Privacy Policy

1. Introduction

2. Who we are and how you can contact us

3. Data we collect

We collect various types of information – including personal data – when you interact with Skillsail. This includes, among others:

Note: Our services are intended for business and professional users and are not directed at individuals under 18 years of age.

• Account data: When you or your organization create an account with Skillsail, we collect information such as your name, email address, your company/organization name, and your login credentials. This may also include any profile details you voluntarily add to your account. If you choose to sign up using Google authentication, we collect basic profile information from your Google account (such as your name and email address) to create and manage your Skillsail account, which you can reuse for future logins. You can request to delete your account at any time by contacting us.
• Learning content and user-generated data: Content you upload or create is stored through the platform, such as course materials, assignments, notes, messages, or feedback. If our AI features process or learn from such user-generated content, this data remains restricted to your organization's environment and is not mixed with data from other customers.
• Usage data: We collect information about how you use the platform – such as which features or pages you access, your course progress, time spent on them, and similar usage metrics. This may also include technically automatically collected data, such as your IP address, browser type, device information, and timestamps of your activities recorded in log files.
• Cookies and similar technologies: When you use our platform or website, we use cookies for security and usability purposes (details can be found in the Cookies and Tracking section below). Our public website analytics work without cookies.
• Communication data: When you contact us directly (e.g., for support requests) or subscribe to our newsletter, we collect information such as your name, email address, and the content of your messages. We also store your communication preferences (e.g., your consent to receive our newsletter).
• Authentication data: Login to the Skillsail platform uses secure authentication methods including Google OAuth. During login, we collect and store authentication tokens and basic profile data required for login. This data is used exclusively to verify your identity and for secure login to Skillsail.

4. How we use your data (purposes and legal bases)

We process personal data for the following purposes. We rely on a legal basis under the GDPR for each:

Note on AI use: We use AI technologies to assist in generating e-learning content. For details on AI processing and data usage, please see Section 5 below.

• Providing our services: We use your personal data to set up and manage your account, give you access to courses and content, track your learning progress, and generally enable the operation of the Skillsail learning platform for you and your organization.
  Legal basis: Contract fulfillment (Art. 6 para. 1 lit. b GDPR)
• Personalization and platform improvement: We use data such as your usage habits and feedback to improve our services, fix problems, and develop new features (e.g., to optimize our AI-powered learning tools for your organization).
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Communication with you: We use your contact details to send you service-related communications. This includes emails for account verification, password reset, important platform announcements, and responses to support requests. With your consent, we also send you marketing emails.
  Legal basis: Contract fulfillment (Art. 6 para. 1 lit. b GDPR) or Consent (Art. 6 para. 1 lit. a GDPR)
• Security and performance: We process certain data (such as IP addresses, device information, and log data) to monitor suspicious activities, maintain the security and integrity of our platform, and measure and improve performance.
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Analysis of website visits: For our public website, we use Vercel's integrated analytics features to understand page views and user interactions – without using cookies.
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Fulfillment of legal obligations: We may process or retain personal data when we are legally required to do so – such as to maintain proper business records, fulfill tax requirements, or respond to lawful government requests.
  Legal basis: Legal obligation (Art. 6 para. 1 lit. c GDPR)

5. AI Processing

We use artificial intelligence (AI) technologies to assist in generating and improving e-learning content. However, we do not use any customer or user data to train or fine-tune our AI models. All AI processing occurs in a controlled and isolated manner, limited to your organization's data environment.

Our subprocessors and AI service providers are contractually prohibited from using any Skillsail customer data — including text, files, or metadata — to train or improve their own models. They may process data only to provide the specific functionality requested (e.g., content generation, text analysis, or image creation).

No automated decision-making producing legal or similarly significant effects occurs (Art. 22 GDPR).

6. Google User Data

When you choose to sign up or log in using Google authentication, we access and collect specific information from your Google account. This section details our practices regarding Google user data.

What Google data we collect:

• Your Google account email address
• Your name as displayed in your Google profile
• Your Google profile picture (if available)
• Basic profile information publicly available in your Google account

How we use Google data:

• To create and manage your Skillsail account
• To authenticate you when you log in to our platform
• To display your name and profile picture in your account
• To communicate with you about your account and our services

Important: We use Google user data solely for providing and improving the functionality of the Skillsail platform. We do not use Google user data for any purposes unrelated to the core functionality of our application.

We do NOT sell Google user data: We never sell, rent, or trade your Google account information or any other personal data to third parties for their marketing purposes or any other purposes.

