overskill overskill Trust Center
Back to OverSkill
Security Compliance AI Governance Status

Security at OverSkill

We implement industry-standard security controls and leverage enterprise-grade infrastructure to protect your data and applications.

Infrastructure Certifications

Inherited Compliance Model

OverSkill is hosted on Render, a platform with SOC 2 Type II and ISO 27001 certifications. This means our infrastructure inherits enterprise-grade security controls that have been independently audited. We leverage Render's security investments while implementing additional application-level protections.

SOC 2 Type II

via Render

Security controls validated by independent audit over 6+ month period

View on Render Trust Center

ISO 27001:2022

via Render

International information security management standard

View on Render Trust Center

Security Practices

Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Automatic HTTPS enforcement on all endpoints
  • Managed SSL/TLS certificates via Render

Access Controls

  • Multi-factor authentication available for all accounts
  • Role-based access control (RBAC) for team members
  • Team-based resource isolation (BulletTrain)
  • Automatic session expiration
  • OAuth 2.0 with Google and GitHub

Infrastructure Security

  • Hosted on Render (SOC 2 Type II certified)
  • Built on AWS and Google Cloud Platform
  • DDoS protection via Cloudflare
  • Geographic redundancy across data centers
  • Automated failover and disaster recovery

Security Monitoring

  • 24/7 automated infrastructure monitoring
  • Comprehensive audit logging for administrative actions
  • Real-time anomaly detection
  • Automated vulnerability scanning
  • Security incident alerting

AI Security

  • Prompt injection filtering on all user inputs
  • Content moderation on AI-generated outputs
  • No training on customer data
  • Isolated AI processing per request
  • Rate limiting on AI operations

Security Vulnerability Disclosure

We take security seriously and appreciate the responsible disclosure of potential vulnerabilities. If you discover a security issue, please report it to us privately.

[email protected]

Please include a detailed description of the vulnerability, steps to reproduce, and potential impact. We aim to acknowledge reports within 48 hours and provide regular updates on our investigation.

Data Protection

Data Processing Locations

  • Primary: Oregon, USA (Render/GCP)
  • EU Option: Frankfurt, Germany (Render/AWS)
  • CDN/Edge: Global (Cloudflare)

Data Retention

  • Account data retained while account is active
  • Generated apps can be exported or deleted at any time
  • Deleted data removed within 90 days (backup rotation)
  • Audit logs retained for 90 days