Privacy Policy

Version

1.0

Jun 1, 2025

The overmap.ai website and IT systems (the "Service") are operated and owned by Wôrdn Inc., a Delaware corporation, hereafter referred to as we, us, our, the Company, and/or overmap.ai.

We respect your privacy and only process your information as required to provide and improve our services, and to comply with our legal responsibilities. By using the Service, you consent to the collection and use of information in accordance with this policy and certify that you are at least 18 years of age and do not require the consent of a legal guardian to use the Service or to agree to the terms within this document.

Persons under the age of 18 are not permitted to use the Service. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that such data has been collected, we will delete it as soon as possible.

This document informs you of our policy regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.


Core tenets of overmap.ai privacy

We comply with the GDPR (General Data Protection Regulation).

  1. We do not sell your data.

  2. We only process your data on the basis of the following:

    • contractual necessity;

    • legal obligation;

    • to provide the Service as advertised within the Service or elsewhere;

    • to notify you about events, actions, invitations, deadlines, and other information vital to the operation of the Service.

    • to improve or expand the Service offerings upon obtaining consent from the user;

    • legitimate interests.

  3. We do not share your data with third parties except as required to provide our services, as explicitly consented to by you, as required by law, as necessary to protect our rights, or as permitted by your company's and administrators' policies, express consent, contractual agreements, or configurations within the Service.

  4. We do not use your data for advertising purposes except in ways that are anonymized and not traceable to you or your company, such as aggregated usage statistics.

  5. We maintain backups of data in case of catastrophes and have strict internal policies for privacy and security by design. None of our employees or partners may access your personal data except as required to provide the Service and abide by the terms of your contract with us.

  6. We comply with applicable data protection laws and best practices.

  7. We are committed to transparency and will with reasonable effort attempt to notify you of any changes to this privacy policy that may affect you. Such efforts may include posting updates on our website and sending notifications to your registered email address if applicable, but we cannot guarantee delivery of such notices, and changes to this policy should be expected without notice.

  8. In the case of a data breach that becomes known to us, we will notify you as soon as reasonably possible and will take all reasonable steps to mitigate the breach and prevent further breaches in the future.

  9. In the case of an enforcement action by a government or regulatory body, we will notify you as soon as reasonably possible as far as it does not conflict with our legal obligations.

  10. No one can read your password (including us). However, you should ensure that your password is strong and unique to reduce the chances of unauthorized access.


Requesting the deletion, copies, correction, and restriction of your data

At any time, you may request access to, request deletion or correction of, and/or request the restriction of our processing of your personal information. You may also request a portable copy of your personal data in a structured, commonly used, and machine-readable format. Such requests may be made by contacting the Company's Data Protection Officer via email at magnus@overmap.ai, and will be honored according to the rights outlined in the GDPR, including the "Right to be Forgotten" and the right to data portability.

We will respond to your request for deletion of personal information within a reasonable time frame and in accordance with applicable data protection laws.


Information we collect

We collect a variety of information as necessary to provide and improve the Service. This information includes, but is not limited to:

  1. Information willingly surrendered to us or the Service (such as information willingly entered into forms and text inputs while using the Service) or information made available to us through correspondences outside the Service (such as email inquiries sent to us), or through channels not associated with us or the Service (such as news articles).

  2. Information about how you use the Service, including mouse movements, keyboard actions, clicks, time spent in various views and locations, geospatial information and movements (given the consent of the user, or as required by the user's organization's policies and settings). The recording of the user's interactions and geospatial movements will be clearly indicated through consent prompts or visual notices. We do not intentionally track your location except through metadata in photos submitted via the Service and as the result of the user or an administrator within the user's organization enabling location sharing. Whenever we are intentionally recording information about the user's precise location and geospatial movements, we will provide clear visual indicators to alert the user, such as a persistent message written in English accompanied by an alarming color (such as red) and an icon that is commonly associated with the information being recorded. Reasonable efforts will be made to ensure the widespread compatibility and delivery of such visual indications and notifications. Any information about the user's location and movements are subject to permanent removal upon the user's written request to us, as far as it is feasible for us to remove said information.

