Fiducia e impegni
Tutto ciò che un team di approvvigionamento aziendale deve sapere per valutare Overturo.
Alcuni impegni di seguito sono in attesa dell'approvazione legale.
SOC 2 status
Type II audit in progress (estimated completion: TBD)
Request the full audit reportData Processing Agreement
Pending Legal sign-offDownload the executed Data Processing Agreement.
Download the DPACountersigned DPAs available via the contact form.
Sub-processors
List last reviewed on 04 giugno 2026
| Provider | Purpose | ||
|---|---|---|---|
| Amazon Web Services | Infrastructure | CH, EU, UK, US | 15 apr |
| Cloudflare | Infrastructure | CH, EU, UK, US | 15 apr |
| Postmark | US | 15 apr |
Residenza regionale dei dati
| Regione | Dati archiviati in | Protetti ai sensi di | |
|---|---|---|---|
| Switzerland | Svizzera | LPD svizzera | Brokers Navigator Ltd (Regno Unito) |
| European Union | Italia | GDPR UE | Brokers Navigator Ltd (Regno Unito) |
| United Kingdom | Regno Unito | UK GDPR + DPA 2018 | Brokers Navigator Ltd (Regno Unito) |
| United States | Stati Uniti | Leggi statali e settoriali sulla privacy (incl. CCPA/CPRA) | OmVi Labs Inc (Delaware, Stati Uniti) |
Service-level commitments
Pending Legal sign-offLast updated on 04 giugno 2026
| Capability | Commitment | |
|---|---|---|
| Platform availability | 99.9% monthly | Uptime measured on the canonical /healthz endpoint |
| Global revocation propagation | 30s p99 | Time from revocation request to global cache invalidation |
| Attestation ingest latency | 200ms p99 | Time from POST receipt to attestation persisted |
| Receipt-verify endpoint availability | 99.9% monthly | Same instrumentation as platform availability |
Versioning & breaking-change policy
Pending Legal sign-offLast updated on 04 giugno 2026
- Current wire version: 1.0
- No breaking changes within v1.x; new major requires explicit opt-in.
- Deprecation window: 12 months minimum.
- Key-rotation honor window: 90 days.
- SDK semver tracks the wire format.
Incident disclosure
We notify affected customers within 24 hours of incident confirmation, via the contact email on the account.
A full root-cause analysis is published within 14 days. RCAs include the timeline, contributing factors, and the remediation roadmap.
Subscribe to status updates via the contact form.
Compliance program
Overturo composes with five Comply blocks (GDPR, CCPA, Healthcare, SOC 2, DIATF) plus a four-section evidence package keyed to specific regulatory citations.