SkillProof
Open navigation
ProductAssessmentsReplace SpreadsheetsPlansPartners
Log inStart free trial
IT and security review

SkillProof Security Review

Technical and security information for organisations reviewing access to SkillProof, including corporate, NHS, public-sector and managed IT teams.

View security pageContact support

What is SkillProof?

Workforce training and compliance software.

SkillProof is used to manage training records, competencies, assessments, evidence, registrations, reminders, reports and audit-ready compliance records.

www.skillproof.uk

Public marketing website, trial requests, demo requests, partner information and trust/legal pages.

skillproof.uk

Apex domain used for brand access and canonical redirect handling.

app.skillproof.uk

Customer application for login, workforce training records, actions, evidence, reports and billing access.

Data handled

Staff names and work contact details

Job roles, sites, departments and manager relationships

Training records, renewal dates and compliance statuses

Evidence and certificates uploaded by customer organisations

Assessments, checklists, declarations and sign-offs

Professional registrations, licences and role-specific checks

Reports, exports and audit pack records

Security controls

HTTPS/TLS for public website and app access

Organisation-level data separation

Role-based access controls

Private evidence storage linked to workforce records

Audit and activity logging where implemented

Controlled user access and invite-based customer setup

Secure Stripe billing with no card numbers stored by SkillProof

Data export support for customer records

Infrastructure providers

Established providers, honest certification wording.

SkillProof uses established infrastructure providers. Their security programmes support the SkillProof supply chain, but this does not mean SkillProof itself is independently certified.

SkillProof does not currently claim ISO 27001, SOC 2, Cyber Essentials or NHS accreditation unless separately confirmed.

Vercel - hosting, deployment and application delivery
Cloudflare - DNS, SSL, routing and security layer
Supabase - database, authentication and file storage
Stripe - payments, subscriptions, invoices and billing portal
Web3Forms - public website form delivery
Google - analytics, Google Ads tag and conversion measurement
Microsoft Clarity - website behaviour analytics
Resend - email delivery if enabled for application emails

Third-party domains

External services used by SkillProof.

These domains may appear in website form delivery, analytics, billing or application email flows. They should be reviewed alongside the primary SkillProof domains where local filtering tools require supplier details.

api.web3forms.com
api.stripe.com
checkout.stripe.com
billing.stripe.com
www.googletagmanager.com
www.google-analytics.com
www.googleadservices.com
stats.g.doubleclick.net
www.clarity.ms
*.clarity.ms
api.resend.com

IT allowlist request

Domains for review.

Organisations may need their IT or security team to review or allowlist these domains if local web filtering blocks new or uncategorised SaaS domains.

https://www.skillproof.uk
https://skillproof.uk
https://app.skillproof.uk

Security contact: [email protected]. Privacy and supplier review questions can also be sent to [email protected].