  3. Potentially personally identifiable information such as email addresses, full names, addresses, age, uploaded profile pictures, and similar. Such information is only recorded if supplied by the user.

  4. Information about the interactions between users and other users, between users and organizations, between users and features, and between users and information created by other users, such as comments and reactions to content submitted by other users, or accesses to various content and features. For example, we may use this information to better understand what content you are more likely to be interested in within the Service, or to display a history of contributions, revisions, and interactions performed by you during your use of the Service.

  5. Information about your payments, payment methods, billing information, and similar information required to process and honor your purchases, payments, subscriptions, and licenses. We do not intentionally store your credit card information or other information that would enable anyone with access to your data to make purchases or financial decisions on your behalf without your explicit, written consent or additional information.


How your data is shared

Information you willingly surrender while using the Service may be shared with other users of the Service and/or other services and service providers with the following limitations:

  1. Your information will only be shared with other users insofar as it is reasonably expected, requested by you, demanded by the policies and configurations defined by your company and/or its administrators, or as otherwise necessary to provide the Service or to comply with legal requirements or other parts of this document.

  2. Information that has been deleted as a result of a request for deletion by a user will not be shared with anyone or used for any purpose except as required by law.

  3. We only share data with other users, services, service providers, governmental entities, and others insofar as it serves a tangible, articulable business purpose and is allowed by applicable laws.

Examples of how we may share your data include, but are not limited to:

If you submit a form, work order, document, file, or other information into the Service, all submitted information as well as metadata about it (such as the time of submission, information about the creator of the information, and more) may be made visible to other users of the Service, even if you do not expect that it will be visible to anyone except you. You should expect any submitted information to be non-private. Any guaranteed protections of your data will be clearly and explicitly stated within the Service as the data is volunteered or submitted. Such guarantees do not include protection against:

  • the capture of information by processes not directly related to the feature being used to volunteer the information (such as any analytics services used to track user interactions, which the user has already consented to either directly or indirectly by using the Service in its intended capacities);

  • the unintentional, accidental, or unavoidable leaking of information due to human error, software or hardware faults, legal requirements, emergencies, or catastrophes;

  • voluntarily or accidentally submitted information not directly, explicitly, and contextually solicited by the Service (for example, credit card numbers mistakenly entered into a non-private communication channel);

  • actions taken by us required to protect the Service or Company, or to comply with legal obligations;

  • information about your IP address, approximate location, device information (such as information provided by your browser, your ISP, or your device);

  • information that we cannot reasonably avoid collecting as part of our operation, offering, and maintenance of the Service.


How we protect your data

We take the protection of your data seriously. To provide you a secure, confidential, and reliable service that you can trust with your data, we utilize strong encryption algorithms and ensure your data is never sent unencrypted across the internet, employ frequent and securely stored backups of data in case of disasters, utilize auto-scaling and load-balancing techniques to improve availability and reduce downtime, and follow best practices in secure software design, review processes, and vulnerability detection and mitigation.

Your data is stored within a virtual private cloud that cannot be accessed directly from the internet. Access to the databases that hold your information is controlled and limited to software and infrastructure components as required for us to provide the Service, except some exceptions, such as photos and files uploaded to the Service, which can be downloaded by anyone with knowledge of a shared download link or the computational hash of the contents of an uploaded file or photo (which necessitates already knowing the file's exact contents). This means that it is possible for someone who knows the exact contents of a file or photo to confirm that a file or photo is uploaded to the Service and to download said file or photo from the Service.

While we take every reasonable step to protect your data, we cannot guarantee that unintended, accidental, malicious, or legally obligated data breaches will not take place due to attacks by hackers or intelligence organizations, incorrect configurations or other mistakes made in good faith, due to the actions taken by other users of the Service, or other unforeseen events. Therefore, you should not willingly submit any data into the Service if the public disclosure of that information could pose a risk to your safety, security, identity, finances, or best interests.

You may opt out of the collection of detailed information about your interactions with the Service by declining non-essential cookies. The option to opt out may not appear again after initial acceptance. The option to decline may be restored by clearing your browser's cookies and cache.


