Your data, your control. GDPR gives you specific rights over your personal data. This page explains exactly what data Overpipe holds about you, how long we keep it, and how to request access, correction, deletion, or an export — with a guaranteed 30-day response.
Your GDPR Rights at a Glance
Right of Access
Get a full copy of all personal data we hold about you, including how it's used and who it's shared with.
Right to Rectification
Request correction of any inaccurate or incomplete personal data we have on file.
Right to Erasure
Request complete deletion of your account and all associated personal data ("right to be forgotten").
Right to Portability
Receive your data in a structured, machine-readable format (JSON/CSV) to transfer to another provider.
Right to Restriction
Request that we pause processing your data while a dispute or request is resolved.
Right to Object
Object to processing based on legitimate interests, including data sourced for prospect research.
How to Submit a Data Request
All data requests are handled by email. We respond within 30 days as required by GDPR Article 12. For complex requests, we may extend this by an additional 60 days — we'll notify you within the first 30 days if this is the case.
Email us
Send your request to privacy@overpipe.io from the email address associated with your Overpipe account.
Specify what you need
Use one of these subject lines for faster processing:
DATA REQUEST: Access— receive a copy of your dataDATA REQUEST: Deletion— delete my account and all dataDATA REQUEST: Portability— export my data in JSON/CSV formatDATA REQUEST: Rectification— correct specific dataDATA REQUEST: Object— object to processing
Verification
We may ask you to verify your identity before processing the request. This protects you from unauthorized data access. We'll ask for the minimum information necessary to confirm your identity.
We respond
We'll action your request and confirm completion by email within 30 days. Data exports are delivered as a secure download link.
What Your Data Export Contains
When you request a data portability export (Art. 20), you'll receive a JSON file containing:
| Data Category | What's Included |
|---|---|
| Account | Email, account creation date, subscription plan, settings |
| ICP Profiles | All ideal customer profiles you've created with their criteria |
| Prospects | All prospect contact records in your account |
| Campaigns | Campaign names, email copy, schedules, recipient lists |
| Email Activity | Delivery, open, click, and reply records for your campaigns |
| Bookings | Meeting booking records and calendar invites |
Billing records (invoices) are also available on request. Payment card details are held by Stripe and are not included in our export — you can access those directly through Stripe.
Account Deletion
When you request account deletion:
- We will permanently delete your account and all associated data within 30 days
- Backups are purged within a further 30-day backup rotation window
- Billing/invoice records are retained for 7 years to meet legal/tax obligations — this is required by EU law (VAT Directive) and cannot be avoided
- You will receive a confirmation email when deletion is complete
You can also delete your account directly from the Settings page in your Overpipe dashboard. Email deletion is permanent and cannot be undone.
Prospect Data and the Right to Object
Overpipe sources business contact information (prospect data) from publicly available sources to power your sales outreach. This processing is based on legitimate interests under GDPR Art. 6(1)(f).
If you are a prospect (not an Overpipe user)
If you have received an outreach email sent through Overpipe and want your contact information removed from the platform, you have the right to object. To exercise this right:
- Reply to the outreach email with the subject
UNSUBSCRIBE, or - Email privacy@overpipe.io from the email address you wish to remove
We will process your objection within 30 days and ensure you are suppressed from all future Overpipe campaigns. We maintain a suppression list to prevent re-addition of opted-out contacts.
Legitimate interests balancing test
Our use of publicly available B2B contact data for sales outreach is a recognised and lawful purpose under GDPR. We have conducted a Legitimate Interests Assessment (LIA) to confirm this use does not override data subjects' fundamental rights. Key factors in this assessment:
- Data is limited to professional (not personal) contact information
- Sourced from public, professional-context sources only
- Used only for B2B commercial outreach (not personal solicitation)
- Recipients can opt out at any time with no friction
- We do not process special categories of data (Art. 9)
Data Breach Notification
In the event of a personal data breach, Overpipe will:
- Notify the relevant supervisory authority within 72 hours of becoming aware (GDPR Art. 33)
- Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Art. 34)
- Breach notifications will include: the nature of the breach, categories of data affected, likely consequences, and measures taken to address it
Lodge a Complaint
If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with a supervisory authority. You can contact:
- The supervisory authority in the EU member state where you reside or work
- Or the supervisory authority in the country where the alleged infringement took place
Find your national authority: edpb.europa.eu/members
We always prefer to resolve issues directly first — please contact us at privacy@overpipe.io before filing a formal complaint.
Need to submit a data request?
Email us and we'll respond within 30 days, as required by GDPR.
Email privacy@overpipe.io →