Security

Last updated: December 29, 2024

Security Overview

Oversearch implements comprehensive security measures to protect your data and maintain platform integrity.

Infrastructure Security

Data Encryption

• In Transit: TLS 1.3 for all connections
• At Rest: AES-256 encryption for stored data

Hosting and Network

• Infrastructure hosted on secure, certified cloud providers
• Firewalls and network segmentation
• DDoS protection and rate limiting
• Regular vulnerability scanning

Application Security

Access Controls

• Role-based access control (RBAC)
• Multi-factor authentication (MFA) available
• Session management and timeout policies
• Password requirements and hashing (bcrypt)

Development Practices

• Secure code review processes
• Dependency vulnerability monitoring
• Automated security testing in CI/CD
• Regular penetration testing

Data Protection

Data Minimization

We collect only data necessary for service provision.

Data Retention

Scan results are retained according to your plan limits. Account data is deleted within 30 days of account closure.

Backups

Automated daily backups with encryption. Backup retention for 30 days.

Operational Security

Incident Response

• 24/7 security monitoring
• Documented incident response procedures
• Breach notification process (within 48 hours)

Employee Access

• Background checks for team members
• Principle of least privilege
• Security training and awareness programs
• Confidentiality agreements

Compliance

We maintain compliance with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• Industry best practices and standards

Note: SOC 2, ISO 27001, and other certifications are in progress and will be added upon completion.

Third-Party Security

All subprocessors undergo security reviews. See our Subprocessors page for current list.

Reporting Security Issues

If you discover a security vulnerability:

• Email: security@oversearch.com
• Do not publicly disclose until we've addressed the issue
• We aim to respond within 24 hours

Security Updates

We continuously improve our security posture. Material changes to this policy will be communicated to customers.

Enterprise Security

Enterprise customers can request:

• Security audits and assessments
• Custom DPA terms
• SLA agreements
• Dedicated support

Contact us at enterprise@oversearch.com for details.