OverHeard

Last updated: 27 June 2026

Privacy Policy

1. Who we are and the scope of this policy

OverHeard is a demand-intelligence web application operated by Pixlr Pte. Ltd. ("Pixlr", "we", "us", "our"), the same company that operates Pixlr. Our registered address is 36 Robinson Road, #20-01 City House, Singapore 068877.

For the purposes of the EU and UK General Data Protection Regulation ("GDPR"), Pixlr Pte. Ltd. is the data controller responsible for the personal data described in this policy. This policy explains what personal data we collect when you use OverHeard, why we collect it, who we share it with, and the rights you have over it. It applies to the OverHeard web application and the public share pages it generates. It does not cover third-party websites or services that we link to but do not operate.

This policy should be read together with our Terms of Service, Cookie Policy, and Refund Policy.

2. What OverHeard does

You type a business, product, or topic into OverHeard. We then harvest the real questions a market is asking from public search-suggest and autocomplete sources (Google, Bing, DuckDuckGo) and from public community discussions (Reddit, via Reddit's API). We de-duplicate and classify these questions by search intent and buyer-journey stage, score a 0–100 "demand heat", and produce a content plan. On paid plans, OverHeard also surfaces keyword search-volume and difficulty data and can generate AI content drafts. Understanding this flow helps explain why certain data is processed by the third parties described below.

3. Information we collect

We collect only the data we need to provide and secure the service. The table below sets out each category, why we collect it, and the legal basis under GDPR Article 6 on which we rely.

Data we collectPurposeLegal basis (GDPR Art. 6)
Your email address (used to sign in)To create and authenticate your account, send sign-in codes and magic links, and contact you about the servicePerformance of a contract
Plan, Stripe customer ID, and subscription statusTo manage your subscription, provide paid features, and keep billing recordsPerformance of a contract; legal obligation (for retention of billing records)
Saved "monitors" (search phrases) and their snapshot historyTo run and store your saved searches and show how demand changes over timePerformance of a contract
Per-day usage countersTo enforce plan quotas and prevent abuseLegitimate interests (anti-abuse, service integrity); performance of a contract
Public "share snapshots" you create (the search phrase plus the harvested public questions)To publish the public share pages you choose to createPerformance of a contract
An IP-derived rate-limit key (for anonymous visitors)To enforce the free-tier quota without an account; derived from your IP addressLegitimate interests (anti-abuse, fair use of free tier)
Server request logs (with email addresses redacted; the text of search queries is never logged, only its length)To operate, secure, debug, and monitor the serviceLegitimate interests (security, reliability, product improvement)

Where we send you optional marketing or product-update emails, we rely on your consent, which you can withdraw at any time. We do not require marketing consent to use the service.

4. What we do not collect

5. Important caveat: search phrases and AI drafts

To deliver its core features, OverHeard transmits the search phrases you enter, and the question text it harvests, to AI providers (Anthropic and Voyage AI) for classification, de-duplication, and content drafting, and, on paid plans, to DataForSEO for keyword volume and difficulty data. AI-generated drafts are produced by these providers on your behalf.

Because this data leaves our systems and is processed by those providers, you should not enter personal, sensitive, or confidential information into OverHeard that you would not want processed by these providers. OverHeard is designed for market and topic research, not for handling personal data about identifiable individuals.

6. Sub-processors and other recipients

We rely on a small set of trusted service providers ("sub-processors") to deliver the service. Each receives only the data needed for its function, under contractual confidentiality and data-protection obligations. We do not sell personal data to any of them.

