Your team's learning data matters. Here's how we protect it.
All data transmitted between your browser and our servers is encrypted using TLS 1.2+. API calls to AI providers are also encrypted end-to-end.
Database storage is encrypted at rest using AES-256. Backups are encrypted with separate keys stored in a different security boundary.
Role-based access ensures employees see only their own data. Admins see team-level analytics. Passwords are hashed using bcrypt with per-user salts.
Our AI providers process data under enterprise agreements with zero-retention policies. Your data is never used to train AI models. We send only the minimum context needed.
OpenSkills AI is hosted on Railway, which provides managed infrastructure with automatic SSL certificates, isolated containers, and network-level security controls. Our PostgreSQL database runs in a private network accessible only by the application.
All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store, process, or transmit credit card numbers on our servers. Billing management happens entirely through Stripe's secure interface.
In the event of a security incident affecting customer data, we will notify affected accounts within 72 hours via email, describe the nature and scope of the breach, and outline steps taken to remediate.
If you discover a security vulnerability, please report it responsibly to support@open-skills.ai with the subject line "Security Report." We will acknowledge receipt within 24 hours and work with you to understand and address the issue.