/ Privacy Policy
overmind is commited to data security.
1. Overview and Scope {#overview}
Overmind provides AI-powered security evaluation and protection services for organizations globally (including the UK and EU). This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our website, services, AI security platform, and browser extensions (Chrome, Edge, Safari).
What This Policy Covers
Personal information collected via our websites, services, AI security tools and APIs, browser extensions, customer communications, and business relationships
Applies to individual users and business contacts
Customer Data Distinction
When we provide services to enterprise customers, we process customer data under our Data Processing Addendum (DPA) and customer instructions. This policy governs Overmind's own business operations and direct relationships with individuals (e.g., website visitors, prospects, extension users).
Our Commitment
We protect privacy while delivering AI security solutions. We comply with GDPR, UK data protection laws, and align with leading security standards (e.g., ISO 27001, SOC 2 Type 2).
2. Information We Collect {#collection}
2.1 Information You Provide Directly
Business Contact Information:
Name, job title, company, email, phone, mailing address, communication preferences
Account and Service Information:
Registration details, security assessment requirements, configuration preferences, support requests, billing data (via third-party processors)
Professional Engagement Details:
Information shared during sales/support, integration specifications, event participation
2.2 Information We Collect Automatically
Website and Service Usage:
IP address, device identifiers, browser/OS, pages visited, time on page, referrers, search terms, login times, usage patterns
Security Service Data:
Telemetry and diagnostic events, performance/availability metrics, API usage, integration metadata
Browser Extension Data (Chrome/Edge/Safari):
Local events: Input interception events, UI interactions, navigation events (to ensure protection)
Overmind analysis: When enabled, the extension sends text you choose to submit (and certain supported file contents) to Overmind's API solely to detect/anonymize sensitive data before submission to third-party tools
Telemetry: Minimal operational metrics to
traces.overmindlab.ai(e.g., whether content contained sensitive data, anonymization status, AI tool context, hashed IDs; we minimize/avoid raw content in telemetry and apply additional sanitization)Error reporting: Limited, sanitized diagnostics to Sentry
Communications:
Email engagement (opens/clicks), customer support transcripts, meeting/call participation, marketing engagement
2.3 Information from Third Parties
Professional networks (e.g., LinkedIn), event organizers, partners/referrals, public registries
Integrated services authorized by customers: identity/security tools, cloud platforms, and related metadata
3. How We Use Your Information {#usage}
3.1 Service Delivery and Operation
Core AI Security Services:
Provide AI security services (e.g., detection, anonymization, analytics)
Deliver personalized recommendations based on requirements and configuration
Process alerts/notifications and maintain/improve service availability
Provide support and technical assistance
Browser Extension Specifics:
Interception/anonymization: When enabled, the extension sends your pending message or supported file content to Overmind's API to detect and, where possible, anonymize sensitive information before submission to the target site. We do not store your prompts or files beyond what's necessary to return results and secure the service
Telemetry: We record limited, minimized operational metrics to improve reliability, detect abuse, and measure effectiveness. We avoid raw prompt content in telemetry and apply additional sanitization
3.2 Business Operations
Manage relationships, accounts, billing (via third-party payment processors)
Conduct security R&D to enhance detection/anonymization
Comply with legal obligations and protect our services from abuse/fraud
3.3 Communication and Marketing
Service communications (alerts, updates, account notifications)
Business-to-business (B2B) marketing, event/webinar invitations, industry content
Market research to understand security needs; opt-out options provided
4. Legal Basis for Processing {#legal-basis}
We process personal information under the following lawful bases:
Contractual Necessity (Art. 6(1)(b) GDPR):
Service delivery, account management, support, billing
Legitimate Interests (Art. 6(1)(f) GDPR):
Security R&D, service protection/fraud prevention, business analytics, product improvement, B2B marketing to business contacts (with opt-out)
Legal Obligations (Art. 6(1)(c) GDPR):
Regulatory, tax, accounting, incident notifications
Consent (Art. 6(1)(a) GDPR):
Marketing where required; optional cookies/tracking; participation in research/testimonials
Special Category Data: Not intentionally collected. If inadvertently processed through customer-directed security workflows, we process only as necessary for cybersecurity and apply enhanced safeguards.
5. How We Share Your Information {#sharing}
5.1 Service Providers and Partners
Infrastructure: Cloud hosting (e.g., AWS/Azure), CDN, security, email/communications, observability (traces.overmindlab.ai), and error reporting (Sentry)
Professional services: Legal, accounting, audit, consulting, channel partners/resellers
We require appropriate contractual safeguards (e.g., DPAs) and limit access to what's necessary
5.2 Business Transfers
If Overmind undergoes a merger, acquisition, or asset sale, personal information may be transferred under equivalent protections
5.3 Legal Requirements
Disclosures required by law, court orders, regulators, or to protect rights, safety, and prevent fraud
5.4 Customer-Directed Sharing
For enterprise customers, we share or integrate with third-party tools only under customer's instructions
6. Your Rights and Choices {#rights}
Under GDPR and UK data protection laws, you have the following rights:
Access/Portability, Rectification/Erasure, Restriction, Objection (including absolute right to object to direct marketing), Withdraw consent
We may verify identity before fulfilling requests. No fee unless requests are excessive. Response within one month (extendable for complexity).
