Whenever using a new SaaS, it's always essential to understand clearly what information is stored, where it's stored and how it's stored. At Overcast, we want to be fully transparent with how we handle your data in order to give you full confidence in using our product.

Data categories

We separate data into three distinct categories:

  1. User security-critical data (access tokens, encryption keys)
  2. User data
  3. Application state data

User security-critical data

This data includes access tokens as well as encryption keys. This type of data is stored in Azure KeyVault. The application has a registered identity to access these tokens and all accesses are fully audited and logged. This is the most secure data layer.

Key Vault uses HSMs (Hardware Security Modules) to provide an even higher level on encryption for all data stored within it.

User data

This data includes report data that was recovered from the Azure account. This includes subscriptions, resources, prices, usage as well as recommendations. All data in this category has three layers of encryption :

  • Encryption in transit (TLS 1.2)
  • Encryption at-rest (AES 256)
  • Application-level encryption (AES 256) using a per-user key that is stored in Key Vault (see User security-critical data)

Application state data

This is the state data that is used to track different settings and options associated to your user account. For example, what type of Digest you are using, which frequency, which recommendations have been hidden, etc.

Data in this category has two layers of encryption :

  • Encryption in transit (TLS 1.2)
  • Encryption at-rest (AES 256)

Access to secure data

Each user or application that has to access to production data does so using a unique and individual identity that is managed by Azure AD. For all human users, they are required to use strong passwords as well as MFA (multi-factor authentication). For all machine users, they have separate application identities that can either be configured by MSI or ID and secret.

Additional concerns

Any additional questions or concerns with security in Overcast should be directed to our support team. They will be happy to help in any way possible. We take security very seriously at Overcast and make it a top priority for our entire team.

Did this answer your question?