Data processors that may process your data

We may share your data with trusted third-party services to fulfill our contractual obligations, provide functionality, analyze your usage of the Service with your consent, or for other legitimate interests. Third parties may have significantly different privacy policies, and information shared with them will be handled accordingly. We make no guarantees with regard to the handling of information by third parties, but you or your company's administrators have the opportunity to opt out of information sharing with most third parties as described below.

Your data may be shared with third-party service providers under the following circumstances:

  1. OpenAI: if you or your organization has opted in to certain AI-based features, information will be shared with third parties for the purpose of analysis and the provision of actionable advice, or the execution of actions that modify your information. Information includes all data shared with the overmap.ai AI agent(s) through the Service by any user with access to said information. For example, you may choose to make a Document available for AI analysis. Some information is shared with the overmap.ai AI agent(s) by default, such as Issue Types and Asset Types, for the purpose of productivity improvements (such as automatically suggesting work orders). When administrators manually choose to share data with AI agents, we may make automated decisions about what information is recorded and processed based on AI analysis. Information may also be submitted for AI analysis to OpenAI by sending emails or providing a courtesy copy (CC) to an email address provided by the Service. If the customer or an authorized user within the customer's overmap.ai organization enables this functionality, such email addresses may be made available to users of the Service. We do not accept responsibility for the misuse of our AI or email functionality by users of the Service or malicious actors.

  2. PostHog: if you consent to non-essential cookies. Information includes mouse and keyboard interactions with the Service. We use this information only to better understand how the Service is used and how to improve it. You may revoke your consent at any time by clearing the cookies, cache, and site data on your device and/or browser, or by sending a request for assistance with revoking your request to the Company's Data Protection Officer. Non-essential cookies and tracking are not enabled until unambiguous, explicit consent is granted by the user.

  3. AWS (Amazon Web Services): We host the Service and supporting systems and infrastructure on AWS in the United States of America and the European Union.

  4. Resend: We use Resend for sending emails containing notifications of events within the Service, important information regarding updates to user accounts, notifications of changes to policies, important news about the Service. We may also send emails with arbitrary contents according to user configurations (for example, user-defined automations may result in emails being sent to users within the user's organization). Emails sent via Resend may include personal information.

  5. MapBox: We use MapBox for the rendering, processing, and enhancement of geospatial maps, travel routes, and other geospatial information that may be of interest to users of the Service. Information sent to MapBox may include your geospatial location, the location of tasks assigned to you within the Service, and locations you have visited, while you or your organization's administrator(s) have enforced or willingly enabled location sharing.

  6. Sentry: We use Sentry to detect and respond to errors within the Service, and to better understand performance, stability, and usability issues affecting the Service. Information sent to Sentry may include HTTP requests submitted to the Service.


Retention of data

Information is kept for as long as it is deemed necessary for the continued proper functioning of the Service, including but not limited to: the duration of your business relationship with us plus any applicable statutory retention periods; the duration of any other users' or organizations' business relationships with us where your information has been shared with those users or organizations; and any subsequent periods where such information has been re-shared with additional users or organizations. Information that has been shared with other users or organizations will persist until those entities no longer exist or until the information is manually deleted. When we determine that personal information is no longer necessary to fulfill the purpose for which it was collected, it will be deleted permanently. We may notify you of erasure of your personal information before doing so if we believe that it may affect your experience of the Service.


International data transfers and data residency

We store all data collected inside the United States of America and the European Union. When transferring personal data from the European Union to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards are in place for such transfers. Special requests for limitations on data transfers and residency may be granted at the discretion of the Company. We may restrict access to the Service based on geographical location, but we make no guarantees that data will not leave the jurisdictions in which we intentionally host the data.


Information stored on your device

The following information may be stored on your device while using the Service:

  • cookies that identify your device and grant authorization to perform actions on your behalf within the Service;

  • any information required to enable the use of the Service without an internet connection, such as large amounts of data about Issues, Work Orders, Form Submissions, Documents, Attachment metadata, Assets, Conversations, Comments, geospatial location, and other information displayed by the Service;

  • caches of downloaded files;

  • unique identifiers used for analytics and authentication.

