trust center

How skil.ski keeps your data,
your agent, and your wallet safe.

Every Skilski runs through one MCP endpoint that you control. We deliver capabilities, not files. We sign every release, log every call, and revoke any license the moment you ask. Below is the full posture.

Last updated: April 30, 2026

Verified before listed

Every Skilski passes the 7-gate Gauntlet before it ships: schema validation, prompt-injection probes, sandbox execution, three sequential field tests, and a signed verification record. Failed builds are quarantined.

ed25519 signatures

Each release is signed with our build key. The signature ships in the Skilski manifest; your agent verifies it before invoking a tool. Tampered or unsigned tools are refused.

MCP-only delivery

Skilskis never download to disk. They run as remote MCP tools your agent calls live. Revocation is instant — disable a license and the next call returns 401.

Bearer tokens, not passwords

Your MCP URL embeds a single bearer token scoped to your account. Rotate it any time from the vault dashboard. Tokens are stored hashed; we cannot recover the raw value if lost.

Compliance status

SOC 2 Type II

In progress (target: Q3 2026). Audit firm: TBD.

GDPR

Compliant. EU data subjects: see Privacy Policy §6.

CCPA / CPRA

Compliant. California residents: see Privacy Policy §7.

HIPAA

Not in scope. Skilskis must not be used to process PHI without a separate BAA.

PCI DSS

Out of scope (SAQ A) — all payments processed by Stripe. We never handle raw card data.

Sub-processors

We use the following third parties to deliver service. Each handles a defined slice of data under a Data Processing Agreement.

Vercel

Application hosting + edge compute

data: Request logs, IP, response payloads (no Skilski content)

region: US (primary), edge replicas global

Supabase

Authentication, PostgreSQL, RLS

data: Account, sessions, purchases, vault state, MCP token hashes

region: US-East (Virginia)

Stripe

All payments — subscriptions (Pro, Elite Quarterly, Elite Annual), outright Skilski purchases, Customer Portal, Stripe Tax, fraud prevention (Stripe Radar)

data: Email, billing name, payment method, billing address, subscription state, tax ID (when provided)

region: US

Anthropic

AI intent classification for search (optional)

data: Search query string only — never account data

region: US

Encryption

In transit

TLS 1.3 with HSTS preload. HTTP requests are 301-redirected.

At rest

AES-256 (Supabase + Vercel).

Secrets

Stored in encrypted environment vaults (Vercel + Supabase). Never in source.

MCP tokens

SHA-256 hashed in DB. Raw token shown to user once at issuance.

Incident response

We commit to 72-hour notification to affected customers from confirmed-incident timestamp, including:

What was accessed or exfiltrated, by data category
When it happened and how long the exposure window lasted
What we have done to contain and remediate
What the affected customer should do (rotate tokens, audit calls, etc.)
Forensic post-mortem within 14 days for material incidents

Vulnerability reports: security@skill.ski. We respond within 24 business hours and follow coordinated disclosure (90 days standard).

Data residency & transfer

Primary region

United States (us-east-1, Virginia).

Edge replicas

Vercel global edge — read-only request routing only. No customer data persisted at edge.

EU transfers

Standard Contractual Clauses (SCCs) executed with each EU sub-processor where applicable.

Data export

On request, account data exported as JSON within 14 days. Email privacy@skill.ski.

Skilski-level controls

Per-Skilski toggle

Every owned or membership-enabled Skilski has an on/off switch in your vault. State change is live on the next MCP request.

Revocation

License revocation is instant — the MCP endpoint refuses the call. No grace period, no cached version on disk.

Audit log

Each MCP call is logged with timestamp, Skilski slug, response status (success/error/refused). Available in vault dashboard.

Federation gate

External MCP origins (Elite tier) are screened by the same Gauntlet before any tool is exposed. Unverified tools require explicit operator opt-in.

Refund & service credits

Material-Failure

If a Skilski does not perform as documented after three good-faith troubleshooting steps with support, we refund the purchase. See Refund Policy §3.

Membership refunds

Pro: cancel anytime, prorated refund within 14 days of first signup. Elite: end-of-term cancellation only; no mid-term refund except Material-Failure.

Owned Skilskis

Bought outright? It stays in your vault forever — refund or not, membership or not.

Contact

Security

security@skill.ski

Vulnerability disclosure, incident reports, security questions.

Privacy / DPO

privacy@skill.ski

GDPR/CCPA requests, data export, deletion.

Legal

legal@skill.ski

DMCA, contracts, MSA/DPA review, subpoenas.

Support

support@skill.ski

Skilski issues, refunds, account questions.

trust center

How skil.ski keeps your data,
your agent, and your wallet safe.

