Encryption at rest

Industry-standard protection

Sensitive Overshow data is encrypted at rest using industry-standard encryption. That applies to material that would be costly to expose if someone obtained a copy of your disk without your credentials. transcripts, generated summaries, and similar content. not to every trivial file the app touches.

Keys are derived from device-specific credentials using established key-derivation practices, so encrypted blobs are bound to your machine’s protection model rather than sitting as plain text on the volume.

What is typically encrypted

Examples of categories stored with at-rest protection include:

• Transcripts and related audio-derived text
• Meeting summaries where the product stores them encrypted
• Daily summaries
• Question-detection and answer-candidate data held for search and Ask

The exact scope can evolve with features, but the intent is consistent: high-sensitivity text and derived artefacts are not left as readable files for anyone with raw disk access.

Where it lives

Your database and associated data files sit in a local SQLite database under your macOS user folder (see Data management). Overshow does not sync that database to cloud storage as part of the core product. Backup tools you run yourself may copy encrypted files; that is under your control, not a built-in Overshow sync service.

You are always in control of what Overshow captures; encryption reduces the impact if storage is copied, but pairing it with pause, exclusions, and purge when appropriate remains important.