Last Updated: November 29, 2025
Forfeit Inc ("we," "us," or "our") respects the privacy of our users ("user" or "you"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website overlord.app and our mobile application Overlord, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the "Service"). If you do not agree with the terms of this Privacy Policy, please do not access the Service.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Policy. Any changes are effective immediately upon posting, and your continued use of the Service signifies acceptance.
We may collect information about you in a variety of ways, including:
Personally identifiable information, such as your name, shipping address, email address, telephone number, and demographic information (age, gender, hometown, interests) that you voluntarily provide when you register or participate in activities related to the Service. Refusal to provide personal information may limit certain features.
Information our servers automatically collect when you access the Service, such as IP address, browser type, operating system, access times, pages viewed before and after visiting, device name, device type, phone number, country, likes, replies, and other interactions logged on the server.
Payment-method details (e.g., card brand, last four digits, expiration date) collected when you make a purchase. We store only a Stripe customer token; full card data are held by our payment processor Stripe. Please review Stripe's privacy policy for details.
Device ID, model, manufacturer, and location information (if you grant permission) when you access the Service from a mobile device.
Information from third parties, such as personal data or friend lists, if you connect your account to the third party and grant the Service permission.
If you grant permission, we READ—by default we never write unless you separately opt in—the following data types solely to verify the goals you set in Overlord: heart-rate samples; steps and distance; active calories burned; exercise sessions; sleep duration and stages; hydration amounts; weight measurements; floors climbed; Health Data History; Activity Recognition state. These metrics stay on your device unless you enable optional Cloud Sync in the Overlord Integrations page, in which case the selected metrics are end-to-end encrypted and stored on our U.S. servers so you can restore streaks across devices. You can disable Cloud Sync at any time; synced metrics are deleted from our servers within 24 hours.
We use collected information to: administer sweepstakes, promotions, and contests; assist law enforcement and respond to subpoenas; compile anonymous statistical data; create and manage accounts; deliver advertising, coupons, newsletters, and promotions (never using health data); email you about your account or orders; enable user-to-user communications; fulfill and manage purchases and payments; generate personal profiles; increase the efficiency and operation of the Service; monitor and analyze usage and trends; notify you of updates; offer new products or services; perform business activities; prevent fraud and protect against criminal activity; process payments and refunds; request feedback; resolve disputes and troubleshoot problems; send newsletters; solicit support for the Service; and, specifically, verify and approve or fail your habit-tracking goals via automated and human review. Health data are used only for goal verification and optional Cloud Sync.
We may share information if required to respond to legal process or protect the rights, property, and safety of others, including fraud prevention and credit-risk reduction.
We may share information with vendors performing services for us—for example payment processing (Stripe, Inc.), hosting and analytics (Firebase, Google LLC), cloud infrastructure (Amazon Web Services), AI verification (OpenAI LLC), data analysis, email delivery, customer service, crash reporting, or marketing assistance. Vendors may process data only under our instructions.
With your consent or an opportunity to withdraw consent, we may share information with third parties for marketing, but never health data.
If you interact with other users, they may see your name, profile photo, and activity descriptions.
Comments or other content you post may be publicly viewable and redistributable.
We may allow advertising companies to serve ads; they may use cookies but do not receive health data.
We may share information with affiliates and business partners consistent with this Policy. We may share anonymised data with advertisers and investors for business analysis.
If we undergo a business transfer, your information may be transferred to the successor.
We do not sell personal or health data.
We use cookies, web beacons, tracking pixels, and similar technologies to customise and improve the Service. You can disable cookies in your browser, but certain features may be unavailable.
The Service may contain links to third-party sites not governed by this Policy. Review each third party's privacy practices before providing information.
We use administrative, technical, and physical safeguards—including TLS encryption in transit, AES-256 encryption at rest, least-privilege staff access, and regular security testing—to protect your data, including all health metrics stored through Cloud Sync. No method is infallible, but we strive to safeguard your information.
Health metrics remain solely on your device unless Cloud Sync is enabled; when Cloud Sync is off, Overlord does not store any health metrics. Account data are retained while your account is active. Synced health metrics are kept only while Cloud Sync is enabled or until deleted; backups purge within 30 days. Anonymous aggregated statistics may be retained indefinitely.
We do not knowingly collect data from children under 13. If you believe we have collected such data, contact us.
We do not currently respond to DNT signals. If standards emerge, we will update this Policy.
You may review, change, or delete your account at any time by contacting us. Deletion removes personal and health data from live servers within 24 hours and from backups within 30 days, except where retention is required by law.
To stop receiving emails or other communications, contact us or follow the unsubscribe instructions. For third-party communications, contact the third party directly.
Residents of the EEA, United Kingdom, California, and other jurisdictions with data-protection laws have additional rights, including access, rectification, restriction, objection, portability, and complaint to a supervisory authority. To exercise any of these rights, contact us using the details below.
California residents may request information on data disclosed for direct marketing once per year. Residents under 18 with registered accounts may request removal of publicly posted data.
We operate in the United States and may process data in other countries where our providers operate, relying on Standard Contractual Clauses or other adequacy mechanisms as required for EEA/UK transfers.
The Overlord Android app offers an optional Screen Blocking feature that prevents access to user-selected apps during active goal periods. To implement this feature we request three Android system permissions. These permissions are granted only when you enable Screen Blocking and are never used for any other purpose.
Detects when a blocked app is brought to the foreground so we can display the blocking overlay.
Allows Overlord to place a full-screen overlay on top of a blocked app.
Backup method to identify when blocked apps become active if the Accessibility Service is paused by the system.
Our implementation follows Google Play requirements for sensitive permissions, including prominent disclosure, user consent, minimal access, purpose limitation, and the ability to disable the feature at any time.
For questions or comments about this Privacy Policy, contact:
Forfeit Inc