Data Processing Agreement

For customer workforce records, the customer organisation is generally the controller and SkillProof acts as processor.

SkillProof processes customer data only to provide, secure, support and improve the SkillProof service, or as required by law.

SkillProof may process staff records, user accounts, training records, competency records, assessment submissions, evidence files, certificates, professional registration or check details, compliance status, audit records and billing status.

Customers remain responsible for deciding what data is entered into SkillProof and ensuring they have a lawful basis for using it.

SkillProof is designed around organisation-level data separation, role-based access controls, private evidence storage, audit logging, secure billing through Stripe and controlled account access.

The platform uses established cloud providers including Vercel, Cloudflare, Supabase and Stripe.

SkillProof uses sub-processors to host, secure, store, process payments and deliver website form enquiries.

The current public sub-processor list is available on the Sub-processors page.

Customers can request export, return or deletion of customer data during offboarding, subject to legal, audit and operational retention requirements.

Trial and cancelled account data is retained for a limited period unless deletion is requested sooner or a different contractual term applies.

For a customer-specific DPA, supplier review or data protection question, contact SkillProof at privacy@skillproof.uk.