Security & Data Protection
SkillProof is designed for organisations that need to manage business-sensitive workforce records, including training history, evidence files, registrations, checks, CPD, appraisals and reports.
Last updated: 4 June 2026
Controlled access
Role-based permissions help owners, admins, managers and employees see the right level of information.
Private evidence storage
Evidence, certificates, files and proof are linked to the relevant workforce record instead of scattered across folders.
Audit visibility
Reports and audit trails help teams understand status, changes and evidence availability.
Secure billing
Stripe handles payment details, invoices and subscription billing. SkillProof does not store card numbers.
Cloud Infrastructure
SkillProof uses established infrastructure providers including Vercel, Cloudflare, Supabase and Stripe. These providers maintain their own security and compliance programmes.
The public website and application use HTTPS, security headers and Cloudflare protection. SkillProof remains responsible for how the application is configured, operated and secured.
Organisation Separation and Access Control
SkillProof is designed around organisation-level data separation. Users belong to an organisation portal, and workforce records are scoped to that organisation.
Owners, admins, managers and employees have different access levels so users only see the records, actions and reports relevant to their role.
Evidence and Workforce Compliance Records
Training evidence, certificates, assessment submissions, appraisal records, CPD records, development actions, registrations, checks and compliance records are treated as business-sensitive workforce data.
SkillProof keeps evidence linked to the relevant organisation, staff member, training item, assessment, development record or compliance requirement rather than relying on local files, inboxes or shared folders.
Audit Trails and Reporting
SkillProof includes audit trails and reporting workflows to help customers understand important changes, missing evidence, overdue records and upcoming expiries.
Audit records support customer visibility and preparation, but they are not a substitute for a customer's own legal, regulatory or sector-specific advice.
Data Export, Retention and Deletion
SkillProof supports customer data exports and offboarding workflows so organisations can retrieve important records when needed.
Archived customer portals can be scheduled for deletion after the agreed retention period, subject to legal, audit and operational requirements.
UK GDPR-aligned Processing Support
SkillProof is designed to support UK GDPR-aligned customer processes, including role-based access, private storage, audit logs and customer data handling controls.
Customers remain responsible for deciding what data they enter into SkillProof and for meeting their own sector-specific legal and regulatory duties.
Billing Security
Stripe handles payment methods, invoices and subscription billing. SkillProof does not store card numbers, CVV codes or full card details directly.
Billing access is intended for authorised customer users such as owners or admins.
IT and Security Review
Corporate, NHS, public-sector and managed IT teams can use the Security Review page for a concise domain, infrastructure and data-handling summary.
The review page is designed to support customer IT review and allowlist requests without making unsupported certification or accreditation claims.
Certification Status
SkillProof does not currently claim ISO 27001, SOC 2 or Cyber Essentials certification for SkillProof itself.
Security and governance will continue to mature as the platform grows, including policy development, external review and certification-readiness work where appropriate.
Need to review SkillProof?
View the public IT and security review page for domains, data categories, infrastructure providers and allowlist guidance.