The overmap.ai website and IT systems (the "Service") are operated and owned by Wôrdn Inc., a Delaware corporation, hereafter referred to as we, us, our, the Company, and/or overmap.ai.

We respect your privacy and only process your information as required to provide and improve our services, and to comply with our legal responsibilities. By using the Service, you consent to the collection and use of information in accordance with this policy and certify that you are at least 18 years of age and do not require the consent of a legal guardian to use the Service or to agree to the terms within this document.

Persons under the age of 18 are not permitted to use the Service. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that such data has been collected, we will delete it as soon as possible.

This document informs you of our policy regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.


Core tenets of overmap.ai privacy

We comply with the GDPR (General Data Protection Regulation).

  1. We do not sell your data.

  2. We only process your data on the basis of the following:

    • contractual necessity;

    • legal obligation;

    • to provide the Service as advertised within the Service or elsewhere;

    • to notify you about events, actions, invitations, deadlines, and other information vital to the operation of the Service.

    • to improve or expand the Service offerings upon obtaining consent from the user;

    • legitimate interests.

  3. We do not share your data with third parties except as required to provide our services, as explicitly consented to by you, as required by law, as necessary to protect our rights, or as permitted by your company's and administrators' policies, express consent, contractual agreements, or configurations within the Service.

  4. We do not use your data for advertising purposes except in ways that are anonymized and not traceable to you or your company, such as aggregated usage statistics.

  5. We maintain backups of data in case of catastrophes and have strict internal policies for privacy and security by design. None of our employees or partners may access your personal data except as required to provide the Service and abide by the terms of your contract with us.

  6. We comply with applicable data protection laws and best practices.

  7. We are committed to transparency and will with reasonable effort attempt to notify you of any changes to this privacy policy that may affect you. Such efforts may include posting updates on our website and sending notifications to your registered email address if applicable, but we cannot guarantee delivery of such notices, and changes to this policy should be expected without notice.

  8. In the case of a data breach that becomes known to us, we will notify you as soon as reasonably possible and will take all reasonable steps to mitigate the breach and prevent further breaches in the future.

  9. In the case of an enforcement action by a government or regulatory body, we will notify you as soon as reasonably possible as far as it does not conflict with our legal obligations.

  10. No one can read your password (including us). However, you should ensure that your password is strong and unique to reduce the chances of unauthorized access.


Requesting the deletion, copies, correction, and restriction of your data

At any time, you may request access to, request deletion or correction of, and/or request the restriction of our processing of your personal information. You may also request a portable copy of your personal data in a structured, commonly used, and machine-readable format. Such requests may be made by contacting the Company's Data Protection Officer via email at magnus@overmap.ai, and will be honored according to the rights outlined in the GDPR, including the "Right to be Forgotten" and the right to data portability.

We will respond to your request for deletion of personal information within a reasonable time frame and in accordance with applicable data protection laws.


Information we collect

We collect a variety of information as necessary to provide and improve the Service. This information includes, but is not limited to:

  1. Information willingly surrendered to us or the Service (such as information willingly entered into forms and text inputs while using the Service) or information made available to us through correspondences outside the Service (such as email inquiries sent to us), or through channels not associated with us or the Service (such as news articles).

  2. Information about how you use the Service, including mouse movements, keyboard actions, clicks, time spent in various views and locations, geospatial information and movements (given the consent of the user, or as required by the user's organization's policies and settings). The recording of the user's interactions and geospatial movements will be clearly indicated through consent prompts or visual notices. We do not intentionally track your location except through metadata in photos submitted via the Service and as the result of the user or an administrator within the user's organization enabling location sharing. Whenever we are intentionally recording information about the user's precise location and geospatial movements, we will provide clear visual indicators to alert the user, such as a persistent message written in English accompanied by an alarming color (such as red) and an icon that is commonly associated with the information being recorded. Reasonable efforts will be made to ensure the widespread compatibility and delivery of such visual indications and notifications. Any information about the user's location and movements are subject to permanent removal upon the user's written request to us, as far as it is feasible for us to remove said information.

