Overflow Privacy Policy
Last updated: 6/16/25 | Effective: 6/16/25
Our Privacy Philosophy
What We Collect
Public Social Media Data
When you create a campaign, Overflow searches Instagram and/or LinkedIn for prospects who match your criteria. We collect:
Public profile information (bio, username, profile photo)
Public posts and captions
Publicly listed followers/following (if relevant to search)
Hashtags and location tags
Your Campaign Data:
Prospects you select for outreach
Messages you create and approve
Comments you draft and post
Notes you add about prospects
Campaign performance (who responded, who booked calls)
Account Information
Email address
Payment information (processed by Stripe - we never see your full card number)
Name and any profile details you provide
Browser Extension Data (only if you use Overflow Sender)
Your logged-in Instagram username, used to confirm it matches the account registered to your Overflow profile before acting.
A connection token, stored locally in your browser, that lets the extension fetch your approved actions from Overflow.
Technical Data
Browser type and device info
IP address
How you use Overflow (which features, when)
What We DON'T Collect
Let's be clear about boundaries:
The contents of private messages or DMs — yours or your prospects'. (If you use the Overflow Sender extension, it may detect that a prospect replied or followed you back so it can update your campaign status — but it never reads or stores the contents of those messages.)
Data from locked/private social media accounts
Your social media passwords or login credentials
Anything behind authentication walls
Data from people who haven't given Overflow permission
How We Use Your Data
To Help You Find Aligned Clients
AI analysis: We use AI (Anthropic's Claude) to analyze public profiles and identify values, mission, and alignment signals from bios and posts
Message drafting: AI generates personalized message drafts based on prospect profiles
Campaign tracking: We track who you contacted, who engaged, who responded
Critical: Nothing goes out without your approval. You review and approve every message and action — AI drafts, you decide. If you use the Overflow Sender browser extension (see below), it only carries out the actions you've already approved; it never writes or sends anything on its own.
To Improve Overflow
Understand which features work well (and which don't)
Fix bugs and improve performance
Develop new features based on how people actually use the platform
To Communicate With You
Send campaign notifications
Respond to support requests
Share product updates (you can opt out)
The AI Question
"Does AI send messages on my behalf?"
Overflow finds prospects matching your criteria
AI drafts personalized messages based on their public profiles
You review, edit, and approve every message
You manually post/send the message yourself
You track responses in your campaign dashboard
"Do you train AI models on my data?"
No. We use Anthropic's Claude API for processing, but we don't use your data to train AI models. Your campaigns, messages, and prospect data stay yours.
"What does the AI see?"
Only what you explicitly put into a campaign: public profile data you're researching and message drafts you're creating.
The Overflow Sender Browser Extension
Overflow Sender is an optional companion to your Overflow account. If you choose to install and connect it, this section explains what it accesses and stores. (Everything here is also governed by the rest of this policy.)
What the extension accesses
Your logged-in Instagram session in your browser, to perform the actions you approved in Overflow (likes, comments, follows, direct messages).
Your Instagram username, to confirm it matches the account registered to your Overflow profile before acting — a safety check so it can never act from the wrong account.
The list of approved actions for your account, fetched from Overflow using your connection token.
What the extension stores
Your Instagram username, to confirm it matches the account registered to your Overflow profile before acting — a safety check so it can never act from the wrong account.
How sending works
The extension performs only the actions you've already approved in Overflow, from your own browser and IP, at a natural human pace. It may detect that a prospect replied or followed you back in order to update your campaign status — without reading or storing message contents.
What the extension does NOT do
It does not collect, store, or sell your Instagram content, contacts, or followers.
It does not ask for or handle your Instagram password.
It does not run when your browser is closed, and it does not route traffic through any proxy or third-party server. Actions happen from your own browser.
Data sharing
The only network destinations are Instagram (to perform your approved actions) and Overflow's own backend at app.overflowthrive.com (to fetch your approved actions and report results). No data is shared with any other third party.
Data retention
Local browser storage persists until you disconnect or remove the extension. Action records live in your Overflow account, governed by the retention terms below.
Who Sees Your Data
Service providers we use:
Anthropic (Claude AI): Processes prospect data and generates message drafts. Their privacy policy
Stripe: Processes payments. Their privacy policy
Supabase: Stores your encrypted data and handles authentication. Their privacy policy.
Railway: Hosts the application. Their privacy policy.
Who we DON'T share with:
Advertisers
Data brokers
Marketing companies
We will never sell your data. Period.
Data Retention & Deletion
How to Delete Your Data
Delete a campaign: Go to Campaign Settings → Delete Campaign. All associated data is removed within 7 days.
Delete your account: Settings → Delete Account. Everything is permanently deleted within 30 days.
Export your data: Settings → Export Data. We'll send you a complete copy of everything we have.
Your Rights
You have the right to:
For EU users (GDPR): You have additional rights including data portability and the right to lodge a complaint with your local data protection authority.
For California users (CCPA): You have the right to know what personal information we collect, delete it, and opt out of any "sale" (which we don't do anyway).
Security
We take security seriously:
If there's a breach: We'll notify you within 72 hours and explain what happened, what data was affected, and what we're doing about it.
Children's Privacy
Overflow is not intended for anyone under 18. We don't knowingly collect data from children. If we discover we have, we'll delete it immediately.
International Users
Overflow is based in the United States. If you're using Overflow from outside the US, your data may be transferred to and processed in the US. By using Overflow, you consent to this transfer.
We comply with GDPR for EU users and CCPA for California users.
Changes to This Policy
If we make significant changes to this privacy policy, we'll:
Email you at least 30 days before changes take effect
Post a notice in your Overflow dashboard
Update the "Last updated" date at the top of this page
Continued use of Overflow after changes take effect means you accept the updated policy.
Questions? We're Here.
We know privacy matters to you. If you have questions, concerns, or just want to understand something better:
Email us: joseph@overflowthrive.com
Response time: Within 2 business days
The Bottom Line
Your data is yours. We collect only what's publicly available and what you explicitly create in campaigns. You control everything. AI helps you work faster, but you're always in charge. We never sell your data. You can delete everything anytime.
If something in this policy doesn't make sense or feels off, please tell us. We built Overflow for people who ask hard questions, and we want to earn your trust.
Overflow