Security & Compliance

Security & Compliance

Built for regulated industries

OVRVEW handles operational video and the dashboards built from it — the most sensitive data in most organizations. Security isn’t a feature we bolted on. It’s how the platform was designed from day one.

Certifications & frameworks

SOC 2 Type II

Annual third-party audits across security, availability, confidentiality, and privacy principles. Report available under NDA.

HIPAA

BAAs signed with covered entities. Technical, administrative, and physical safeguards meet 45 CFR § 164 requirements.

GDPR

Data Processing Agreement available. EU data residency and right-to-erasure workflows built into the platform.

ISO 27001 (in progress)

Certification audit scheduled. Operating against the ISO 27001 controls today.

FedRAMP-ready

Air-gapped and government cloud deployment patterns available for federal and defense customers.

PCI DSS-aware

For retail customers handling payment-adjacent data. We isolate camera analytics from cardholder data flows.

Data architecture

Inference runs where your data lives. We operate three deployment patterns:

DeploymentWhere inference runsBest for
On-premiseInside your firewall, on your hardwareHospitals, defense, air-gapped sites
Private cloudYour AWS / Azure / GCP, OVRVEW-managedMulti-site retail, manufacturing
OVRVEW cloudOVRVEW-operated AWS, SOC 2 + HIPAAFaster pilots, less infrastructure overhead

Encryption & access

  • In transit: TLS 1.3 with modern cipher suites. mTLS available between camera and inference layer.
  • At rest: AES-256 for all persisted data.
  • Key management: Customer-managed keys via AWS KMS / Azure Key Vault.
  • Access: SSO via SAML or OIDC. SCIM provisioning. MFA enforced.
  • RBAC: Granular roles down to individual dashboards and camera feeds.

Privacy by design

  • No raw video leaves your environment. Inference produces structured metadata; raw frames stay local.
  • On-device anonymization: face blurring, license-plate redaction at the camera layer.
  • Configurable retention: auto-purge after 7, 30, 90, or N days.
  • Audit trail: every dashboard view and admin action logged with immutable timestamps.

Operational security

  • Annual penetration tests by independent third party
  • Continuous vulnerability scanning (SAST, DAST, container scanning)
  • Bug bounty program with responsible disclosure
  • 24/7 incident response on Enterprise plans
  • 99.9% uptime SLA

Talk to security

Vendor security review, BAA, or DPA needed? We respond within one business day.

Contact security