Policy

Data & File Security

Because you share contact details, project information and sometimes sensitive files, you deserve a clear, honest explanation of how that is handled — including what we do not do. Everything below describes how the platform actually works.

Where your files are stored

  • Uploaded files (logos, images, PDFs, payment screenshots) go into a private cloud storage bucket — never a public folder.
  • Every file is tied to your account and your specific project. Access is enforced at the database level (row-level security), not just hidden in the interface.
  • Files are opened through short-lived signed links that expire in about a minute — so a link cannot be shared, reused or guessed by someone else.

Who can access your data

  • Only you — signed in to your own account — and Skilloura's authorised admin can see your projects, files, quotes, payments and messages.
  • One client can never see another client's data. This is enforced by the database itself, and we have tested it by actively attempting cross-account access.
  • Admin-only actions are blocked at the backend and database level, not merely hidden as buttons in the interface.

Encryption & connection security

  • The entire site runs over HTTPS/TLS, so your data is encrypted while travelling between your device and our servers.
  • Files and database records are encrypted at rest by our infrastructure providers.

Accounts & login

  • Passwords are never stored in readable form — sign-in is handled by a dedicated authentication provider that keeps only a secure one-way hash.
  • Email verification is required before an account becomes active.
  • Sign-in endpoints have provider-level rate limiting to slow down guessing, and password resets happen only through a secure link emailed to you.

What we do NOT do

  • We do not sell your data or share it for advertising.
  • We do not use your project files or content to train AI models.
  • Honest limit: we do not run automatic malware scanning on uploads, so please only upload files from your own trusted sources.

File types & deletion

  • The client area accepts image files and PDF documents.
  • You can request deletion of your uploaded files and account data at any time by emailing contact@skilloura.com — we remove them from active storage.
  • We keep data only as long as needed to deliver and support your project, plus what is legally required for invoices and records.

Providers we rely on

  • Hosting: Vercel. Database, authentication and file storage: Supabase. Transactional email: Resend. Contact-form messages: Neon. Website analytics: Google Analytics (usage only).
  • Each is a reputable provider that runs its own security programme.

NDA & questions

  • Need an NDA before sharing sensitive material? Just ask before you upload and we will sort it out.
  • Any security question at all — email contact@skilloura.com.

Questions about this policy? Email contact@skilloura.com