betaoverctrl

Command Palette

Search for a command to run...

Privacy Policy

Last updated: 23 January 2026

1. Controller

The controller within the meaning of Article 4(7) GDPR is:

Overctrl Operated by an individual developer Country of establishment: Germany Contact: contact@overctrl.com

Overctrl is currently operated without a registered legal entity.

2. What This Policy Applies To

This Privacy Policy applies to:

  • The Overctrl website
  • Publicly accessible pages
  • Logged-in areas
  • Authentication via GitHub
  • Processing of publicly available GitHub data

Overctrl is currently provided as an MVP / beta service.

3. Who Can Use Overctrl

Overctrl is a developer-focused platform with no adult content.

The service is accessible worldwide.

Users must be able to legally use GitHub and authenticate via GitHub OAuth.

4. Authentication via GitHub

Overctrl uses GitHub OAuth as the only authentication method.

When you sign in, the following data is processed:

  • GitHub username
  • GitHub email address
  • GitHub profile picture (avatar)
  • GitHub access token

Access tokens are required to provide the service (e.g. fetching GitHub data). They are stored securely and are not used for purposes unrelated to Overctrl.

Public user profiles on Overctrl are not yet available.

5. Personal Data Processed

Depending on how you use the service, Overctrl may process:

  • Email address
  • Username or display name
  • Profile picture / avatar
  • Optional profile information (e.g. bio)
  • Content you submit (where features exist)
  • IP address, limited to security-related operations

Overctrl does not intentionally collect detailed device or browser fingerprints.

Private user-to-user messaging is not available.

Billing data is not collected.

6. GitHub and Third-Party Data

Overctrl processes publicly available GitHub data only, including:

  • Repository metadata
  • Issues
  • Pull requests
  • Commits
  • Contributors

Repositories are associated with users based on user actions (such as following repositories).

GitHub content (e.g. titles, descriptions, metadata) may be displayed within Overctrl as part of aggregated views and insights.

7. Purposes and Legal Bases

Personal data is processed for the following purposes:

a) Account creation and authentication

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) Necessary to operate the service.

b) Core service functionality

(including feeds, repository tracking, and insights) Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

c) Transactional emails

(service-related notifications) Legal basis: Performance of a contract (Article 6(1)(b) GDPR)

d) Analytics and product improvement

Legal basis: Consent (Article 6(1)(a) GDPR)

Community features, marketing communications, and abuse-prevention systems are not yet active and are therefore not currently processed.

8. Emails

At this stage, Overctrl sends transactional emails only.

Product updates may be introduced later.

Marketing emails are not currently sent.

Where non-essential emails are introduced, users will have the ability to opt out.

9. Cookies and Analytics

Overctrl uses cookies.

Necessary cookies

Required for core functionality such as authentication and security.

Analytics cookies

Used only with explicit user consent.

Analytics provider: Google Analytics

No advertising or cross-site tracking cookies are used.

10. Data Location and Infrastructure

Data is processed and stored within the European Union, primarily in Germany.

Infrastructure providers include:

  • Neon
  • Fly.io
  • Vercel

No intentional data transfers outside the EU are performed.

11. Retention and Deletion

User-initiated account deletion is not yet available.

When implemented:

  • Accounts will be soft-deleted
  • Some data may be retained temporarily for technical or security reasons

Security and access logs are retained as necessary for operational purposes. Retention periods are still being defined.

12. Your Rights

Under the GDPR, you have rights including:

  • Access
  • Rectification
  • Erasure
  • Restriction
  • Objection
  • Data portability

Processes for exercising these rights are being finalized.

Until then, requests can be sent to: contact@overctrl.com

13. Automated Processing

Overctrl generates automated insights based on repository activity.

These insights are informational only and do not have legal or similarly significant effects.

No automated decision-making under Article 22 GDPR takes place.

14. Digital Services Act (DSA)

Overctrl is currently in beta.

User-generated public content, moderation rules, and reporting mechanisms are planned but not yet available.

This policy will be updated as those features are introduced.

15. Changes

This Privacy Policy may be updated as Overctrl evolves. The current version will always be available on this page.