overskill overskill Trust Center
Back to OverSkill
Security Compliance AI Governance Status

Data Processing Agreement

For customers who process personal data of EU/EEA residents, we offer a comprehensive Data Processing Agreement (DPA) compliant with GDPR Article 28.

What's Included

GDPR Article 28 Compliance

Covers all required processor obligations under EU data protection law.

Standard Contractual Clauses (SCCs)

EU Commission-approved Module 2 clauses for controller-to-processor transfers.

UK GDPR Addendum

Covers UK-specific requirements post-Brexit.

Security Incident Response

48-hour notification commitment with detailed incident reporting.

Subprocessor Management

30-day advance notice of subprocessor changes with objection rights.

Technical & Organizational Measures

Detailed security controls including encryption, access controls, and monitoring.

Request DPA

To request our Data Processing Agreement, please contact us with your company information. We typically respond within 2 business days.

Your business email address
Company name and address
Your OverSkill account email (if different)
Request DPA via Email

[email protected]

Data Processing Details

Subject Matter Provision of AI-powered application generation and hosting services
Duration For the term of your subscription, plus data retention period
Nature of Processing Storage, retrieval, AI processing, hosting, transmission
Purpose To enable you to create, deploy, and manage web applications
Data Categories Account information, application content, user prompts, generated code, usage data
Data Subjects Your authorized users; end users of your generated applications

Key Protections

48-Hour Breach Notification

We commit to notifying you of any confirmed security incident within 48 hours of discovery.

Audit Rights

You have the right to review our data protection policies and request third-party audit reports.

Data Deletion

Upon termination, 30-day export window followed by deletion within 90 days (backup rotation).

Data Subject Rights

We assist you in responding to data subject access, rectification, and deletion requests.

Objection Rights

Object to new subprocessors within 30 days with right to terminate if concerns aren't resolved.

Transfer Mechanisms

Standard Contractual Clauses (Module 2) for international data transfers with supplementary measures.

Frequently Asked Questions

Do I need a DPA?

If you're using OverSkill to process personal data of EU/EEA residents (including employee or customer data), GDPR Article 28 requires you to have a DPA with your data processors. Even if you're not legally required to have one, a DPA provides additional contractual protections.

Is the DPA free?

Yes, we provide our standard DPA at no additional cost to all customers.

Can we use our own DPA template?

We prefer to use our standard DPA which has been designed for our services. However, for enterprise customers with specific requirements, we can discuss modifications. Please contact [email protected].

How is the DPA executed?

Once you request the DPA, we'll send you a copy for review. The DPA can be executed electronically via DocuSign or a click-through acceptance, depending on your preference.

Questions About Our DPA?

Our legal team is here to help. Contact us with any questions about our Data Processing Agreement or data protection practices.

[email protected]