RecipientRoleWhat it receives
StripePayments and subscription billingBilling identifiers and payment details. Card and payment details are handled solely by Stripe and are never stored on OverHeard's servers.
Anthropic ("Claude")AI classification and content draftsSearch phrases and harvested question text
Voyage AIText embeddings for de-duplicationSearch phrases and harvested question text
DataForSEO (paid plans only)Keyword search-volume and difficulty dataQuestion and keyword text
Email-delivery provider (e.g. Resend, Postmark, or SendGrid)Delivery of sign-in codes, magic links, and digestsYour email address and the code or digest content
Reddit and search engines (Google, Bing, DuckDuckGo)Public data sources we querySearch queries used to retrieve public results
Cloud hosting providerHosting and infrastructureData processed and stored to run the service

We may also disclose personal data where required by law, to enforce our terms, to protect our rights, safety, or property, or in connection with a corporate transaction such as a merger or acquisition (in which case we will notify you of any material change).

7. International transfers

We are based in Singapore, and our service providers may be located in other countries, including the United States and the European Union. This means your personal data may be processed outside your country of residence, including in Singapore. Where we transfer personal data internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where relevant), or an equivalent lawful transfer mechanism, to ensure your data remains protected.

8. How long we keep your data

We keep your account data for as long as your account is active, plus a reasonable period afterwards. If you close your account, we delete or anonymise your personal data within approximately 30 days, except where we are required to retain certain records for longer, for example billing and tax records that we must keep to comply with legal obligations. Public share snapshots remain published until you delete them or close your account. Aggregated or de-identified data that can no longer be linked to you may be retained for analytics and product improvement.

9. How we protect your data

We use technical and organisational measures appropriate to the risk, including encryption in transit, passwordless authentication, an HttpOnly first-party session cookie, redaction of email addresses in server logs, not logging the text of search queries, restricted internal access, and contractual data-protection obligations with our sub-processors. No system is perfectly secure, but we work to protect your data and to detect and respond to incidents.

10. Your rights

Depending on where you live, you have rights over your personal data, including the right to:

To exercise any of these rights, contact our Data Protection Officer at dpo@pixlr.com. We will respond within the timeframes required by applicable law. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

11. EU and UK representatives

For individuals in the European Economic Area, our representative under GDPR Article 27 is:

RIVACY GmbH, Mexikoring 33, 22297 Hamburg, Germany — info@rivacy.eu.

For individuals in the United Kingdom, our representative is:

RIVACY Ltd., St James' Hall, Mill Road, Lancing, West Sussex, England, BN15 0PT — info@rivacy.eu.

You may contact the relevant representative on matters relating to the processing of your personal data, in addition to or instead of contacting us directly.

12. Cookies

OverHeard uses a single essential, HttpOnly first-party session cookie named "oh_sess" to keep you signed in. We do not use advertising or third-party tracking cookies. For more detail, see our Cookie Policy.

13. Children

OverHeard is a business research tool and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact dpo@pixlr.com and we will take appropriate steps to delete it.

14. A note on accuracy of results

Where DataForSEO data is not available, volume and difficulty figures are shown as clearly-labelled estimates, and the "demand heat" score is a signal-based indicator. Results are research starting points and carry no guarantee of traffic, rankings, or business outcomes. This does not affect how we handle your personal data, but we mention it so you understand what the service does with the inputs you provide.

15. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or within the service. Your continued use of OverHeard after an update means you accept the revised policy.

16. Contact us

For privacy and data-protection matters, contact our Data Protection Officer at dpo@pixlr.com. For legal or terms-related matters, contact legal@pixlr.com. For general questions and support, contact info@pixlr.com. You can also write to us at:

Pixlr Pte. Ltd.
36 Robinson Road, #20-01 City House, Singapore 068877.

This policy is governed by the laws of Singapore. Any dispute arising out of or in connection with it shall be referred to and finally resolved by arbitration in Singapore administered by the Singapore International Arbitration Centre (SIAC) in accordance with the SIAC Rules, before a single arbitrator, in the English language.

OverHeard (overheard.me) is a product of Pixlr Pte. Ltd., 36 Robinson Road, #20-01 City House, Singapore 068877. Questions about these terms: legal@pixlr.com · privacy & data protection: dpo@pixlr.com.