7. Data Sharing and Disclosure

We take your privacy seriously and limit sharing of your personal data to the following circumstances:

With whom we share data:

• Service providers: We share data with trusted third-party service providers (subprocessors) who help us operate our platform. These providers are contractually bound to protect your data and use it only for providing their services to us. These services are used exclusively for performance and stability improvements and are never used to track users across platforms. A complete list of our subprocessors with their full details can be found in Section 8 below.
• Within your organization: If you use Skillsail through an organizational account, your data may be accessible to your organization's administrators as per your organization's policies.
• Legal requirements: We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with continued protection under this privacy policy.

Third-party transfers: We transfer data to third parties only when necessary to provide or improve our application's functionality. We do not transfer user data or any other personal data to third parties for their independent use or for purposes unrelated to our service.

8. Subprocessors and Third-Party Service Providers

To provide our services, we work with carefully selected third-party service providers (subprocessors) who process personal data on our behalf. All subprocessors are contractually bound to protect your data and use it only for providing their services to us in accordance with our instructions and applicable data protection laws.

Below is a complete list of our subprocessors, including their purpose, company details, and location:

International Data Transfers

Some of our subprocessors are located in the United States and other countries outside the European Economic Area (EEA). When we transfer personal data to these countries, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission (e.g., EU-US Data Privacy Framework where applicable)
• Additional technical and organizational measures to ensure data protection

You can request more information about the specific safeguards we use for international data transfers by contacting us at privacy@skillsail.com.

Changes to Subprocessors

We may update this list of subprocessors from time to time as we add or change service providers. We will update this privacy policy accordingly and notify affected customers of any material changes to our subprocessor list, particularly when required under our data processing agreements.

9. Data Retention and Deletion

We retain your personal data only for as long as necessary to provide our services and fulfill the purposes described in this privacy policy.

Retention periods:

• Active accounts: We retain your data as long as your account is active or as needed to provide you services.
• Inactive accounts: Accounts inactive for more than 2 years may be deleted along with associated data, after providing notice.
• Legal obligations: Some data may be retained longer if required by law (e.g., financial records for tax purposes).

Account deletion:

You can request deletion of your account and associated data at any time by:

• Contacting us at privacy@skillsail.com
• Providing your account email and verification of identity
• We will process deletion requests within 30 days

Upon account deletion, we will remove your personal data from our active systems, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes).

10. Data Protection and Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols.
• Access controls: We limit access to personal data to employees and contractors who need it to perform their duties, all bound by confidentiality obligations.
• Secure infrastructure: Our platform is hosted on secure, professionally maintained servers with regular security updates and monitoring.
• Authentication security: Our authentication provider uses secure authentication mechanisms, including OAuth 2.0 for Google sign-in, to securely manage user access.
• Regular audits: We conduct regular security assessments and updates to maintain the integrity of our systems.
• Data minimization: We only collect and process the minimum amount of data necessary to provide our services.

11. Cookies and Tracking

We use cookies and similar technologies on our website and platform for security and usability purposes. Cookies are small text files that are stored on your device when you visit our website. These cookies help us provide you with a better user experience and maintain the security of our services.

Types of cookies we use:

• Language and user preference cookies: When you change your preferred language on our website, we set a cookie to remember your choice. This ensures that the website displays in your preferred language during future visits, improving your user experience. In the platform, we also use cookies to store user interface preferences, such as theme settings.
• Appointment booking cookies: On our appointment booking forms, we use Cal.com as our booking service provider. Cal.com may set cookies to manage your booking session and ensure the booking process works properly.
• Authentication cookies: We use WorkOS as our authentication provider for secure login to the Skillsail platform. WorkOS may set cookies to maintain your login session and ensure secure authentication across the platform.

Important notes about our cookie usage:

• No marketing purposes: We do not use any of these cookies for marketing, advertising, or tracking purposes. They are used solely for security and usability.
• Essential functionality: These cookies are necessary for the proper functioning of specific features on our website and are set based on our legitimate interest to provide secure and user-friendly services (Art. 6 para. 1 lit. f GDPR).
• Third-party services: Some cookies are set by third-party services (Cloudflare, Cal.com) that we use to provide specific functionality. These services process data according to their own privacy policies, but only for the limited purposes described above.

12. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data. You can exercise these rights by contacting us at privacy@skillsail.com.

Your data subject rights include:

• Right to access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and to access such data.
• Right to rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data and to have incomplete personal data completed.
• Right to erasure (Art. 17 GDPR): You have the right to obtain the erasure of your personal data under certain circumstances.
• Right to restriction of processing (Art. 18 GDPR): You have the right to obtain restriction of processing under certain circumstances.
• Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to object (Art. 21 GDPR): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7 GDPR): Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint:

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The competent supervisory authority for Skillsail GmbH is:

13. Contact

If you have questions, concerns, or issues regarding this privacy policy or our privacy practices, please do not hesitate to contact us:

We are happy to help and will strive to answer your concerns or questions about privacy as quickly as possible.