Your Data Is Yours. Period.
SkilledOS is built for trade businesses that handle sensitive customer and financial data every day. We take that responsibility seriously - at every layer of the stack.
Last reviewed: March 15, 2026
Four Commitments We Never Break
These aren't features. They're the foundation everything else is built on.
Your Data Is Yours
Export everything, anytime. No lock-in. No ransom. When you leave, your data leaves with you - fully intact, in a standard format, within 24 hours of your request.
Enterprise Security, Startup Price
Encrypted at rest and in transit. Row-Level Security on every table. Role-based access control throughout. Built with SOC 2 principles - we treat your data the way a Fortune 500 would.
99.9% Uptime
Your business runs on SkilledOS. We treat that seriously. Our infrastructure is monitored 24/7 with automated failover, geographic redundancy, and daily backups.
We Don't Sell Your Data
Your customer list, job history, and pricing are yours alone. SkilledOS does not sell, rent, or share your data with advertisers, data brokers, or any third party. Full stop.
What's Under the Hood
Security is not an afterthought. It's built into every layer - from database design to deployment.
AES-256 encryption at rest
TLS 1.2+ encryption in transit
Row-Level Security (RLS) on every table
Role-based access control (RBAC)
Full audit logging
Daily encrypted backups
Continuous security monitoring
Geographic redundancy
Compliance & Certifications
We work continuously to meet the regulatory and compliance requirements that matter most to our customers.
CCPA / CPRA Compliant
ActiveCalifornia Consumer Privacy Act compliance for all California residents.
GDPR Ready
ActiveData Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) available upon request for EU/UK customers.
SOC 2 Type II (In Progress)
In ProgressAudit engagement initiated Q1 2026. Expected completion: Q3 2026. Our infrastructure providers are SOC 2 certified.
PCI DSS
ActivePayment card data is handled exclusively by Stripe, a PCI DSS Level 1 certified provider. SkilledOS never stores raw card data.
Sub-Processors
Full transparency about the third-party vendors we use. All sub-processors are bound by contractual data protection obligations.
Reviewed and updated quarterly. Last updated: March 15, 2026.
Responsible Disclosure Program
We welcome security research from the community. Report vulnerabilities through our coordinated disclosure process.
Program Scope
This program covers skilledos.co, app.skilledos.co, and all associated API endpoints and infrastructure.
Qualifying Vulnerabilities
XSS, CSRF, SQL injection, authentication bypass, unauthorized data access, encryption weaknesses, and other flaws that impact confidentiality, integrity, or availability.
Non-Qualifying Activities
Social engineering, phishing, DDoS attacks, physical security attacks, testing against third-party services, and automated scanning without explicit authorization.
How to Report
Send detailed reports to security@skilledos.co. PGP key available upon request.
Response SLAs & Safe Harbor
Acknowledgment: Within 2 business days
Initial Assessment: Within 5 business days
Safe Harbor: SkilledOS will not pursue legal action against good-faith security researchers who report vulnerabilities in accordance with this program.
Enterprise & Compliance Requests
Need a Data Processing Agreement for GDPR compliance? Conducting a vendor security review? Our team supports your procurement and legal processes.
- GDPR-compliant Data Processing Agreements available
- Standard Contractual Clauses (SCCs) for EU/UK transfers
- Security questionnaire support for enterprise procurement
- Custom BAAs for applicable customers
Contact our Security Team
For security inquiries, vulnerability reports, DPA requests, or compliance documentation.
Security Questionnaires: 10 business days
Operated by Connective Technologies, Inc.
Related legal documents: