Security & Data Protection

SkillProof uses established infrastructure providers including Vercel, Cloudflare, Supabase and Stripe. These providers maintain their own security and compliance programmes.

The public website and application use HTTPS, security headers and Cloudflare protection. SkillProof remains responsible for how the application is configured, operated and secured.

SkillProof is designed around organisation-level data separation. Users belong to an organisation portal, and workforce records are scoped to that organisation.

Owners, admins, managers and employees have different access levels so users only see the records, actions and reports relevant to their role.

Training evidence, certificates, assessment submissions, registrations, checks and compliance records are treated as business-sensitive workforce data.

SkillProof keeps evidence linked to the relevant organisation, staff member, training item, assessment or compliance requirement rather than relying on local files, inboxes or shared folders.

SkillProof includes audit trails and reporting workflows to help customers understand important changes, missing evidence, overdue records and upcoming expiries.

Audit records support customer visibility and preparation, but they are not a substitute for a customer's own legal, regulatory or sector-specific advice.

SkillProof supports customer data exports and offboarding workflows so organisations can retrieve important records when needed.

Archived customer portals can be scheduled for deletion after the agreed retention period, subject to legal, audit and operational requirements.

SkillProof is designed with a UK GDPR-ready processing approach, including role-based access, private storage, audit logs and customer data handling controls.

Customers remain responsible for deciding what data they enter into SkillProof and for meeting their own sector-specific legal and regulatory duties.

Stripe handles payment methods, invoices and subscription billing. SkillProof does not store card numbers, CVV codes or full card details directly.

Billing access is intended for authorised customer users such as owners or admins.

SkillProof does not currently claim ISO 27001, SOC 2 or Cyber Essentials certification for SkillProof itself.

Security and governance will continue to mature as the platform grows, including policy development, external review and certification-readiness work where appropriate.