OverThinQ

Overthink Everything.

Legal

Privacy Policy

Effective Date: February 13, 2026

1. Introduction

OverThinQ (“we,” “us,” or “our”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use our Service at overthinq.ai.

By using OverThinQ, you agree to the collection and use of information as described in this policy. This policy should be read alongside our Terms of Service.

2. Information We Collect

2.1 Information You Provide

  • Decision data: The situations, decisions, options, and context you describe when using the analysis features. This is the core content you submit for AI processing.
  • Journal notes: Personal reflections and notes you attach to your decisions.
  • Account information: Email address and name provided during registration.
  • Payment information: When you subscribe to a paid plan, payment details are collected and processed by Stripe (our payment processor). We do not store your full credit card number.

2.2 Information Collected Automatically

  • Session data: We create a session identifier stored in a browser cookie to maintain your login state.
  • Usage data: We track the number of analyses you run per billing period to enforce tier limits.

3. How We Use Your Information

We use the information we collect to:

  • Provide AI analysis: Your decision text is sent to Google's Gemini API to generate cognitive bias analysis, red team assessments, game theory models, Bayesian reasoning, and framework recommendations.
  • Store your decisions: Your decisions, notes, and analysis results are stored in our database so you can access your decision journal over time.
  • Manage your account: To authenticate your sessions, manage your subscription, and enforce usage limits.
  • Improve the Service: To understand how the Service is used and to improve its features and reliability.

AI Processing Notice

When you submit a decision for analysis, the text you provide is sent to Google's Gemini API for processing. Google processes this data according to their own privacy policy and data handling practices. We recommend reviewing Google's Gemini API Terms for details on how they handle data sent through their API.

4. Third-Party Services

We use the following third-party services to operate OverThinQ:

Google (Gemini API)

Processes your decision text to generate AI analysis. Your situation descriptions are sent to their API.

Supabase

Database provider. Stores your decisions, notes, account data, and subscription information.

Stripe

Payment processor. Handles subscription billing and payment method storage. PCI-DSS compliant.

Vercel

Hosting and infrastructure provider. Serves the application and handles server-side processing.

Each third-party service operates under its own privacy policy. We encourage you to review their policies to understand how they handle data.

5. Cookies

OverThinQ uses a minimal number of cookies, all essential to the operation of the Service:

  • overthinq-session — Maintains your login session. Essential for authentication. Expires when you log out or after the session period ends.
  • overthinq-admin — Used for admin dashboard authentication (admin users only).

We also use localStorage (browser storage, not a cookie) to remember your cookie banner preference.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

6. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Specifically:

  • Decision data and notes: Retained for as long as your account exists, so you can access your full decision journal.
  • Account data: Retained until you request account deletion.
  • Payment records: Retained as required by financial regulations and tax law (typically 7 years).
  • Session data: Automatically expired and cleaned up.

If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

  • Access your data: Request a copy of the personal data we hold about you.
  • Delete your data: Request deletion of your account and associated data.
  • Export your data: Request a machine-readable export of your decisions and notes.
  • Correct your data: Update or correct inaccurate personal information.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@overthinq.ai. We will respond to your request within 30 days.

8. Security

We take reasonable measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS/TLS) for all communications
  • Server-side access controls using service role keys with limited permissions
  • Secure payment processing through Stripe (PCI-DSS Level 1 compliant)
  • Regular review of our data handling practices

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

OverThinQ is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the “Effective Date” at the top of this page and, where appropriate, notify you through the Service.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: