At Overcut, your trust is our highest priority. We know your source code and ticketing data are among your most valuable assets, and our platform is designed from the ground up to protect them. This document outlines how Overcut safeguards your intellectual property, enforces enterprise-grade security, and ensures compliance with global standards.

1. Secure by Design

Overcut was built with privacy, security, and compliance as core design principles - not afterthoughts. Every decision, from how we handle repository access to how agents execute tasks, is guided by three commitments:
  • Minimal Exposure – we access only what is strictly necessary, only when it’s needed.
  • Complete Isolation – every execution is sandboxed and torn down after use.
  • Transparency & Auditability – you remain in control with full visibility of every action.

2. Enterprise-Grade AI Integration

Overcut gives enterprises flexibility in how they run AI - without compromising security.

Option 1: Overcut-Managed Azure OpenAI (Default)

  • No Training on Customer Data: Your prompts, data, and code are never used to train foundation models.
  • Regional Residency: Data remains within your chosen Azure region.
  • Enterprise-Ready Compliance: Covered under Microsoft certifications (SOC 2 Type II, ISO 27001, GDPR, HIPAA, FedRAMP).
  • Zero Data Retention: Prompts and responses are not stored beyond immediate processing.
  • Private Endpoints: Encrypted connections directly between Overcut and Azure OpenAI.
This is the fastest path to secure AI adoption, managed by Overcut.

Option 2: Bring Your Own Key (Enterprise Plan)

For organizations with stricter controls, Overcut supports BYOK:
  • Use Your Own Azure OpenAI Tenant – models run under your subscription, governed by your compliance policies.
  • Full Control – data never leaves your environment; Overcut connects securely via your keys and endpoints.
  • Custom Models – optionally connect to alternative LLM providers supported by your enterprise contracts.
This option is ideal for customers with dedicated compliance, residency, or vendor-management requirements.

3. Secure Code & Ticket Access

Overcut follows a just-in-time, least-privilege model for handling your code and tickets.
  • On-Demand Access – repositories and tickets are fetched only when required for a specific task.
  • Ephemeral Storage – no persistent storage of your codebase or ticket data on Overcut infrastructure.
  • Automatic Cleanup – once the task is complete, all temporary data is securely deleted.
  • Secure Caching – when repositories are cached for performance optimization, the code is stored in enterprise-grade secured storage with encryption at rest and in transit.
This ensures your intellectual property is never at risk of overexposure.

4. Controlled Access with Scoped Tokens

Access to your systems is managed with scoped, time-limited tokens:
  • Tokens are restricted to the task at hand, with the required repositories or projects.
  • Only the permissions necessary for the task are granted.
  • Every token issuance, use, and expiration is fully logged for audit.
This approach minimizes the attack surface and ensures compliance with least-privilege principles.

5. Isolated Execution Environments

Each Overcut agent runs in a dedicated, isolated environment that is destroyed after use.
  • Sandboxed by Default – no cross-contamination between runs.
  • No Shared State – each execution starts clean and ends clean.
  • Automatic Teardown – containers, data, and network resources are deleted after completion.
This guarantees that no customer data ever persists beyond the lifespan of a single task.

6. Organizational Control & Visibility

You stay in control of how Overcut operates within your environment.
  • Granular Permissions – administrators can configure which tools each agent may use.
  • Role-Based Access – ensure the right people have the right level of control.
  • Full Audit Trails – every agent action, token use, and data access is recorded.
  • Real-Time Monitoring – track activity as it happens, with alerting and reporting.

7. Security Principles We Live By

Our security model is anchored on globally recognized principles:
  1. Zero Trust – no implicit trust; every request is authenticated and authorized.
  2. Least Privilege – agents, tokens, and users get only what they need, nothing more.
  3. Defense in Depth – multiple layers of security across network, application, and execution.
  4. Data Minimization – only process what’s necessary, delete everything else.
  5. Transparency – provide visibility through logs, reports, and clear governance.

8. Compliance & Certifications

By building on Azure’s certified infrastructure and applying our own security controls, Overcut helps you meet enterprise compliance needs:
  • SOC 2 Type II
  • ISO 27001
  • GDPR
  • HIPAA (where applicable)
  • FedRAMP (via Azure)

9. Architecture Overview

Below is a high-level view of how data flows securely through Overcut:

10. Your Next Steps

To maximize security when adopting Overcut:
  1. Configure Repository Access – Set up scoped tokens with minimum required permissions for each Git integration (GitHub, GitLab, Azure DevOps, Bitbucket).
  2. Customize Agent Tools – Use repository-specific tool configurations to restrict which commands each agent can execute per repository.
  3. Choose Your AI Model – Select between Overcut-managed Azure OpenAI (default) or bring your own key (BYOK) for enterprise compliance requirements.
  4. Enable Repository Caching Securely – Configure caching settings per repository while ensuring cached code remains in enterprise-grade secured storage with encryption.
To discuss enterprise security requirements, certifications, or to request our detailed security package, contact team@overcut.ai.