Overjet Trust Center
Overjet is committed to building trust in our organization and platform by ensuring the security and confidentiality of our customers’ data, models, and products. Protecting customer and user data is our number one priority.
To ensure the requirements of customers and regulators are met, Overjet completes numerous audits, assessments and compliance requirements—including rigorous third party network and system penetration tests.
Overjet Policies & Compliance
Overjet’s company policies and legal terms set standards for its commitments to data security and privacy. Please review Overjet’s Terms of Service and Privacy Policy for additional information.
Privacy Policy
The Global Data Protection Regulation (GDPR) is considered a gold standard for data protection, and compliance with GDPR is paramount to our business. We constantly review and update our data protection policies and practices to align with GDPR and other modern data protection laws, such as the California Consumer Privacy Act (CCPA), which in turn enables our customers to comply with GDPR these laws. Overjet does not sell your data, and does not mine or access your data for advertising purposes. Overjet also contractually commits that Overjet employees and authorized, verified contractors will only have access to customer data on a need-to-know basis.
HIPAA Compliance
At Overjet, we understand that our healthcare customers must remain compliant with HIPAA requirements when managing, processing, or archiving Protected Health Information (PHI). The Overjet platform is a HIPAA-ready solution that delivers the high level of data security, integrity, and encryption necessary to maintain HIPAA compliance. In provisioning and operating the Overjet platform and services, Overjet complies with the applicable provisions of the HIPAA Security Rule, Breach Notification Rule, and Privacy Rule in its capacity as a business associate.
HITRUST Compliance
Overjet has successfully completed an independent HITRUST audit and obtained a HITRUST certification, demonstrating that its services meet key regulations and industry-defined requirements for managing risk appropriately. This certification confirms Overjet's compliance with a standardized set of security controls mapped to industry-leading security and privacy regulatory standards.
Employee Education Policies
Overjet employees are properly vetted and trained to ensure compliance with security and privacy controls.
Overjet requires that all employees have undergone periodic security & privacy training in the previous twelve (12) months. Such training includes, but is not limited to, training on topics such as acceptable use, data protection, HIPAA, GDPR and other data privacy laws, and incident reporting.
All employees are required to have valid user IDs and passwords to access the corporate network, as well as internal and SaaS based applications regardless of whether they are accessing the network or applications from Overjet offices or remotely.
Overjet retains attendance records and copies of security training materials to ensure proper completion of the training before any employee is granted access to systems.
Risk Management Policies
Overjet performs information security risk assessments as part of a risk governance program that regularly tests, assesses and evaluates the effectiveness of the security program. Such assessments recognize and assess the impact of risks and implement risk reduction or mitigation strategies to address new and evolving security technologies, changes to industry standard practices, and changing security threats. This risk program is audited annually by an independent third party.
Maximum Security Architecture Policies
Zero trust policies — Multiple services monitor, detect, and protect against common attack vectors.
Activity audit logs — User login and activity logs that are secured and monitored for anomalies.
Infrastructure access — Infrastructure access includes appropriate user account and authorization controls, which requires the use of secure connections, complex passwords, and account lock-out rules.
Admin access — Access privileges of employees are based on job requirements using the principle of least privilege access and are revoked upon termination of employment.
Data encryption — Comprehensive support for data encryption at rest and in transit.
Email Security Policies
We mitigate the impact of spyware, adware and other phishing and security attacks by:
Inspecting web-based email traffic for indicators of suspicious activity
Installing, configuring and maintaining anti-spyware / malware software
Identifying and blocking email phishing attacks for corporate email
Testing our employees ability to identify and take appropriate action on phishing emails
Providing relevant training and periodic advisories to workers related to email threats
Vendor / Supplier Management Policies
Overjet has developed and implemented a process for evaluating third-party vendors, partners and suppliers prior to engaging in a business relationship with them and regularly thereafter.
Vulnerability Management Policies
Overjet conducts periodic security risk evaluations to assess threats to information assets, determine potential vulnerabilities, and provide remediation. Patches are regularly deployed to address known vulnerabilities.
Overjet’s Subprocessors
Overjet and its affiliates engage with the subprocessors listed below to perform certain processing activities of protected data in order to deliver their services Overjet may add additional subprocessors in the future by amending this list. Overjet has Data Processing Addendums with UK/EU Standard Contractual Clauses or similar terms in place with its subprocessors.
List of Subprocessors
Google LLC or its affiliates (US & UK)
Google Analytics is used to collect and receive analytics on Overjet’s website and platform.
Google Cloud Platform is used for platform infrastructure
Google Workspace (G Suite) is used for Overjet email and internal workspace
PagerDuty, Inc. (US)
Company support and incident response
Slack (Salesforce, Inc.) (US)
Customer support
Salesforce, Inc. (US)
Customer relationship management
Gainsight, Inc. (US)
Product usage analytics and in product engagement
Auth0 (Okta, Inc.) (US)
Identity access management
New Relic, Inc. (US)
Application performance monitoring
Sigma Computing, Inc. (US)
Data analytics
Notion Labs, Inc. (US)
Product documentation, and project management
LabelBox, Inc. (US)
Labeling software and annotation service