How to Exercise Your Rights:
Email: support@overmindlab.ai
7. Data Security and Protection {#security}
Technical Safeguards
TLS 1.3+, encryption at rest (e.g., AES-256)
Multi-factor authentication (MFA), role-based access controls (RBAC), least privilege
Regular testing, segregation of customer environments
Organizational Measures
Training, confidentiality, incident response, business continuity
Third-party assessments, alignment with ISO 27001/SOC 2 Type 2 controls
Data Breach Response
24/7 monitoring; containment, assessment, regulator and customer notifications where required
Remediation and post-incident review
8. Data Retention {#retention}
We retain data only as long as necessary for service delivery, legal compliance, and legitimate interests.
Retention Periods
Business contact/records: Contract duration + up to 7 years
Security logs/monitoring and operational telemetry: Up to 13 months unless needed for investigation; some error logs (e.g., Sentry) may be retained up to 90 days
Website analytics: Up to 26 months
Billing/tax: 7 years
Extension/API analysis: Prompts/files are processed transiently to return anonymization/detection results; Overmind does not retain this content except short-term buffering and security logging necessary to operate and protect the service
9. International Data Transfers {#transfers}
We use appropriate safeguards (e.g., EU Standard Contractual Clauses) for transfers outside the UK/EU, plus technical/organizational measures (encryption, access controls, minimization). We monitor legal developments and update measures as needed.
10. Cookies and Tracking Technologies {#cookies}
Website
Essential cookies: Session/security
Analytics/performance: Performance optimization
Marketing/preferences: Where applicable
Controls provided via consent manager and browser settings
Browser Extension
No third-party advertising cookies
Limited local storage for settings and Overmind API key (stored in your browser's extension storage)
11. AI Systems and Automated Decision-Making {#ai-systems}
Our AI systems analyze content/metadata to detect sensitive information and recommend anonymization. Human oversight is in place for high-impact decisions.
Your Rights Regarding AI
Users may request explanations of AI-driven outcomes relevant to them
Can object or request review where appropriate
We minimize and sanitize data used for model improvement
Customer data is not used for broader training unless contractually authorized
12. Third-Party Services {#third-parties}
Integrated Services
Integrated security tools and business services are used to operate and support the platform. We conduct due diligence and require appropriate contractual safeguards.
Observability and Error Reporting
Telemetry (traces.overmindlab.ai): Operational metrics and minimized attributes (e.g., detection flags, anonymization status, hashed session/conversation IDs, page URL/tool context). We avoid raw content and apply additional sanitization
Error logging (Sentry): Sanitized error messages, stack traces, and metadata with automated PII scrubbing. We configure to minimize personal data in diagnostics
Third-Party Links
Links to third-party websites are governed by those parties' privacy practices.
13. Children's Privacy {#children}
Our services target professional/business users. We don't knowingly collect information from children under 16. If you believe a child provided information, contact us at support@overmindlab.ai.
14. Changes to This Policy {#updates}
We review/update this policy at least annually and when services/laws change. For material changes, we'll notify registered users (e.g., email, website notice) at least 30 days in advance where required.
15. Contact Information {#contact}
Primary Contacts
Privacy inquiries: support@overmindlab.ai
Data Protection Officer (if applicable): support@overmindlab.ai
Address: [Business Address, including City, Postal Code, Country]
Supervisory Authorities
UK: ICO (ico.org.uk)
EU: DPAs (edpb.europa.eu)
16. Browser Extension Disclosures {#browser-extensions}
What the Extension Does
Local monitoring: Monitors pending inputs on designated sites to prevent accidental sharing of sensitive info
Overmind analysis: If enabled, sends pending input or supported file contents to Overmind solely to detect/anonymize sensitive information. Results may replace the input before submission
What Is Stored Locally
Overmind API key, minimal settings/flags (e.g., monitoring on/off), and optional UI state in browser extension storage (sync/local)
You may clear this via your browser
Telemetry and Error Reporting
Operational traces to
traces.overmindlab.ai: Include minimized attributes (e.g., detection flags, anonymization status, hashed IDs, AI tool context). We avoid raw content and apply additional sanitizationSentry: Receives sanitized, minimal error diagnostics with automated scrubbing. You can request restriction where applicable
Your Choices
Disable monitoring or uninstall the extension at any time
Enterprise customers can request additional controls through their account team