  3. Potentially personally identifiable information such as email addresses, full names, addresses, age, uploaded profile pictures, and similar. Such information is only recorded if supplied by the user.

  4. Information about the interactions between users and other users, between users and organizations, between users and features, and between users and information created by other users, such as comments and reactions to content submitted by other users, or accesses to various content and features. For example, we may use this information to better understand what content you are more likely to be interested in within the Service, or to display a history of contributions, revisions, and interactions performed by you during your use of the Service.

  5. Information about your payments, payment methods, billing information, and similar information required to process and honor your purchases, payments, subscriptions, and licenses. We do not intentionally store your credit card information or other information that would enable anyone with access to your data to make purchases or financial decisions on your behalf without your explicit, written consent or additional information.


How your data is shared

Information you willingly surrender while using the Service may be shared with other users of the Service and/or other services and service providers with the following limitations:

  1. Your information will only be shared with other users insofar as it is reasonably expected, requested by you, demanded by the policies and configurations defined by your company and/or its administrators, or as otherwise necessary to provide the Service or to comply with legal requirements or other parts of this document.

  2. Information that has been deleted as a result of a request for deletion by a user will not be shared with anyone or used for any purpose except as required by law.

  3. We only share data with other users, services, service providers, governmental entities, and others insofar as it serves a tangible, articulable business purpose and is allowed by applicable laws.

Examples of how we may share your data include, but are not limited to:

If you submit a form, work order, document, file, or other information into the Service, all submitted information as well as metadata about it (such as the time of submission, information about the creator of the information, and more) may be made visible to other users of the Service, even if you do not expect that it will be visible to anyone except you. You should expect any submitted information to be non-private. Any guaranteed protections of your data will be clearly and explicitly stated within the Service as the data is volunteered or submitted. Such guarantees do not include protection against:

  • the capture of information by processes not directly related to the feature being used to volunteer the information (such as any analytics services used to track user interactions, which the user has already consented to either directly or indirectly by using the Service in its intended capacities);

  • the unintentional, accidental, or unavoidable leaking of information due to human error, software or hardware faults, legal requirements, emergencies, or catastrophes;

  • voluntarily or accidentally submitted information not directly, explicitly, and contextually solicited by the Service (for example, credit card numbers mistakenly entered into a non-private communication channel);

  • actions taken by us required to protect the Service or Company, or to comply with legal obligations;

  • information about your IP address, approximate location, device information (such as information provided by your browser, your ISP, or your device);

  • information that we cannot reasonably avoid collecting as part of our operation, offering, and maintenance of the Service.


How we protect your data

We take the protection of your data seriously. To provide you a secure, confidential, and reliable service that you can trust with your data, we utilize strong encryption algorithms and ensure your data is never sent unencrypted across the internet, employ frequent and securely stored backups of data in case of disasters, utilize auto-scaling and load-balancing techniques to improve availability and reduce downtime, and follow best practices in secure software design, review processes, and vulnerability detection and mitigation.

Your data is stored within a virtual private cloud that cannot be accessed directly from the internet. Access to the databases that hold your information is controlled and limited to software and infrastructure components as required for us to provide the Service, except some exceptions, such as photos and files uploaded to the Service, which can be downloaded by anyone with knowledge of a shared download link or the computational hash of the contents of an uploaded file or photo (which necessitates already knowing the file's exact contents). This means that it is possible for someone who knows the exact contents of a file or photo to confirm that a file or photo is uploaded to the Service and to download said file or photo from the Service.

While we take every reasonable step to protect your data, we cannot guarantee that unintended, accidental, malicious, or legally obligated data breaches will not take place due to attacks by hackers or intelligence organizations, incorrect configurations or other mistakes made in good faith, due to the actions taken by other users of the Service, or other unforeseen events. Therefore, you should not willingly submit any data into the Service if the public disclosure of that information could pose a risk to your safety, security, identity, finances, or best interests.

You may opt out of the collection of detailed information about your interactions with the Service by declining non-essential cookies. The option to opt out may not appear again after initial acceptance. The option to decline may be restored by clearing your browser's cookies and cache.


