SECURITY

How we keep your data safe.

Draft Policy

This is a draft security overview. Final version pending legal and security review.

1. Our approach

Overguard handles safety-critical operational data for our customers. Security isn’t an add-on — it’s designed into the platform from hardware to cloud. We follow industry best practices for data security, access control, and incident response.

2. Hardware security

The Overguard S1 hardware includes:

  • Cryptographically signed firmware with rollback protection
  • Secure boot with hardware-enforced integrity
  • Over-the-air (OTA) updates over authenticated channels
  • On-device data encryption at rest
  • Authenticated provisioning via NFC and QR code

Only Overguard-signed firmware can run on an S1 device.

3. Network security

All communication between S1 devices and the Overguard platform uses encrypted channels:

  • TLS 1.3 for all cloud communication
  • Cellular traffic over carrier-grade encrypted tunnels (LTE-M, NB-IoT)
  • Bluetooth communication authenticated and encrypted

LoRaWAN communication uses LoRaWAN-standard payload encryption.

4. Platform security

The Overguard platform runs on secure cloud infrastructure with:

  • Data encryption at rest and in transit
  • Role-based access control for all user accounts
  • Multi-factor authentication for administrative access
  • Audit logging of all administrative actions
  • Regular security reviews and penetration testing

5. Data handling

  • Customer data is segregated by organisation
  • Access to customer data is restricted to authorised personnel on a need-to-know basis
  • All administrative data access is logged and auditable
  • Data deletion requests are processed per the commercial agreement and applicable regulations

6. Compliance

Overguard is working toward:

  • ISO 27001 alignment for information security management
  • SOC 2 Type II readiness
  • GDPR and UK GDPR compliance for personal data handling

Our commercial agreements include Data Processing Agreements (DPAs) aligned with GDPR requirements.

7. Incident response

We have documented incident response procedures for security events. In the event of a data breach affecting customer data:

  • Affected customers are notified promptly
  • Regulatory notifications are made as required
  • Root cause analysis is documented and shared with affected customers
  • Remediation actions are implemented and verified

8. Reporting security issues

If you discover a security issue with our website, platform, or hardware, we want to know. Email security reports to hello@overguard.appwith ‘SECURITY’ in the subject line. We will:

  • Acknowledge receipt within 2 business days
  • Investigate the report and provide updates
  • Coordinate disclosure if the issue is valid

Please do not publicly disclose security issues before we have had an opportunity to investigate and remediate.

9. Questions

For security questions or to request more detailed security documentation (for enterprise customers or pilot evaluations), contact us at hello@overguard.app.

hello@overguard.app · Overguard Technologies Ltd · London, United Kingdom