Security Overview

Skopx takes security seriously. Here is a plain-language overview of how we protect your data.

Encryption

  • In transit. All traffic between your browser and Skopx uses TLS 1.3.
  • At rest. Data stored on our servers is encrypted using AES-256.
  • API keys and tokens. Your credentials are encrypted with AES-256-CBC with random salts before storage. We never store them in plain text.

Data Isolation

Every workspace is fully isolated. One customer's data is never accessible to another. This is enforced at the database level using row-level security (RLS) and at the application level with ownership verification on every request.

Authentication

  • Sign in with email and password, or use GitHub or GitLab OAuth.
  • Sessions are managed by Supabase Auth with secure, httpOnly cookies.
  • Support for team-based access with role-based permissions.

Compliance

  • SOC 2 Type II. Audited annually for security, availability, and confidentiality.
  • GDPR. Full compliance with EU data protection regulations.
  • CCPA. California Consumer Privacy Act compliance.

Infrastructure

  • Hosted on secure cloud infrastructure with VPC isolation.
  • Regular security updates and patching.
  • DDoS protection and rate limiting on all endpoints.

What We Do NOT Do

  • We never train AI models on your data.
  • We never share your data with third parties.
  • We never store your database passwords or API keys in plain text.
  • We never access your data without authorization.

Vulnerability Reporting

If you discover a security issue, please report it to security@skopx.com. We take all reports seriously and respond within 48 hours.

For the full technical details, visit our Security & Compliance page.

Team Management