At Overhead.fm, your security is a top priority. We designed our systems to be secure from the ground up. Sensitive information is protected by many layers of security, mitigating your (and our) risk in even the worst scenarios.
Your connection to Overhead.fm uses ssl, which encrypts your connection end-to-end. This encryption protects your payment information, authentication credentials, and other information against man-in-the-middle attacks, including those on your own network.
We never store your password as plain text. This means that your password is protected even if someone were to gain access to our database.
Your payment information is never seen or stored by Overhead.fm. It is sent directly from your browser to Stripe, our payment provider, over an encrypted connection. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
At Stripe, all card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines.
At Overhead.fm, we never have access to your full credit card number and we don't store any of your payment information in our database.
If your connection is behind a corporate firewall, we're happy to work with you to whitelist our domains. Our site is designed to work using HTML5, so you don't need to install Flash on your machines. We also support recent versions of every major browser, including Internet Explorer, so you shouldn't need to install any new software to run Overhead.fm.
We are happy to talk in more detail about our systems and security measures. Email firstname.lastname@example.org to reach our security team.