Esc

Type to search across all skills

Privacy Policy

Last updated: February 2025

1. Information We Collect

Account Information

When you sign in with Google, we receive your name, email address, and profile picture. We use this information to create and maintain your account.

API Keys

We generate and store hashed API keys that you use to authenticate with the SkillSafe registry. We do not store plaintext API keys after initial creation.

Published Skills

When you publish a skill, we store the skill archive, metadata, scan reports, and tree hashes. Published skills are publicly accessible by design.

Usage Data

We collect basic usage data such as API request counts and timestamps to enforce rate limits and maintain service quality. We do not use third-party analytics trackers.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the SkillSafe registry service
  • Authenticate your identity and manage your account
  • Process skill publications and verification requests
  • Enforce rate limits and prevent abuse
  • Communicate service updates and security advisories

3. Data Storage and Security

Your data is stored on Cloudflare infrastructure. We implement industry-standard security measures including:

  • All data transmitted over HTTPS/TLS
  • API keys stored as cryptographic hashes
  • Client-side encryption (AES-256-GCM) for personal vault data — the server stores only ciphertext
  • SHA-256 content integrity verification for all published skills

4. Data Sharing

We do not sell or rent your personal information. We may share data only in the following circumstances:

  • Public skill metadata: Skill names, descriptions, publishers, versions, and scan verdicts are publicly visible
  • Legal requirements: When required to comply with applicable law, regulation, or legal process
  • Service providers: With Cloudflare, which hosts our infrastructure, subject to their privacy policies

5. Data Retention

We retain your account information for as long as your account is active. Published skills remain in the registry unless you unpublish them. If you delete your account, we remove your personal information but may retain anonymized usage data.

6. Your Rights

You may:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Delete your account and associated personal data
  • Unpublish skills you have published
  • Revoke API keys at any time

To exercise these rights, contact us at privacy@skillsafe.ai.

7. Cookies

SkillSafe uses only essential, functional storage (localStorage) to persist your authentication token and theme preference. We do not use tracking cookies or third-party advertising cookies.

8. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes by posting a notice on the site. Continued use of the service after changes constitutes acceptance of the updated policy.

9. Contact

privacy@skillsafe.ai

For privacy-related questions or requests, reach out to us at the address above.