PRIVACY POLICY

Welcome to OverArc ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of personal data when you use our AI automation services, visit our website (https://overarc.co), or interact with us in any way.

By using our services or providing us with your information, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.

Company Name: OverArc

Owner: Shabir Ahmad

Location: Swat, KPK Pakistan

Contact Email: shabir@overarc.co

Phone: +923249116764 (WhatsApp available)

Website: https://overarc.co

3.1 Personal Information You Provide

We collect information that you voluntarily provide to us when:

• Contacting us (email, WhatsApp, phone calls)
• Booking a discovery call (name, email, phone, company)
• Signing up for our services (business details, phone numbers, CRM access)
• Submitting forms on our website
• Corresponding with us via any channel

Types of Personal Information:

• Name
• Email address
• Phone number
• Company name
• Business address
• Job title
• Payment information (for billing)
• Website URL
• Phone system access (for AI voice agent setup)

3.2 Information Collected Automatically

When you visit our website, we may collect:

• Device information: IP address, browser type, operating system
• Usage data: Pages visited, time spent, click patterns
• Cookies: See Section 7 for details
• Analytics data: Google Analytics (see Section 7)

3.3 Information from Third Parties

We may receive information from:

• Cold email tools (Instantly, Apollo) – business contact information
• CRM integrations (HubSpot, Salesforce) – lead data you authorize
• Phone systems (Twilio) – call logs, SMS data (only for clients we build for)
• Payment processors (Stripe) – billing information

We use the information we collect for the following purposes:

4.1 Service Delivery

• Build and deploy AI automation workflows for clients
• Set up Twilio phone numbers and webhooks
• Integrate with your CRM, calendar, and other tools
• Monitor and maintain your automation systems
• Troubleshoot issues and provide support

4.2 Business Operations

• Respond to your inquiries and requests
• Schedule and conduct discovery calls
• Send project updates and maintenance notifications
• Process payments and manage billing
• Maintain business records

4.3 Marketing (With Your Consent)

• Send newsletters or promotional emails (you can opt-out)
• Share case studies and testimonials (with your permission)
• Follow up on discovery calls

4.4 Analytics \& Improvement

• Analyze website usage to improve our services
• Understand customer needs and preferences
• Measure service performance

4.5 Legal \& Compliance

• Meet legal obligations (tax, accounting)
• Protect our rights and property
• Prevent fraud or misuse of our services

5.1 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties.

5.2 We Share Information With:

Service Providers (Only when necessary for your service):

• Twilio: For phone/SMS services (your call data flows through Twilio)
• Google: For Sheets, Calendar, Gemini AI (your lead data stored in Google)
• Stripe: For payment processing (billing information)
• Railway: For n8n hosting (workflow data)
• HubSpot/Salesforce: For CRM integration (lead data you authorize)

Legal Requirements:

• If required by law, court order, or government regulation
• To protect our rights, safety, or property
• To prevent fraud or security issues

With Your Consent:

• If you explicitly agree to share information (e.g., testimonial, case study)

6.1 Where We Store Data

• Client Automation Data: Stored in Google Sheets, Google Calendar, Twilio (cloud-based)
• Business Contact Data: Stored in Instantly, Apollo, email (cloud-based)
• Payment Data: Stored by Stripe (encrypted, PCI-compliant)
• Website Data: Stored on Carrd/Railway hosting servers

6.2 Security Measures

We implement reasonable security measures to protect your information:

• Encryption: Data transmitted via HTTPS (encrypted)
• API Keys: Stored securely in n8n (not exposed publicly)
• Access Control: Only authorized team members access client data
• Backups: Automated backups of Google Sheets data
• Password Protection: Accounts secured with strong passwords

6.3 Limitations

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7.1 Cookies We Use

Google Analytics:

• Tracks website visitors (anonymous data)
• Measures page views, bounce rate, session duration
• You can opt-out: Install Google Analytics Opt-out

Carrd/Cookie Banner:

• Essential cookies for website functionality
• No tracking cookies without consent

7.2 How to Control Cookies

• Browser Settings: Most browsers allow you to block cookies
• Clear Cookies: Delete cookies periodically
• Opt-Out Tools: Use browser extensions to block tracking

Depending on your location, you may have the following rights:

