Policy

Privacy policy.

What we collect, how we use it, who we share it with, and your rights. Plain language wherever the lawyers will let us.

NoticeDraft pending legal review. The structure is final; specific clauses may change before launch.

The short version

OverpayOwl handles bills. To do that we need a small amount of personal data — an email, sometimes a name, and the bills themselves. We don't sell that data. We don't share it with advertisers. We retain it only as long as the case needs.

What we collect

  • Account information. Email address, optional name, hashed password, and theme/notification preferences.
  • Case content.The bills you upload, line items extracted from them, dispute drafts, and the agency's notes on each case.
  • Communications. Email exchanges with the agency, dispute letters sent on your behalf, and replies received.
  • Technical signals. IP address, user agent, session metadata, and rate-limiting telemetry — used for security and abuse prevention.

How we use it

  • To open, investigate, and track your cases.
  • To send dispute letters under your authority.
  • To send transactional notifications (case updates, recoveries).
  • To detect and prevent abuse of the service.
  • To improve product quality (aggregated, never identifying you).

What we don't do

  • We don't sell your data.
  • We don't feed it to ad networks.
  • We don't train third-party models on your bills.

Third parties

We use a small number of subprocessors to run the service. Each is contractually bound to the same privacy standards we hold ourselves to.

  • Supabase — database, authentication, file storage.
  • Anthropic — Claude API for dispute drafting and bill analysis. Inputs are not used for training under our enterprise terms.
  • Google Cloud Vision — OCR for bill image processing.
  • Vercel — application hosting.
  • Cloudflare Turnstile — bot protection on sign-in.

Your rights

  • Access — download a copy of your data from settings.
  • Delete — wipe your account and downstream data within 30 days.
  • Correct — edit account profile fields at any time.
  • Port — export cases as PDF (Pro Investigator and Agency).

Retention

Bills and case data are retained until you delete them or close your account. Deletion is permanent. We keep minimal logs (transaction records, security events) for up to 12 months for fraud prevention.

Children

OverpayOwl is not designed for or directed at children under 13. We do not knowingly collect information from children.

Changes to this policy

We'll notify you of material changes by email at least 14 days before they take effect. Continued use after the change date constitutes acceptance.

Contact

Privacy questions: privacy@overpayowl.com. Security disclosures: security@overpayowl.com.