Draft for review — not legal advice. Have counsel review before relying on this copy for regulatory or OAuth verification purposes.

Privacy Policy

Effective June 30, 2026

Scope

This Privacy Policy applies to https://portal.overunity.ca (the “Portal”) operated by Overunity Digital (“we”, “us”, “our”). It does not govern our marketing website at overunity.ca, customer websites we host, or third-party services you access outside the Portal.

Information we collect

  • Account and profile data — name, email address, billing contact details, and account identifiers stored when we provision your Portal access.
  • Authentication data — one-time sign-in codes (OTP) sent to your email; OTP values are stored only long enough to verify sign-in. Session identifiers in the ou_portal_session cookie after successful login.
  • Technical data — IP address, browser user-agent, and request metadata used for rate limiting, fraud prevention, and security auditing.
  • Product and usage data — configuration and content you manage in the Portal (for example mailbox settings, website URLs, mailing lists, form submissions, blog drafts, reports settings, and connected platform tokens).
  • Audit logs — records of significant actions in the Portal (who did what, when, and related metadata) for security and support.
  • Billing data — subscription status, invoice references, and payment method metadata mirrored from Stripe (we do not store full card numbers).

How we use information

We use Portal data to:

  • Authenticate you and maintain your session
  • Provide and operate subscribed services (email hosting, websites, reports, lists, and related features)
  • Process billing and subscriptions through Stripe
  • Send transactional email (sign-in codes, service notifications, and product email you configure)
  • Connect third-party APIs you authorize (for example Google Search Console, Google Business Profile, or Google Ads)
  • Detect abuse, enforce acceptable use, and respond to support requests
  • Maintain audit trails for security and compliance

We do not sell your personal information.

Third-party service providers

We share data with vendors only as needed to operate the Portal, including:

  • Stripe — payments and subscriptions
  • Mailcow — email hosting mailboxes and domains
  • Google APIs — Search Console, Business Profile, Places, and Ads where you connect an account
  • SMTP / email delivery — transactional and product email sending
  • Cloud infrastructure — hosting and database providers that run the Portal

Each provider processes data under its own terms and privacy policies. We configure integrations with least-privilege access where possible.

Cookies

The Portal uses a session cookie (ou_portal_session) after you sign in. It is HttpOnly, Secure (in production), SameSite=Lax, and scoped to portal.overunity.ca only — not shared with overunity.ca or customer websites. We do not use third-party advertising cookies in the Portal.

Retention and security

We retain account and product data for as long as your subscription is active and as required for billing, legal, or security purposes afterward. OTP codes and short-lived auth artifacts are deleted or expire quickly. We use access controls, encryption in transit, audit logging, and operator-only administrative tools to protect Portal data. No system is perfectly secure; report suspected issues promptly.

Your choices and rights

You may sign out at any time to end your session. To request access, correction, or deletion of Portal personal data, contact us at hello@overunity.ca or +1 (403) 250-2444. We may need to verify your identity and retain certain records where required by law or for legitimate business purposes (for example billing records).

Changes

We may update this Privacy Policy from time to time. The effective date at the top will change when we do. Continued use of the Portal after changes constitutes acceptance of the updated policy.

Contact

Overunity Digital
Email: hello@overunity.ca
Phone: +1 (403) 250-2444