Last updated: April 30, 2026

Verified before listed

ed25519 signatures

Each release is signed with our build key. The signature ships in the Skilski manifest; your agent verifies it before invoking a tool. Tampered or unsigned tools are refused.

MCP-only delivery

Skilskis never download to disk. They run as remote MCP tools your agent calls live. Revocation is instant — disable a license and the next call returns 401.

Bearer tokens, not passwords

Your MCP URL embeds a single bearer token scoped to your account. Rotate it any time from the vault dashboard. Tokens are stored hashed; we cannot recover the raw value if lost.

Compliance status

SOC 2 Type II

In progress (target: Q3 2026). Audit firm: TBD.

GDPR

Compliant. EU data subjects: see Privacy Policy §6.

CCPA / CPRA

Compliant. California residents: see Privacy Policy §7.

HIPAA

Not in scope. Skilskis must not be used to process PHI without a separate BAA.

PCI DSS

Out of scope (SAQ A) — all payments processed by Stripe. We never handle raw card data.

Sub-processors

We use the following third parties to deliver service. Each handles a defined slice of data under a Data Processing Agreement.

Vercel

Application hosting + edge compute

data: Request logs, IP, response payloads (no Skilski content)

region: US (primary), edge replicas global

Supabase

Authentication, PostgreSQL, RLS

data: Account, sessions, purchases, vault state, MCP token hashes

region: US-East (Virginia)

Stripe

All payments — subscriptions (Pro, Elite Quarterly, Elite Annual), outright Skilski purchases, Customer Portal, Stripe Tax, fraud prevention (Stripe Radar)

data: Email, billing name, payment method, billing address, subscription state, tax ID (when provided)

region: US

Anthropic

AI intent classification for search (optional)

data: Search query string only — never account data

region: US

Encryption

In transit

TLS 1.3 with HSTS preload. HTTP requests are 301-redirected.

At rest

AES-256 (Supabase + Vercel).

Secrets

Stored in encrypted environment vaults (Vercel + Supabase). Never in source.

MCP tokens

SHA-256 hashed in DB. Raw token shown to user once at issuance.

Incident response

We commit to 72-hour notification to affected customers from confirmed-incident timestamp, including:

What was accessed or exfiltrated, by data category
When it happened and how long the exposure window lasted
What we have done to contain and remediate
What the affected customer should do (rotate tokens, audit calls, etc.)
Forensic post-mortem within 14 days for material incidents

Vulnerability reports: security@skill.ski. We respond within 24 business hours and follow coordinated disclosure (90 days standard).

Data residency & transfer

Primary region

United States (us-east-1, Virginia).

Edge replicas

Vercel global edge — read-only request routing only. No customer data persisted at edge.

EU transfers

Standard Contractual Clauses (SCCs) executed with each EU sub-processor where applicable.

Data export

On request, account data exported as JSON within 14 days. Email privacy@skill.ski.

Skilski-level controls

Per-Skilski toggle

Every owned or membership-enabled Skilski has an on/off switch in your vault. State change is live on the next MCP request.

Revocation

License revocation is instant — the MCP endpoint refuses the call. No grace period, no cached version on disk.

Audit log

Each MCP call is logged with timestamp, Skilski slug, response status (success/error/refused). Available in vault dashboard.

Federation gate

External MCP origins (Elite tier) are screened by the same Gauntlet before any tool is exposed. Unverified tools require explicit operator opt-in.

Refund & service credits

Material-Failure

If a Skilski does not perform as documented after three good-faith troubleshooting steps with support, we refund the purchase. See Refund Policy §3.

Membership refunds

Pro: cancel anytime, prorated refund within 14 days of first signup. Elite: end-of-term cancellation only; no mid-term refund except Material-Failure.

Owned Skilskis

Bought outright? It stays in your vault forever — refund or not, membership or not.

Contact

Security

security@skill.ski

Vulnerability disclosure, incident reports, security questions.

Privacy / DPO

privacy@skill.ski

GDPR/CCPA requests, data export, deletion.

Legal

legal@skill.ski

DMCA, contracts, MSA/DPA review, subpoenas.

Support

support@skill.ski

Skilski issues, refunds, account questions.

How skil.ski keeps your data,your agent, and your wallet safe.

Compliance status

Sub-processors

Encryption

Incident response

Data residency & transfer

Skilski-level controls

Refund & service credits

Contact

How skil.ski keeps your data,your agent, and your wallet safe.

Compliance status

Sub-processors

Encryption

Incident response

Data residency & transfer

Skilski-level controls

Refund & service credits

Contact

How skil.ski keeps your data,
your agent, and your wallet safe.

How skil.ski keeps your data,
your agent, and your wallet safe.