Privacy Policy

Last Updated: 2026/04/01
Find other languages below

1. Introduction

Overe Corp ("overe.io", "Company", "we", "our", or "us") provides cybersecurity monitoring, threat detection, and security posture management services for Microsoft cloud environments.

This Privacy Policy explains how we collect, use, disclose, and protect personal data when individuals visit our website, use our platform, or otherwise interact with our services (collectively, the "Services").

We are committed to protecting personal data and processing it in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other applicable privacy regulations.

2. Scope

This Privacy Policy applies to:

  • visitors to our website
  • prospective customers and business contacts
  • customers using the overe.io platform
  • users within customer environments monitored through our Services
  • individuals who communicate with us
     

This policy does not apply to third-party services or websites that may be linked from our Services.

3. Roles and Responsibilities

Depending on the context in which personal data is processed, overe.io may act as either a data controller or a data processor.

When overe.io acts as a Controller

We act as a data controller when processing personal data related to:

  • visitors to our website
  • prospective customers
  • marketing communications
  • customer account management
  • billing and support interactions

When overe.io acts as a Processor

When customers use the overe.io platform and connect their Microsoft environments, overe.io processes certain personal data on behalf of the customer. In these cases:

  • the customer acts as the data controller
  • overe.io acts as the data processor
     

Our processing of such data is governed by contractual agreements with our customers, including applicable Data Processing Agreements (DPA) available at https://www.overe.io/dpa 

4. Information We Collect

4.1 Information Provided Directly

We may collect information that you provide directly to us, including:

  • name
  • email address
  • company name
  • job title
  • contact information
  • account credentials
  • billing information
  • communications with support or sales teams

4.2 Information Collected Through the Service

When customers connect their Microsoft environments to overe.io, we may process operational and security data necessary to provide cybersecurity monitoring services.

This may include:

  • user identifiers (such as usernames or email addresses)
  • authentication and login activity
  • configuration and security posture data
  • security alerts and telemetry
  • Microsoft tenant identifiers
  • audit log information relevant to security monitoring
     

Important limitations apply to this processing:

  • overe.io does not access or store customer emails, documents, or file content
  • our access is limited to metadata and security-relevant information
  • processing occurs solely to detect, investigate, and report security anomalies

This processing is performed on behalf of the customer and only to provide the contracted services.

4.3 Authentication and Security Data

To maintain secure access to the overe.io platform, we may process authentication-related information such as:

  • login session tokens
  • single sign-on (SSO) identifiers
  • multi-factor authentication tokens
  • securely hashed passwords (where SSO is not used)
     

These mechanisms help protect user accounts and maintain the security of the platform.

4.4 Automatically Collected Information

When users access our website or platform, we may automatically collect certain technical information including:

  • IP address
  • device information
  • browser type
  • operating system
  • usage logs
  • timestamps and access activity

This information helps us maintain system security, troubleshoot issues, and improve the Services.

4.5 Data Minimization

overe.io is designed to process only the minimum amount of personal data necessary to provide cybersecurity monitoring services.

Where possible, our systems process metadata and security telemetry rather than user-generated content. We intentionally limit access to customer environments to the permissions required to detect and investigate security events.

4.6 Cookies and Similar Technologies

Our website may use cookies or similar technologies to:

  • maintain secure user sessions
  • understand how visitors use our website
  • improve performance and usability
     

Users may control cookie preferences through their browser settings.

5. How We Use Personal Data

We use personal data to:

  • provide, operate, and maintain our Services
  • monitor and improve platform security
  • manage user accounts
  • communicate with customers and users
  • provide technical support
  • process payments and manage billing
  • improve our Services and develop new features
  • comply with legal obligations
  • enforce our agreements and policies
     

6. Legal Basis for Processing

Where GDPR applies, we process personal data under one or more of the following legal bases:

  • Performance of a contract – to provide the Services requested by customers
  • Legitimate interests – to operate, secure, and improve our Services
  • Legal obligations – where processing is required by applicable law
  • Consent – where individuals provide explicit consent for certain activities such as marketing communications
     

When overe.io processes personal data on behalf of customers, the customer determines the lawful basis for processing, and overe.io processes such data according to the customer’s instructions and the applicable Data Processing Agreement (DPA)..

7. Sharing Personal Data

We do not sell personal data.

We may share personal data with trusted third-party service providers ("subprocessors") that assist us in operating our Services, including:

  • Amazon Web Services (AWS) – cloud infrastructure hosting
  • Microsoft 365 – internal productivity and communications
  • HubSpot – customer relationship management and communications
  • Microsoft Clarity – website usage analytics
  • other professional advisors or service providers where required
     

These providers are contractually required to process personal data only according to our instructions and to maintain appropriate data protection safeguards.

We may also disclose personal data if required by law, regulation, or legal process.

We maintain an up-to-date list of subprocessors on our Trust Center at https://trust.overe.io, including details about the services they provide. All subprocessors are required to maintain appropriate security and data protection safeguards and are contractually obligated to process personal data only according to our instructions.

We periodically review our subprocessors to ensure they continue to meet our security and data protection standards.

8. International Data Transfers

Our Services are hosted using cloud infrastructure that may operate in multiple geographic regions, including the European Union and the United States.

Where personal data is transferred outside the European Economic Area (EEA), we implement appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • other legally recognized transfer mechanisms where applicable.

9. Data Retention

We retain personal data only for as long as necessary to:

  • provide our Services
  • comply with legal obligations
  • resolve disputes
  • enforce contractual agreements
     

Customer data processed through the overe.io platform is retained according to contractual agreements with customers.

If services are terminated, customer data is deleted from the overe.io platform within a defined retention period in accordance with our internal data retention policies.

10. Security Measures

overe.io maintains administrative, technical, and organizational safeguards designed to protect personal data, including:

  • encryption of data in transit and at rest
  • role-based access controls
  • infrastructure security monitoring
  • logging and audit trails
  • vulnerability management and patching
  • secure cloud hosting environments
     

While we take reasonable measures to protect data, no system can guarantee absolute security.

11. Security Incident Response

If overe.io becomes aware of a confirmed security incident involving personal data under our control, we will investigate the matter and take appropriate steps to mitigate the impact.

Where required by applicable law or contractual obligations, we will notify affected customers without undue delay.

12. Data Subject Rights

Depending on applicable law, individuals may have the right to:

  • access personal data
  • request correction of inaccurate data
  • request deletion of personal data
  • restrict processing
  • object to processing
  • request data portability
     

Where overe.io processes personal data on behalf of a customer, requests should normally be directed to the relevant customer organization acting as the data controller.

13. Children's Privacy

Our Services are intended for use by businesses and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes to our Services, legal requirements, or data processing practices.

When changes are made, the updated version will be posted with a revised "Last Updated" date.

15. Contact Information

If you have questions about this Privacy Policy or our data protection practices, please contact us:

Email: hello@overe.io

Other languages

The English version of this Agreement is available at https://www.overe.io/privacy-policy and constitutes the governing version. Any translations are provided for convenience only. In the event of any conflict or inconsistency, the English version shall prevail.

日本語

Japanese
Download document