We respect your privacy. Here's what happens to your data at over.coffee.
We never use your conversations to train AI models.
Daily.co, AssemblyAI, Anthropic, Lemon Squeezy, Resend, Supabase, Vercel. All bound by data processing agreements.
We never sell your data.
You can access, correct, delete, or export your data anytime. Email hi@over.coffee.
over.coffee is operated by over.coffee, registered in the Philippines ("we", "us", "our"). We are the data controller for personal data processed through over.coffee.
Contact for privacy matters: hi@over.coffee
We have not appointed a formal Data Protection Officer (DPO). Our processing activities do not currently meet the GDPR Article 37 thresholds requiring one. If our processing scale grows, we will appoint a DPO and update this policy accordingly. Until then, all data protection inquiries go to hi@over.coffee.
(a) Account information. When you make a credit purchase, we collect your email address and create an account. Accounts are not required to start or join meetings.
(b) Meeting data. When you start or join a meeting at over.coffee:
(c) Payment information. Lemon Squeezy processes the transaction as Merchant of Record. We receive only a confirmation reference — never your card details.
(d) Technical data. IP address, browser type, and timestamps for security, debugging, and abuse prevention. We do not use third-party analytics or advertising trackers.
We process personal data only when at least one of the following lawful bases applies:
| Processing activity | Lawful basis |
|---|---|
| Running the meeting room and recording audio | Consent (Art. 6(1)(a)) — both parties consent at the time of joining |
| Generating the receipt and processing payment | Performance of contract (Art. 6(1)(b)) — to deliver the service you paid for |
| Sending transactional emails (receipt delivery, meeting invites) | Performance of contract (Art. 6(1)(b)) |
| Security, fraud prevention, abuse detection | Legitimate interest (Art. 6(1)(f)) — protecting the service and users |
| Retaining payment records | Legal obligation (Art. 6(1)(c)) — tax and accounting law |
You can withdraw consent at any time. Withdrawal does not affect processing already carried out lawfully.
Audio recordings may incidentally contain special category data under GDPR Article 9 (e.g., health, religious beliefs, political opinions discussed during a conversation). We process this data only on the basis of your explicit consent given at the start of the meeting.
You should not use over.coffee to record meetings primarily focused on processing special category data (e.g., medical consultations, political organizing). The service is not designed for that purpose.
We do not engage in marketing or advertising profiling.
You are responsible for ensuring all participants in your meeting consent to being recorded. By starting a meeting at over.coffee, you confirm you have the legal right to record the conversation in your jurisdiction.
If you join a meeting hosted by someone else, you will see a clear notice on the join page that the conversation may be recorded. By remaining in the meeting, you consent to that recording.
Some jurisdictions (parts of the United States, Canada, Germany, and others) require explicit all-party consent. If your meeting includes participants in those areas, ensure verbal consent is given and acknowledged at the start.
You may withdraw consent at any time by leaving the meeting. Audio captured before withdrawal remains subject to this policy.
The receipt is generated by AI processing of the audio transcript. This involves:
This is not "automated decision-making" in the Article 22 sense — no decision with legal or similarly significant effect is made about you by the system. The receipt is a summary, not a decision. You can request a human review of the receipt by emailing hi@over.coffee.
| Data category | Retention period |
|---|---|
| Audio + transcript (unpaid meetings) | Permanently deleted 24 hours after meeting ends |
| Audio + transcript (paid meetings) | Until you delete them or close your account |
| Receipt content (paid meetings) | Until you delete it or close your account |
| Email addresses (account holders) | While account is active, plus 30 days after closure |
| Payment records | 7–10 years per applicable Philippine tax law |
| Technical logs | Up to 90 days |
| Backups | Encrypted backups overwritten on a 30-day rotation |
Meetings are capped at 90 minutes. No audio or transcript is generated for any portion of a conversation past that limit.
You can request deletion of any retained data at any time via hi@over.coffee. We will comply within 30 days unless legally required to retain.
| Provider | Purpose | Location |
|---|---|---|
| Daily.co | Audio meeting infrastructure and recording | United States |
| AssemblyAI | Audio transcription and speaker diarization | United States |
| Anthropic (Claude API) | AI receipt generation | United States |
| Lemon Squeezy (a Stripe company, Merchant of Record) | Payment processing | United States, EU |
| Resend | Transactional email delivery | United States |
| Supabase | Database and file storage | EU or US (configurable) |
| Vercel | Application hosting | Global edge network |
Each sub-processor is bound by a data processing agreement compliant with GDPR Article 28. None of these providers use your data for their own purposes or to train AI models.
We do not sell your personal information to anyone.
Our service operates globally, and your data may be transferred to and processed in countries outside your own, including the United States.
For transfers outside the EEA / UK, we rely on:
You can request a copy of the safeguards in place by emailing hi@over.coffee.
If you are in the EU, UK, or another jurisdiction with similar laws, you have the following rights:
To exercise any of these rights, email hi@over.coffee. We will respond within 30 days. We will not charge for these requests except where requests are manifestly unfounded or excessive.
If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with a supervisory authority in your country.
over.coffee is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have collected data from someone under 18, contact us at hi@over.coffee and we will delete it promptly.
No system is perfectly secure. If you suspect unauthorized access to your account, contact us immediately at hi@over.coffee.
If a personal data breach occurs that is likely to result in a high risk to your rights and freedoms, we will:
We use only essential cookies required for the service to function:
We do not use advertising cookies, analytics cookies, or third-party tracking. No cookie banner is required since we use only strictly necessary cookies.
We may update this policy from time to time. Material changes will be communicated via email to active users at least 30 days before they take effect, and posted on this page. The "last updated" date at the top reflects the most recent revision.
Questions about this policy or your data: hi@over.coffee
For postal correspondence: Philippines