Data processors that may process your data

We may share your data with trusted third-party services to fulfill our contractual obligations, provide functionality, analyze your usage of the Service with your consent, or for other legitimate interests. Third parties may have significantly different privacy policies, and information shared with them will be handled accordingly. We make no guarantees with regard to the handling of information by third parties, but you or your company's administrators have the opportunity to opt out of information sharing with most third parties as described below.

Your data may be shared with third-party service providers under the following circumstances:

  1. OpenAI: if you or your organization has opted in to certain AI-based features, information will be shared with third parties for the purpose of analysis and the provision of actionable advice, or the execution of actions that modify your information. Information includes all data shared with the overmap.ai AI agent(s) through the Service by any user with access to said information. For example, you may choose to make a Document available for AI analysis. Some information is shared with the overmap.ai AI agent(s) by default, such as Issue Types and Asset Types, for the purpose of productivity improvements (such as automatically suggesting work orders). When administrators manually choose to share data with AI agents, we may make automated decisions about what information is recorded and processed based on AI analysis. Information may also be submitted for AI analysis to OpenAI by sending emails or providing a courtesy copy (CC) to an email address provided by the Service. If the customer or an authorized user within the customer's overmap.ai organization enables this functionality, such email addresses may be made available to users of the Service. We do not accept responsibility for the misuse of our AI or email functionality by users of the Service or malicious actors.

  2. PostHog: if you consent to non-essential cookies. Information includes mouse and keyboard interactions with the Service. We use this information only to better understand how the Service is used and how to improve it. You may revoke your consent at any time by clearing the cookies, cache, and site data on your device and/or browser, or by sending a request for assistance with revoking your request to the Company's Data Protection Officer. Non-essential cookies and tracking are not enabled until unambiguous, explicit consent is granted by the user.

  3. AWS (Amazon Web Services): We host the Service and supporting systems and infrastructure on AWS in the United States of America and the European Union.

  4. Resend: We use Resend for sending emails containing notifications of events within the Service, important information regarding updates to user accounts, notifications of changes to policies, important news about the Service. We may also send emails with arbitrary contents according to user configurations (for example, user-defined automations may result in emails being sent to users within the user's organization). Emails sent via Resend may include personal information.

  5. MapBox: We use MapBox for the rendering, processing, and enhancement of geospatial maps, travel routes, and other geospatial information that may be of interest to users of the Service. Information sent to MapBox may include your geospatial location, the location of tasks assigned to you within the Service, and locations you have visited, while you or your organization's administrator(s) have enforced or willingly enabled location sharing.

  6. Sentry: We use Sentry to detect and respond to errors within the Service, and to better understand performance, stability, and usability issues affecting the Service. Information sent to Sentry may include HTTP requests submitted to the Service.


Retention of data

Information is kept for as long as it is deemed necessary for the continued proper functioning of the Service, including but not limited to: the duration of your business relationship with us plus any applicable statutory retention periods; the duration of any other users' or organizations' business relationships with us where your information has been shared with those users or organizations; and any subsequent periods where such information has been re-shared with additional users or organizations. Information that has been shared with other users or organizations will persist until those entities no longer exist or until the information is manually deleted. When we determine that personal information is no longer necessary to fulfill the purpose for which it was collected, it will be deleted permanently. We may notify you of erasure of your personal information before doing so if we believe that it may affect your experience of the Service.


International data transfers and data residency

We store all data collected inside the United States of America and the European Union. When transferring personal data from the European Union to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure appropriate safeguards are in place for such transfers. Special requests for limitations on data transfers and residency may be granted at the discretion of the Company. We may restrict access to the Service based on geographical location, but we make no guarantees that data will not leave the jurisdictions in which we intentionally host the data.


Information stored on your device

The following information may be stored on your device while using the Service:

  • cookies that identify your device and grant authorization to perform actions on your behalf within the Service;

  • any information required to enable the use of the Service without an internet connection, such as large amounts of data about Issues, Work Orders, Form Submissions, Documents, Attachment metadata, Assets, Conversations, Comments, geospatial location, and other information displayed by the Service;

  • caches of downloaded files;

  • unique identifiers used for analytics and authentication.