2. Information We Collect
2.1 User Account Information
When you create an account or sign in, we collect:
- Email address - Used for authentication and account identification
- Username - Your chosen display name for chat interactions
- Full name (optional) - If provided during registration
- Profile information (optional) - Including profile URL and description
- Authentication tokens - Secure session identifiers for maintaining your login state
2.2 Chat and Communication Data
When you use the chat features, we collect:
- Chat messages - Text content you send in public chat rooms
- Direct messages - Private messages sent between users
- Timestamps - When messages were sent
- User IDs - To associate messages with senders
2.3 Browsing Context Information
To provide location-based chat rooms, we collect:
- Current webpage URL - To determine which chat room to connect you to
- Tab activity status - Whether the tab is active or idle
- Presence information - Your online/offline status
2.4 Device and Technical Information
- WebSocket connection data - Technical information required for real-time chat
- Extension version - For compatibility and support purposes
2.5 Automatically Collected Information
Our servers may automatically log:
- Connection timestamps - When you connect or disconnect from chat
- Error logs - Technical errors for debugging (no personal data included)
- Performance metrics - Anonymous usage statistics
3. How We Use Your Information
We use the collected information for the following purposes:
- Provide chat functionality - Enable real-time messaging with other users on the same webpage
- User authentication - Maintain your login session and verify your identity
- Message delivery - Route messages to appropriate recipients
- Presence management - Show online/offline status to other users
- Service improvement - Debug issues and enhance user experience
- Security purposes - Prevent abuse, spam, and maintain platform integrity
- Legal compliance - Comply with applicable laws and regulations
4. Information Sharing and Disclosure
4.1 With Other Users
The following information is visible to other users:
- Your username and online status in chat rooms
- Messages you send in public chat rooms
- Your profile information if you choose to make it public
4.2 Third-Party Services
We use the following third-party services:
- Supabase - For authentication and database services. Data is transmitted securely to Supabase servers for user authentication and profile storage.
- Cloudflare Workers - For WebSocket connections and real-time chat infrastructure. Messages are routed through Cloudflare's network.
- Vercel - Hosts our authentication pages. Only authentication-related data is processed through Vercel.
4.3 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests, including:
- Court orders or subpoenas
- Government investigations
- To protect our rights, privacy, safety, or property
- To enforce our terms of service
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity after obtaining explicit prior consent from users.
5. Data Storage and Security
5.1 Storage Locations
- Local Storage - Authentication tokens, user preferences, and device IDs are stored locally in your browser
- Chrome Storage API - Used for syncing settings across devices when signed into Chrome
- Supabase Cloud - User profiles and authentication data
- Cloudflare D1 Database - Chat messages and presence information
5.2 Security Measures
We implement the following security measures:
- All data transmissions use modern cryptography (TLS/SSL)
- Authentication tokens are securely stored and transmitted
- Regular security updates and monitoring
- Access controls and authentication for all services
5.3 Data Retention
- Chat messages - Retained for all rooms
- User accounts - Retained until account deletion is requested
- Connection logs - Retained for 24 hours for debugging
6. Your Rights and Choices
6.1 Access and Portability
You have the right to:
- Access your personal data we store
- Receive a copy of your data in a portable format
- Review your chat history while logged in
6.2 Correction and Deletion
You may:
- Update your profile information at any time
- Delete your account and associated data
- Request removal of specific messages (subject to technical feasibility)
6.3 Communication Preferences
- Control who can send you direct messages
- Disable presence indicators
7. Chrome Web Store Limited Use Policy Compliance
The use of information received from Google APIs and Chrome APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
We strictly limit our use of user data to providing and improving the chat functionality as described in this privacy policy. We do not:
- Sell user data to third parties
- Use data for advertising purposes
- Transfer data for unrelated purposes
- Use data for creditworthiness or lending purposes
8. Children's Privacy
The Overhere extension is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. By using the extension, you consent to the transfer of information to countries outside of your country of residence.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:
- Updating the "Effective Date" at the top of this policy
- Providing notice through the extension interface
- Sending an email to registered users (if applicable)
Continued use of the extension after such changes constitutes acceptance of the updated policy.
11. Data Processing Legal Basis
We process your personal data under the following legal bases:
- Consent - You have given consent for processing for specific purposes
- Contract - Processing is necessary to provide the services you requested
- Legitimate Interests - For service improvement and security purposes
- Legal Obligations - When required by applicable laws