Skip to content
Overpay Owl
Log inAudit my first bill

Privacy Policy

What we collect, how we use it, and the controls you have.

Last updated · April 14, 2026

Overpay Owl handles sensitive financial documents on your behalf. We treat them with the same seriousness we treat our own. This page explains what we do with your data in plain English. The full Terms of Service and a Security overview live on their own pages.

What we collect

  • Account info: name, email, hashed password, plan tier, and (for business accounts) company name and team-member identifiers you invite.
  • Bills you upload: the original file (PDF or image), the structured fields we extract via OCR, and any tags or notes you add.
  • Dispute history: the letters we draft, your edits, the recipient address, the send date, and any responses you forward back to us.
  • Usage telemetry: page views, feature usage, and crash diagnostics. You can opt out in Settings → Privacy.

What we never do

  • Sell your data to third parties.
  • Use your bills to train AI models without explicit, per-user opt-in.
  • Share your dispute history with the vendors you're disputing.
  • Read your account contents for any purpose other than running the product.

Where data lives

Bills and dispute records are stored in encrypted Supabase Postgres (US region) with row-level security tied to your user ID. Uploaded files live in encrypted S3 buckets with private ACLs. Backups are encrypted at rest and retained for 30 days.

Your rights

You can export every byte of your data as a single JSON archive from Settings → Privacy → Export. You can permanently delete your account from the same screen — deletion removes your records within 30 days from primary storage and within 90 days from backups. EU/UK and California residents have additional rights under GDPR and CCPA respectively; email privacy@overpayowl.com to exercise them.

Cookies

We use one strictly-necessary cookie (oo_session) for authentication and one preference cookie (oo_theme) to remember your dark/light choice. We don't use third-party advertising cookies.

Contact

Privacy questions: privacy@overpayowl.com. For DPO inquiries under GDPR Art. 27, the same address reaches us.