OVERRIDEALPHA
← Back to home

Privacy Policy

Last updated: 15 June 2026

This Privacy Policy explains how Mstrly Labs OÜ ("we", "us"), a company registered in Estonia, collects, uses, and protects your personal data when you use Override (the "Service"). We are the data controller; our full company and contact details are in section 10. Questions: [email protected].

1. Data we collect

  • Account data: email address, password (stored only as a salted hash by our auth provider), nickname, and your invite/alpha code.
  • Gameplay data: your in-game profile, progress, balances, companies, actions, and content you post.
  • Device & log data: IP address, browser/device type, and server/security logs generated when you use the Service.
  • Notifications: if you enable them, a web-push subscription token for your device.
  • Cookies & analytics: see our Cookie Policy. Analytics and marketing data are collected only with your consent.
  • Communications: messages you send us (e.g. support emails).

2. How & why we use it (legal bases)

  • Run your account and the game, including saving progress — performance of our contract with you.
  • Keep the Service secure and prevent cheating, fraud, and abuse — our legitimate interests.
  • Send service messages (sign-in, password resets, alerts you opted into) — contract / legitimate interests.
  • Send product news and marketing emails — based on your consent or, where permitted, our legitimate interest; you can unsubscribe at any time.
  • Measure traffic and advertising and improve the game (analytics & marketing cookies/pixels) — only with your consent.
  • Comply with legal obligations and enforce our Terms.

3. Who we share it with

We do not sell your personal data. We share it with service providers ("processors") who help us run Override:

  • Supabase — database, authentication, and transactional email.
  • Vercel — application hosting.
  • Cloudflare — content delivery, DNS, and security/anti-bot protection.
  • With your consent, advertising and analytics partners: Google (Analytics, Ads, Tag Manager, YouTube), Meta, Reddit, X, and TikTok.

We may also disclose data if required by law or to protect our rights, users, or the Service.

4. International transfers

Some of our providers are based outside the European Economic Area (e.g. in the United States). Where data is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

5. How long we keep it

  • Account and gameplay data: while your account is active, and deleted or anonymised within about 30 days of an account-deletion request (longer only where the law requires).
  • Security and server logs: typically up to 30 days.
  • Marketing data: until you withdraw consent or unsubscribe.
  • Backups rotate on a regular schedule.

6. Your rights

EU/EEA & UK (GDPR)

You have the right to access, rectify, erase, restrict, and port your data, to object to certain processing, and to withdraw consent at any time (without affecting prior processing). To exercise these rights, email [email protected]. You can also lodge a complaint with a supervisory authority — in Estonia, the Data Protection Inspectorate (Andmekaitse Inspektsioon), or your local authority.

California (CCPA/CPRA)

California residents may request to know, delete, or correct their personal information, and may opt out of "sharing" of personal information for cross-context behavioural advertising. We do not sell personal information for money. You will not be discriminated against for exercising these rights. Use the cookie banner to opt out of advertising cookies, or email us.

7. Children

Override is not intended for children under 13, and we do not knowingly collect their personal data. If you believe a child under 13 has provided us data, contact [email protected] and we will delete it. See also the age requirements in our Terms of Service.

8. Security

We use encryption in transit (HTTPS), hashed passwords, access controls, and reputable infrastructure providers to protect your data. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.

9. Changes

We may update this Policy from time to time. Material changes will be signalled by updating the "Last updated" date and, where appropriate, by notice in-app or by email.

10. Contact

Mstrly Labs OÜ — Kaupmehe tn 7-120, Kesklinna linnaosa, Tallinn, 10114, Estonia. Privacy enquiries: [email protected].