SECURITY

Enterprise-grade security. Built in from day one.

Overguard handles some of the most sensitive data that exists — worker location, biometrics, and safety events. Here is exactly how we protect it.

Encrypted everywhere
AES-256 encryption at rest for all stored data. TLS 1.3 in transit for all communications. End-to-end encryption for biometric data streams. Your data is never readable in transit or at rest without authorisation.
Granular access control
Role-based access control ensures every user sees only what they need to. Site supervisors see their site. Safety managers see their organisation. Workers see only their own data. SSO and MFA enforced on all administrative accounts.
Resilient infrastructure
Multi-region cloud deployment on AWS with automatic failover. 99.9% uptime SLA. Data residency in UK (EU-WEST-2) and Australia (AP-SOUTHEAST-2). Kubernetes-orchestrated microservices with independent scaling and zero-downtime deployments.
Compliance certifications
ISO 27001 alignment. SOC 2 Type II in progress. Cyber Essentials Plus certified. GDPR compliant by design. All certifications independently audited and renewed annually.
WORKER DATA

Your workers' data belongs to them.

Worker location, biometric, and safety data is among the most sensitive personal information that exists. We treat it that way.

Every worker has the right to access all data collected about them, request its deletion, and understand exactly how it is used. Biometric monitoring requires explicit individual consent and can be disabled at any time.

Location data is used solely for safety purposes. It is never shared with third parties without explicit employer consent, never used for performance monitoring, and never retained beyond the contractually agreed period.

Data collected only for safety purposes
Biometric monitoring requires opt-in consent
Workers can access and delete their own data
No third-party data sharing without consent
Location data never used for performance management
Data retained only for contractually agreed period

Security vulnerability disclosure

If you discover a security vulnerability in the Overguard platform, please report it responsibly to security@overguard.app. We will acknowledge receipt within 24 hours and provide a resolution timeline within 72 hours. We do not pursue legal action against researchers who report vulnerabilities in good faith.

For critical vulnerabilities affecting worker safety data, we will notify affected customers within 24 hours of confirmation.