Privacy Policy

1. Introduction

2. Who we are and how you can contact us

3. Data we collect

We collect various types of information – including personal data – when you interact with Skillsail. This includes, among others:

• Account data: When you or your organization create an account with Skillsail, we collect information such as your name, email address, your company/organization name, and your login credentials. This may also include any profile details you voluntarily add to your account. If you choose to sign up using Google authentication, we collect basic profile information from your Google account (such as your name and email address) to create and manage your Skillsail account, which you can reuse for future logins. You can request to delete your account at any time by contacting us.
• Learning content and user-generated data: Content you upload or create is stored through the platform, such as course materials, assignments, notes, messages, or feedback. If our AI features process or learn from such user-generated content, this data remains restricted to your organization's environment and is not mixed with data from other customers.
• Usage data: We collect information about how you use the platform – such as which features or pages you access, your course progress, time spent on them, and similar usage metrics. This may also include technically automatically collected data, such as your IP address, browser type, device information, and timestamps of your activities recorded in log files.
• Cookies and similar technologies: When you use our platform or website, we use cookies for security and usability purposes (details can be found in the Cookies and Tracking section below). Our public website analytics work without cookies.
• Communication data: When you contact us directly (e.g., for support requests) or subscribe to our newsletter, we collect information such as your name, email address, and the content of your messages. We also store your communication preferences (e.g., your consent to receive our newsletter).
• Authentication data: Login to the Skillsail platform uses secure authentication methods including Google OAuth. During login, we collect and store authentication tokens and basic profile data required for login. This data is used exclusively to verify your identity and for secure login to Skillsail.

4. How we use your data (purposes and legal bases)

We process personal data for the following purposes. We rely on a legal basis under the GDPR for each:

• Providing our services: We use your personal data to set up and manage your account, give you access to courses and content, track your learning progress, and generally enable the operation of the Skillsail learning platform for you and your organization.
  Legal basis: Contract fulfillment (Art. 6 para. 1 lit. b GDPR)
• Personalization and platform improvement: We use data such as your usage habits and feedback to improve our services, fix problems, and develop new features (e.g., to optimize our AI-powered learning tools for your organization).
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Communication with you: We use your contact details to send you service-related communications. This includes emails for account verification, password reset, important platform announcements, and responses to support requests. With your consent, we also send you marketing emails.
  Legal basis: Contract fulfillment (Art. 6 para. 1 lit. b GDPR) or Consent (Art. 6 para. 1 lit. a GDPR)
• Security and performance: We process certain data (such as IP addresses, device information, and log data) to monitor suspicious activities, maintain the security and integrity of our platform, and measure and improve performance.
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Analysis of website visits: For our public website, we use Vercel's integrated analytics features to understand page views and user interactions – without using cookies.
  Legal basis: Legitimate interest (Art. 6 para. 1 lit. f GDPR)
• Fulfillment of legal obligations: We may process or retain personal data when we are legally required to do so – such as to maintain proper business records, fulfill tax requirements, or respond to lawful government requests.
  Legal basis: Legal obligation (Art. 6 para. 1 lit. c GDPR)

5. Google User Data

When you choose to sign up or log in using Google authentication, we access and collect specific information from your Google account. This section details our practices regarding Google user data.

What Google data we collect:

• Your Google account email address
• Your name as displayed in your Google profile
• Your Google profile picture (if available)
• Basic profile information publicly available in your Google account

How we use Google data:

• To create and manage your Skillsail account
• To authenticate you when you log in to our platform
• To display your name and profile picture in your account
• To communicate with you about your account and our services

Important: We use Google user data solely for providing and improving the functionality of the Skillsail platform. We do not use Google user data for any purposes unrelated to the core functionality of our application.

We do NOT sell Google user data: We never sell, rent, or trade your Google account information or any other personal data to third parties for their marketing purposes or any other purposes.

6. Data Sharing and Disclosure

We take your privacy seriously and limit sharing of your personal data, including Google user data, to the following circumstances:

With whom we share data:

• Service providers: We share data with trusted third-party service providers who help us operate our platform (e.g., Supabase for database and storage, Vercel for hosting, Cloudflare for security, Sentry for error logging). These providers are contractually bound to protect your data and use it only for providing their services to us. These services are used exclusively for performance and stability improvements and are never used to track users across platforms.
• Within your organization: If you use Skillsail through an organizational account, your data may be accessible to your organization's administrators as per your organization's policies.
• Legal requirements: We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, with continued protection under this privacy policy.

Third-party transfers: We transfer data to third parties only when necessary to provide or improve our application's functionality. We do not transfer Google user data or any other personal data to third parties for their independent use or for purposes unrelated to our service.

7. Data Retention and Deletion

We retain your personal data, including Google user data, only for as long as necessary to provide our services and fulfill the purposes described in this privacy policy.

Retention periods:

• Active accounts: We retain your data as long as your account is active or as needed to provide you services.
• Inactive accounts: Accounts inactive for more than 2 years may be deleted along with associated data, after providing notice.
• Legal obligations: Some data may be retained longer if required by law (e.g., financial records for tax purposes).

Account deletion:

You can request deletion of your account and associated data at any time by:

• Contacting us at privacy@skillsail.com
• Providing your account email and verification of identity
• We will process deletion requests within 30 days

Upon account deletion, we will remove your personal data from our active systems, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, resolving disputes).

8. Data Protection and Security

We implement comprehensive technical and organizational measures to protect your personal data, including Google user data, against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols.
• Access controls: We limit access to personal data to employees and contractors who need it to perform their duties, all bound by confidentiality obligations.
• Secure infrastructure: Our platform is hosted on secure, professionally maintained servers with regular security updates and monitoring.
• Authentication security: We use secure authentication mechanisms, including OAuth 2.0 for Google sign-in, ensuring your credentials are never directly stored by us.
• Regular audits: We conduct regular security assessments and updates to maintain the integrity of our systems.
• Data minimization: We only collect and process the minimum amount of data necessary to provide our services.

While we strive to protect your personal data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to notifying affected users of any data breach as required by applicable law.

9. Cookies and Tracking

We use cookies and similar technologies on our website and platform for security and usability purposes. Cookies are small text files that are stored on your device when you visit our website. These cookies help us provide you with a better user experience and maintain the security of our services.

Types of cookies we use:

• Language preference cookies: When you change your preferred language on our website, we set a cookie to remember your choice. This ensures that the website displays in your preferred language during future visits, improving your user experience.
• Security cookies: On our contact forms, we use Cloudflare Turnstile for security purposes to prevent spam and abuse. This security check may set cookies to verify that you are a human user and not an automated system.
• Appointment booking cookies: On our appointment booking forms, we use Cal.com as our booking service provider. Cal.com may set cookies to manage your booking session and ensure the booking process works properly.

Important notes about our cookie usage:

• No marketing purposes: We do not use any of these cookies for marketing, advertising, or tracking purposes. They are used solely for security and usability.
• Essential functionality: These cookies are necessary for the proper functioning of specific features on our website and are set based on our legitimate interest to provide secure and user-friendly services (Art. 6 para. 1 lit. f GDPR).
• Third-party services: Some cookies are set by third-party services (Cloudflare, Cal.com) that we use to provide specific functionality. These services process data according to their own privacy policies, but only for the limited purposes described above.

10. Contact

If you have questions, concerns, or issues regarding this privacy policy or our privacy practices, please do not hesitate to contact us:

We are happy to help and will strive to answer your concerns or questions about privacy as quickly as possible.