Short version: Overpipe is a B2B sales automation tool. We collect only what we need to run the service — your account details, the prospect data you define, and email activity. We don't sell your data. You can request deletion any time. If you're an EU resident, your full GDPR rights apply.
1. Who We Are (Data Controller)
Overpipe ("we", "us", "our") is operated by Polsia and serves as the data controller for all personal data processed through the Overpipe platform at overpipe.io.
If you have questions about how your data is handled, you can reach our data protection team at:
- Email: privacy@overpipe.io
- General inquiries: hello@overpipe.io
2. What Data We Collect
2.1 Account Data
When you register or use Overpipe, we collect:
- Email address
- Password (stored as a secure hash — we never store plaintext passwords)
- Account preferences and settings
- Subscription plan and billing metadata
2.2 Ideal Customer Profile (ICP) Data
You define the types of companies and contacts you want to target. This includes:
- Target industry, company size, geography
- Role titles and persona descriptions
- Keywords and search criteria you configure
This is your data — we process it solely to run your searches.
2.3 Prospect Data
Overpipe sources prospect information from publicly available sources. This may include:
- Business name, job title, company name
- Professional email address
- Company website and LinkedIn profile (if publicly listed)
- Geographic region
This data is sourced via Brave Search (web search results) and Hunter.io (professional email lookup) — both process only publicly available professional information. See Section 6 for details on these third parties.
Prospect data is business contact information. We process it on the basis of legitimate interests (GDPR Art. 6(1)(f)) — specifically, enabling B2B commercial outreach between businesses, which is a recognised and lawful purpose under GDPR.
2.4 Campaign Data
- Email copy and personalisation templates you write
- Send schedules and campaign configurations
- Recipient lists derived from your prospect data
2.5 Email Activity Data
We track outreach performance metrics, including:
- Email delivery and bounce status (via Postmark)
- Open events (tracked via a 1×1 pixel in outreach emails)
- Click events on links in emails
- Reply detection
Recipients of outreach emails are informed of tracking in accordance with applicable law.
2.6 Usage Data
- Log data (timestamps, feature usage, errors)
- Session tokens stored in your browser's
localStorage - Anonymous analytics via a beacon pixel (page views on overpipe.io)
3. Legal Bases for Processing
| Data Type | Legal Basis | GDPR Article |
|---|---|---|
| Account data | Performance of contract | Art. 6(1)(b) |
| ICP & campaign data | Performance of contract | Art. 6(1)(b) |
| Prospect data (B2B contacts) | Legitimate interests (B2B outreach) | Art. 6(1)(f) |
| Email activity tracking | Legitimate interests (service improvement) | Art. 6(1)(f) |
| Usage/analytics data | Legitimate interests (product analytics) | Art. 6(1)(f) |
Where we rely on legitimate interests, you have the right to object at any time. Contact us at privacy@overpipe.io.
4. How We Use Your Data
We use collected data exclusively to:
- Provide, operate, and improve the Overpipe platform
- Execute prospect searches and generate contact lists based on your ICP
- Send outreach emails on your behalf through your campaigns
- Track email performance metrics (opens, clicks, replies)
- Process payments and manage your subscription
- Send service-critical communications (invoices, outages, security alerts)
- Comply with legal obligations
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days backup window |
| ICP profiles & campaign data | Duration of account, deleted with account |
| Prospect data | 2 years after last campaign activity, or until account deletion |
| Email activity logs | 2 years |
| Billing/invoice records | 7 years (legal/tax obligation) |
| System/error logs | 90 days |
6. Third-Party Services
Overpipe uses the following sub-processors to deliver the service:
Brave Search
Used to search publicly available web content for prospect research. Queries include your ICP criteria. No personal user data is shared — only search queries. Brave Search Privacy Policy →
Hunter.io
Used to verify professional email addresses and find contacts at target companies. Processes publicly available professional information only. Hunter.io Privacy Policy →
Postmark (ActiveCampaign)
Used to deliver outreach emails and transactional messages. Postmark processes email addresses and content of emails sent through campaigns. Postmark Privacy Policy →
Stripe
Used to process subscription payments. Stripe collects billing information including payment card details. Overpipe does not store payment card data. Stripe Privacy Policy →
Neon (PostgreSQL hosting)
Our database infrastructure provider. All user and business data is stored in Neon-managed PostgreSQL databases. Data is encrypted at rest and in transit. Neon Privacy Policy →
Render
Our application hosting provider. Application servers and static assets are hosted on Render infrastructure. Render Privacy Policy →
7. Cookies and Local Storage
Overpipe uses minimal tracking technology:
| Name | Type | Purpose | Duration |
|---|---|---|---|
token |
localStorage | Authentication JWT — keeps you logged in | 7 days |
polsia_vid |
localStorage | Anonymous visitor ID for site analytics (no personal data) | Persistent |
We do not use advertising cookies, cross-site tracking cookies, or third-party analytics platforms like Google Analytics. The analytics beacon on overpipe.io collects only anonymous page-view counts.
8. International Data Transfers
Overpipe's infrastructure (Neon, Render) is hosted in the United States. As an EU-based service, any transfer of personal data from the EU/EEA to the US is conducted under appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) where applicable
- Data Processing Agreements with all sub-processors
For questions about international transfers, contact privacy@overpipe.io.
9. Your GDPR Rights
As a data subject under GDPR, you have the following rights. For detailed information on how to exercise them, see our Data Handling & User Rights page.
- Right of Access (Art. 15) — Request a copy of all personal data we hold about you
- Right to Rectification (Art. 16) — Request correction of inaccurate data
- Right to Erasure (Art. 17) — Request deletion of your data ("right to be forgotten")
- Right to Data Portability (Art. 20) — Receive your data in a machine-readable format
- Right to Restriction (Art. 18) — Request we limit processing of your data
- Right to Object (Art. 21) — Object to processing based on legitimate interests
- Right to Lodge a Complaint — File a complaint with your national data protection authority
To exercise any right, contact privacy@overpipe.io. We respond within 30 days as required by GDPR.
10. Data Security
We take security seriously. Measures we have in place include:
- Passwords stored as bcrypt hashes (never plaintext)
- All data transmitted over HTTPS/TLS
- Database encryption at rest (Neon)
- JWT-based authentication with expiring tokens
- Access controls limiting which staff can query production data
In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Art. 33–34.
11. Children's Privacy
Overpipe is a B2B platform intended exclusively for business use by adults. We do not knowingly collect data from individuals under 18 years of age. If you believe we have inadvertently collected such data, contact us immediately at privacy@overpipe.io.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in law or our practices. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send a notification to your registered email address for significant changes
Continued use of Overpipe after changes take effect constitutes acceptance of the updated policy.
13. Contact Us
For any privacy-related questions, data requests, or complaints:
Overpipe Data Protection
Email: privacy@overpipe.io
General: hello@overpipe.io
We aim to respond to all privacy requests within 30 days. For urgent matters, include "URGENT" in your subject line.
If you are not satisfied with our response, you have the right to lodge a complaint with your national supervisory authority. For EU residents, find your authority at edpb.europa.eu.