Our security philosophy

At Overhead.fm, your security is a top priority. We designed our systems to be secure from the ground up. Sensitive information is protected by many layers of security, mitigating your (and our) risk in even the worst scenarios.

Sensitive information

Your connection to Overhead.fm

Your connection to Overhead.fm uses ssl, which encrypts your connection end-to-end. This encryption protects your payment information, authentication credentials, and other information against man-in-the-middle attacks, including those on your own network.

Your password

We never store your password as plain text. This means that your password is protected even if someone were to gain access to our database.

Your payment information

Your payment information is never seen or stored by Overhead.fm. It is sent directly from your browser to Stripe, our payment provider, over an encrypted connection. Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.

At Stripe, all card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines.

At Overhead.fm, we never have access to your full credit card number and we don't store any of your payment information in our database.

We work well with corporate IT

If your connection is behind a corporate firewall, we're happy to work with you to whitelist our domains. Our site is designed to work using HTML5, so you don't need to install Flash on your machines. We also support recent versions of every major browser, including Internet Explorer, so you shouldn't need to install any new software to run Overhead.fm.

Questions?

We are happy to talk in more detail about our systems and security measures. Email security@overhead.fm to reach our security team.