Legal

Privacy Policy

Effective May 1, 2026

This Privacy Policy explains what information Digital Face Media, a brand of RAND Meridian, LLC ("Overture," "we," or "us") collects when you use Overture (the "Service") at overture.show and app.overture.show, how we use it, and the choices you have.

1. Information We Collect

1.1 Account information

When you sign up we collect your name, email address, and a hashed password. We do not store your password in plain text.

1.2 Billing information

Payment is processed by Stripe, Inc. Stripe collects your card details directly — Overture never sees or stores your full card number. We receive a customer ID, the last four digits, the card brand, billing email, and subscription status. Stripe's privacy practices are described at stripe.com/privacy.

1.3 Content you create

Run-of-show rows, session metadata, event names, speaker and crew rosters, PDFs you generate, files you attach, and other content you submit. We treat this as your data and use it only to operate the Service.

1.4 Operational logs

Standard web-server logs (IP address, browser user-agent, request path, timestamp), error logs, and audit events such as logins and content changes. We use these for security, debugging, and abuse prevention.

1.5 Email and support correspondence

If you email us we keep the message and any attachments so we can reply and improve support.

2. What We Do Not Collect

  • We do not run advertising trackers, third-party ad cookies, or ad-network pixels on the Service.
  • We do not sell, rent, or trade your personal information.
  • We do not share your content with other customers.

3. How We Use Information

  • To provide the Service — host your data, render your run-of-show, deliver PDFs, send invitation and password-reset emails.
  • To bill you — charge your subscription, send receipts, and respond to billing questions.
  • To communicate with you — transactional notices (account, billing, security) and, when permitted, occasional product updates.
  • To improve the Service — diagnose bugs, measure performance, and plan features in aggregate.
  • To protect the Service — detect fraud, abuse, and policy violations.
  • To comply with law — respond to lawful requests, enforce our Terms, and protect the rights of users and the public.

4. Service Providers

We use a small set of vendors to operate Overture. Each is bound by a written agreement to protect your data and to use it only on our instructions:

  • Stripe — payment processing and subscription billing.
  • Supabase (PostgreSQL hosting on AWS US-West) — primary database for accounts and content.
  • Railway — application hosting.
  • Cloudflare — DNS, CDN, and bot protection for overture.show.
  • Microsoft Graph (Outlook) — transactional email delivery for welcome, invite, and password-reset messages.

5. International Users

Overture is operated from the United States. If you access the Service from outside the U.S., your information will be processed in the United States. By using the Service, you consent to this transfer.

5.1 EU / UK residents (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to access, correct, export, restrict processing of, or delete your personal data, and to lodge a complaint with your supervisory authority. We rely on contract as the legal basis for processing account and billing data, and on legitimate interest for security logs.

5.2 California residents (CCPA / CPRA)

California residents have the right to know what personal information we collect, to request deletion, and to opt out of any sale of personal information. We do not sell personal information.

To exercise any right, email hello@overture.show from the address on your account.

6. Data Retention

We retain account and content data for as long as your account is active. After you delete your account, content is removed from production within 30 days and from rolling encrypted backups within 90 days, except where retention is required by law.

7. Security

We use industry-standard safeguards: TLS in transit, encryption at rest on Supabase, hashed passwords, role-based access controls, and audited admin actions. No system is perfectly secure — promptly report any suspected vulnerability to support@overture.show.

8. Children's Privacy

Overture is not directed to children under 13 and we do not knowingly collect their data. If you believe a child has provided personal information, contact us and we will delete it.

9. Cookies

Overture uses a small number of strictly necessary cookies for sign-in sessions and security (CSRF) only. No third-party advertising or analytics cookies are set.

10. Changes

We will post material changes to this policy on this page and update the "Effective" date above. Significant changes will also be emailed to active subscribers at least 14 days before they take effect.

11. Contact

Privacy questions or requests: hello@overture.show.

Mailing address (for written requests):
RAND Meridian, LLC — Attn: Privacy (Digital Face Media / Overture)
Florida, USA

← Back to home