β Back to Home
π Current Compliance Status
Transparency First: We believe in honest disclosure about our compliance status. Below is our current state and roadmap for certifications and regulatory compliance.
πͺπΊ
GDPR Compliance
Active
Full compliance with EU General Data Protection Regulation. Users have the right to access, correct, delete, and export their data.
πΊπΈ
CCPA Compliance
Active
California Consumer Privacy Act compliant. California residents have enhanced privacy rights and control over their data.
π
AES-256 Encryption
Active
Industry-standard encryption for all files at rest. Data in transit protected with TLS 1.3.
π’
SOC 2 Type II
In Progress
Third-party audit of our security, availability, and confidentiality controls. Target completion: Q3 2026.
π
ISO 27001
Planned
International standard for information security management systems. Target completion: Q4 2026.
π³
PCI DSS
Via Stripe
Payment processing handled by Stripe (PCI Level 1 certified). We never store or handle credit card data directly.
ποΈ Compliance Roadmap
January 2026 (Completed)
β
GDPR and CCPA compliance implemented
β
AES-256 encryption deployed
β
Automated malware scanning (VirusTotal)
β
Data retention and deletion policies established
Q2 2026 (April - June)
π Begin SOC 2 Type II audit preparation
π Security infrastructure hardening
π Enhanced logging and monitoring
π Formal incident response procedures
Q3 2026 (July - September)
π Complete SOC 2 Type II certification
π Third-party penetration testing
π Begin ISO 27001 preparation
Q4 2026 (October - December)
π ISO 27001 certification completion
π Annual security audit
π HIPAA compliance assessment (for healthcare customers)
π‘οΈ Security Standards We Follow
Data Protection
- Encryption: AES-256-CBC for data at rest, TLS 1.3 for data in transit
- Access Control: Role-based access control (RBAC) with principle of least privilege
- Authentication: bcrypt password hashing (14 rounds), JWT session management
- Network Security: Firewall protection, intrusion detection (Fail2ban), DDoS mitigation
Privacy Standards
- Data Minimization: We only collect data necessary to provide the service
- User Rights: Access, correction, deletion, and portability of personal data
- Consent: Clear opt-in for marketing communications
- Transparency: Public security and privacy documentation
Operational Security
- Backups: Daily automated backups with 30-day retention
- Monitoring: 24/7 infrastructure monitoring with Netdata
- Logging: Centralized logging for security events and access
- Patching: Regular security updates and vulnerability management
π Jurisdiction & Data Residency
Company Information:
Legal Entity: SkillBreed LLC
Incorporation: Oakland Park, Florida, United States
Data Location: United States (DigitalOcean data centers)
Governing Law: Florida state law and U.S. federal law
All data stored in Vault is hosted on DigitalOcean infrastructure located in the United States. Data is subject to U.S. jurisdiction and legal processes.
International Data Transfers
For users outside the United States, data is transferred to and processed in the U.S. We implement appropriate safeguards:
- Standard Contractual Clauses (SCCs) for EU data transfers
- GDPR-compliant data processing agreements
- Encryption in transit and at rest
- User rights to access, correct, and delete data
π Third-Party Audits & Certifications
Current Status: SkillBreed Vault has not yet completed a third-party security audit. We are working toward SOC 2 Type II certification (target Q3 2026).
Why This Matters
Third-party audits provide independent verification of our security practices. While we follow industry best practices, we acknowledge that independent certification is important for enterprise trust.
Our Infrastructure Partners
We rely on certified infrastructure providers:
- DigitalOcean: SOC 2 Type II, ISO 27001 certified
- Stripe: PCI DSS Level 1 certified payment processing
- VirusTotal: Industry-leading malware scanning (70+ antivirus engines)
- Let's Encrypt: Trusted SSL/TLS certificate authority
π Compliance & Legal Inquiries
Last Updated: January 29, 2026