SkillProof trust centre

Security & Data Protection

SkillProof is designed for organisations that need to manage business-sensitive workforce records, including training history, evidence files, registrations, checks, CPD, appraisals and reports.

Last updated: 4 June 2026

Controlled access

Role-based permissions help owners, admins, managers and employees see the right level of information.

Private evidence storage

Evidence, certificates, files and proof are linked to the relevant workforce record instead of scattered across folders.

Audit visibility

Reports and audit trails help teams understand status, changes and evidence availability.

Secure billing

Stripe handles payment details, invoices and subscription billing. SkillProof does not store card numbers.

Cloud Infrastructure

SkillProof uses established infrastructure providers including Vercel, Cloudflare, Supabase and Stripe. These providers maintain their own security and compliance programmes.

The public website and application use HTTPS, security headers and Cloudflare protection. SkillProof remains responsible for how the application is configured, operated and secured.

Organisation Separation and Access Control

SkillProof is designed around organisation-level data separation. Users belong to an organisation portal, and workforce records are scoped to that organisation.

Owners, admins, managers and employees have different access levels so users only see the records, actions and reports relevant to their role.

Evidence and Workforce Compliance Records

Training evidence, certificates, assessment submissions, appraisal records, CPD records, development actions, registrations, checks and compliance records are treated as business-sensitive workforce data.

SkillProof keeps evidence linked to the relevant organisation, staff member, training item, assessment, development record or compliance requirement rather than relying on local files, inboxes or shared folders.

Audit Trails and Reporting

SkillProof includes audit trails and reporting workflows to help customers understand important changes, missing evidence, overdue records and upcoming expiries.

Audit records support customer visibility and preparation, but they are not a substitute for a customer's own legal, regulatory or sector-specific advice.

Data Export, Retention and Deletion

SkillProof supports customer data exports and offboarding workflows so organisations can retrieve important records when needed.

Archived customer portals can be scheduled for deletion after the agreed retention period, subject to legal, audit and operational requirements.

UK GDPR-aligned Processing Support

SkillProof is designed to support UK GDPR-aligned customer processes, including role-based access, private storage, audit logs and customer data handling controls.

Customers remain responsible for deciding what data they enter into SkillProof and for meeting their own sector-specific legal and regulatory duties.

Billing Security

Stripe handles payment methods, invoices and subscription billing. SkillProof does not store card numbers, CVV codes or full card details directly.

Billing access is intended for authorised customer users such as owners or admins.

IT and Security Review

Corporate, NHS, public-sector and managed IT teams can use the Security Review page for a concise domain, infrastructure and data-handling summary.

The review page is designed to support customer IT review and allowlist requests without making unsupported certification or accreditation claims.

Certification Status

SkillProof does not currently claim ISO 27001, SOC 2 or Cyber Essentials certification for SkillProof itself.

Security and governance will continue to mature as the platform grows, including policy development, external review and certification-readiness work where appropriate.

Need to review SkillProof?

View the public IT and security review page for domains, data categories, infrastructure providers and allowlist guidance.

Security review