Learn How We Protect Your Data and Privacy

Overjet Trust Center

Overjet is committed to building trust in our organization and platform by ensuring the security and confidentiality of our customers’ data, models, and products. Protecting customer and user data is our number one priority.

To ensure the requirements of customers and regulators are met, Overjet completes numerous audits, assessments and compliance requirements—including rigorous third party network and system penetration tests.

Overjet Policies & Compliance 

Overjet’s company policies and legal terms set standards for its commitments to data security and privacy. Please review Overjet’s Terms of Service and Privacy Policy for additional information. 

Privacy Policy

The Global Data Protection Regulation (GDPR) is considered a gold standard for data protection, and compliance with GDPR is paramount to our business. We constantly review and update our data protection policies and practices to align with GDPR and other modern data protection laws, such as the California Consumer Privacy Act (CCPA), which in turn enables our customers to comply with GDPR these laws. Overjet does not sell your data, and does not mine or access your data for advertising purposes. Overjet also contractually commits that Overjet employees and authorized, verified contractors will only have access to customer data on a need-to-know basis.

HIPAA Compliance 

At Overjet, we understand that our healthcare customers must remain compliant with HIPAA requirements when managing, processing, or archiving Protected Health Information (PHI). The Overjet platform is a HIPAA-ready solution that delivers the high level of data security, integrity, and encryption necessary to maintain HIPAA compliance. In provisioning and operating the Overjet platform and services, Overjet complies with the applicable provisions of the HIPAA Security Rule, Breach Notification Rule, and Privacy Rule in its capacity as a business associate.

HITRUST Compliance 

Overjet has successfully completed an independent HITRUST audit and obtained a HITRUST certification, demonstrating that its services meet key regulations and industry-defined requirements for managing risk appropriately. This certification confirms Overjet's compliance with a standardized set of security controls mapped to industry-leading security and privacy regulatory standards.

Employee Education Policies

Overjet employees are properly vetted and trained to ensure compliance with security and privacy controls. 

  • Overjet requires that all employees have undergone periodic security & privacy training in the previous twelve (12) months. Such training includes, but is not limited to, training on topics such as acceptable use, data protection, HIPAA, GDPR and other data privacy laws, and incident reporting. 

  • All employees are required to have valid user IDs and passwords to access the corporate network, as well as internal and SaaS based applications regardless of whether they are accessing the network or applications from Overjet offices or remotely. 

  • Overjet retains attendance records and copies of security training materials to ensure proper completion of the training before any employee is granted access to systems.

Risk Management Policies

Overjet performs information security risk assessments as part of a risk governance program that regularly tests, assesses and evaluates the effectiveness of the security program. Such assessments recognize and assess the impact of risks and implement risk reduction or mitigation strategies to address new and evolving security technologies, changes to industry standard practices, and changing security threats. This risk program is audited annually by an independent third party.

Maximum Security Architecture Policies

Zero trust policies — Multiple services monitor, detect, and protect against common attack vectors.

Activity audit logs — User login and activity logs that are secured and monitored for anomalies.

Infrastructure access — Infrastructure access includes appropriate user account and authorization controls, which requires the use of secure connections, complex passwords, and account lock-out rules.

Admin access — Access privileges of employees are based on job requirements using the principle of least privilege access and are revoked upon termination of employment. 

Data encryption — Comprehensive support for data encryption at rest and in transit. 

Email Security Policies

We mitigate the impact of spyware, adware and other phishing and security attacks by:

  • Inspecting web-based email traffic for indicators of suspicious activity

  • Installing, configuring and maintaining anti-spyware / malware software

  • Identifying and blocking email phishing attacks for corporate email

  • Testing our employees ability to identify and take appropriate action on phishing emails

  • Providing relevant training and periodic advisories to workers related to email threats

Vendor / Supplier Management Policies

Overjet has developed and implemented a process for evaluating third-party vendors, partners and suppliers prior to engaging in a business relationship with them and regularly thereafter.

Vulnerability Management Policies

Overjet conducts periodic security risk evaluations to assess threats to information assets, determine potential vulnerabilities, and provide remediation. Patches are regularly deployed to address known vulnerabilities.

Overjet’s Subprocessors 

Overjet and its affiliates engage with the subprocessors listed below to perform certain processing activities of protected data in order to deliver their services Overjet may add additional subprocessors in the future by amending this list. Overjet has Data Processing Addendums with UK/EU Standard Contractual Clauses or similar terms in place with its subprocessors.

List of Subprocessors

Google LLC or its affiliates (US & UK)

  • Google Analytics is used to collect and receive analytics on Overjet’s website and platform.

  • Google Cloud Platform is used for platform infrastructure

  • Google Workspace (G Suite) is used for Overjet email and internal workspace

PagerDuty, Inc. (US)

  • Company support and incident response

Slack (Salesforce, Inc.) (US)

  • Customer support

Salesforce, Inc. (US)

  • Customer relationship management

Gainsight, Inc. (US)

  • Product usage analytics and in product engagement

Auth0 (Okta, Inc.) (US)

  • Identity access management

New Relic, Inc. (US)

  • Application performance monitoring

Sigma Computing, Inc. (US)

  • Data analytics

Notion Labs, Inc. (US)

  • Product documentation, and project management

LabelBox, Inc. (US)

  • Labeling software and annotation service