8.1 Access

• Request a copy of your personal data we hold
• How: Email shabir@overarc.co

8.2 Correction

• Update or correct inaccurate information
• How: Email shabir@overarc.co

8.3 Deletion

• Request deletion of your personal data (subject to legal obligations)
• How: Email shabir@overarc.co

8.4 Opt-Out

• Stop receiving marketing emails (click "unsubscribe" in email)
• Stop cookies (see Section 7)

8.5 Data Portability

• Request your data in a common format (CSV, Excel)
• How: Email shabir@overarc.co

9.1 How Long We Keep Data

• Client Automation Data: Kept indefinitely while service is active, and for 30 days following service cancellation.
• Business Contact Data: Kept for 2 years after last contact
• Billing Data: Kept for 7 years (tax/legal requirements)
• Website Analytics: Kept for 14 months (Google Analytics default)

9.2 When We Delete Data

• You request deletion (and no legal obligation to keep)
• Service canceled + 30 days (for backup purposes)
• Business contact inactive for 2 years

10.1 Where Data May Be Transferred

Your information may be transferred to and processed in countries outside your country of residence, including:

• United States (Google, Twilio, Stripe servers)
• Pakistan (our office location)
• Other countries (third-party service providers)

10.2 Data Protection

We ensure appropriate safeguards for international transfers:

• Use of reputable, secure providers (Google, Twilio, Stripe)
• Contracts with data protection clauses
• Compliance with applicable laws

11.1 Age Restriction

Our services are NOT intended for individuals under 18 years of age.

11.2 No Collection from Children

We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it immediately.

Our website may contain links to third-party websites (e.g., Twilio, Google, Stripe).

We are NOT responsible for the privacy practices of those sites. Please review their privacy policies.

Third Parties We Use:

• Twilio: https://www.twilio.com/legal/privacy
• Google: https://policies.google.com/privacy
• Stripe: https://stripe.com/privacy
• Carrd: https://carrd.co/legal/privacy
• and more

13.1 We May Update This Policy

• We may revise this Privacy Policy periodically
• Changes will be posted on this page
• "Effective Date" and "Last Updated" will be refreshed

13.2 Your Continued Use = Acceptance

If you continue using our services after changes, you agree to the updated policy.

13.3 Major Changes

For significant changes, we will notify you via:

• Email (if we have your contact)
• Website banner notice

If you are in the European Union or United Kingdom:

14.1 Our Legal Basis

We process your personal data based on:

• Contract: Necessary to fulfill our service agreement with you
• Legitimate Interest: Business operations (contacting prospects, analytics)
• Consent: Marketing emails (you can opt-out)
• Legal Obligation: Tax, accounting requirements

14.2 Your GDPR Rights

• Right to access, correct, delete your data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent (marketing)
• Right to lodge a complaint with supervisory authority

Contact: shabir@overarc.co

15.1 Privacy Questions

If you have questions about this Privacy Policy or our data practices:

Email: shabir@overarc.co

Phone: +923249116764 (WhatsApp)

Address: Swat, KPK Pakistan

15.2 Response Time

We will respond to privacy requests within 30 days.

16.1 Pakistan Laws

We comply with applicable Pakistani laws regarding data protection.

16.2 International Laws

For clients outside Pakistan, we comply with:

• GDPR (EU/UK users)
• CCPA (California users, if applicable)
• Local data protection laws in client's country

17.1 AI Voice Agent Clients

If we build an AI voice agent for you:

Data We Access:

• Call logs (Twilio)
• SMS messages (Twilio)
• Lead information (Google Sheets)
• Appointment data (Google Calendar)
• CRM data (if you authorize)

Data We DO NOT Access:

• Your customer's credit card information
• Your internal business documents (unless authorized)
• Your employee personal data (unless authorized)

Data Ownership:

• All data belongs to YOU (the client)
• We are a data processor, not data owner
• You can request full data export at any time

17.2 Data Destruction

When service ends:

• We delete access to your Twilio, Google, CRM accounts
• We retain backup for 30 days (for recovery)
• After 30 days, all data permanently deleted
• You can request immediate deletion (no backup)

By using our services, you consent to:

• Collection and use of your information as described
• International data transfers (Section 10)
• Cookie usage (Section 7)
• This Privacy Policy's terms

Thank you for trusting OverArc.