overskill overskill Trust Center
Back to OverSkill
Security Compliance AI Governance Status

Compliance & Certifications

We maintain compliance with major regulatory frameworks and inherit enterprise certifications from our infrastructure providers.

Current Certifications & Compliance

SOC 2 Type II

Inherited

OverSkill's infrastructure is hosted on Render, which maintains SOC 2 Type II certification. This means our hosting environment has been independently audited for security, availability, and confidentiality controls.

Render, Inc. Available via Render Trust Center

ISO 27001:2022

Inherited

Render maintains ISO 27001 certification for its information security management system, providing international recognition of security practices.

Render, Inc. Certificate available via Render Trust Center

GDPR Compliance

Compliant

OverSkill processes personal data in compliance with the EU General Data Protection Regulation. We offer Data Processing Agreements (DPAs) to all customers.

OverSkill DPA available on request

CCPA Compliance

Compliant

We comply with the California Consumer Privacy Act, providing California residents with required privacy rights and disclosures.

OverSkill See Privacy Policy

Understanding Inherited Compliance

OverSkill leverages Render's enterprise-grade infrastructure, which undergoes rigorous annual audits for SOC 2 Type II and ISO 27001 certifications. This "inherited compliance" model means:

What's Covered

  • Physical data center security
  • Network infrastructure security
  • Host operating system hardening
  • Backup and disaster recovery
  • Infrastructure monitoring
  • Access controls to infrastructure

OverSkill's Additional Controls

  • Application-level encryption
  • User authentication (MFA, OAuth)
  • Role-based access control
  • Audit logging
  • AI security (prompt filtering)
  • Data processing agreements

Enterprise customers: If your procurement process requires direct SOC 2 certification from OverSkill, please contact us to discuss your requirements. We can provide Render's SOC 2 Type II report under NDA.

Compliance Roadmap

Direct SOC 2 Type II

Planned

Direct SOC 2 certification for OverSkill application-level controls

Timeline: Evaluating Q4 2025

HIPAA Compliance

Evaluating

Healthcare data compliance if customer base requires

Timeline: Based on customer demand

Need Compliance Documentation?

Enterprise customers can request access to SOC 2 Type II reports, security questionnaire responses, and Data Processing Agreements.

Request DPA Contact Security Team