Solutions Case Studies Pricing Docs About Contact Get Started

Security & Compliance

Enterprise-grade security built into every layer of our platform

Our Certifications

SOC2

Type II

SOC 2 Type II

Audited controls for security, availability, and confidentiality

ISO

27001

ISO 27001

International standard for information security management

ISO

27018

ISO 27018

Cloud privacy and PII protection standards

GDPR

GDPR Compliant

Full compliance with EU data protection regulations

Security Architecture

Multi-Tenant Isolation

Complete customer isolation with row-level security ensures your data stays yours. Every tenant operates in a logically isolated environment with dedicated encryption keys.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed using industry-standard HSMs and rotated regularly.

Access Controls

Role-based access control (RBAC) with granular permissions, SSO/SAML support, and multi-factor authentication (MFA) for all user accounts.

Audit Logging

Comprehensive audit trails for all system access and data modifications. Immutable logs stored for compliance and forensic analysis.

Network Security

DDoS protection, Web Application Firewall (WAF), and intrusion detection systems (IDS) protect our infrastructure 24/7.

Regular Penetration Testing

Third-party security audits and penetration testing performed quarterly to identify and remediate vulnerabilities proactively.

Data Protection

Data Residency

Choose where your data is stored with regional deployment options in US, EU, and APAC. Enterprise customers can specify exact data center locations.

Data Retention

Configurable data retention policies based on your compliance requirements. Automated data deletion after retention period expires.

Data Portability

Export your data at any time in standard formats. No lock-in — your data is always accessible and portable.

Right to Be Forgotten

Complete data deletion upon request, including all backups and replicas, in compliance with GDPR and other privacy regulations.

Enterprise Compliance

Need HIPAA, FedRAMP, or other specialized compliance? Our Enterprise plan offers additional certifications and on-premise deployment options.

HIPAA Available

FedRAMP In Progress

On-Premise Options

Custom BAA/DPA

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@overcastsre.com. We appreciate your help in keeping Overcast secure.

We commit to acknowledging reports within 24 hours and providing regular updates on remediation progress.