Skip to content

Legal

Privacy Policy

Last updated: May 4, 2026

1. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. Account creation is required to access premium tools and save work history.

Usage Data

We collect anonymized usage data including pages visited, tools used, feature interactions, and session duration. This data helps us improve our services and is not linked to your personal identity.

Tool Input Data

When you use our AI-powered tools, the data you provide (text prompts, uploaded images, map selections, document content) is processed to generate results. We do not store your input data beyond what is necessary to deliver the service, except for work history saved to your account at your request.

File Uploads & Personal Information

Several tools accept file uploads (resumes, contracts, invoices, screenshots, audio recordings, and similar documents). Uploaded files are processed in memory or temporary server storage to deliver the requested service and are not retained server-side after the request completes, except for thumbnails or derived outputs you choose to save to your work history. We do not scan uploaded files for purposes unrelated to the tool you are using. You remain responsible for ensuring you have the right to upload any document containing personal data of others. Do not upload protected health information (PHI), financial account credentials, government identifiers, or other sensitive data not necessary for the tool's stated purpose.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial information on our servers. We retain only transaction references for billing records.

Third-Party Data Sources

Some tools query third-party data sources including OpenStreetMap and Nominatim (geographic and address data), Open-Meteo (elevation and weather data), and job-search APIs (JSearch, Adzuna, SerpAPI). Your queries are sent to these services to fulfill your requests. These services have their own privacy policies.

Organization & Team Accounts

If you join an organization or team account, the organization owner can see usage records and outputs created under that organization's billing scope. Your personal-account work history is not shared with the organization. You may leave an organization at any time; departing members retain their personal account but lose access to organization-specific work.

2. How We Use Your Data

  • To provide and improve our AI tools and services
  • To process your transactions and manage your subscription
  • To save your work history and templates (when you choose to save)
  • To send service-related communications (account updates, billing)
  • To analyze usage patterns and improve product quality (anonymized)
  • To enforce our Terms of Use and prevent abuse
  • To comply with legal, tax, accounting, and regulatory obligations

3. AI-Specific Data Practices

Our tools rely on third-party AI and content providers to process your inputs. Depending on the specific tool, your inputs may be processed by one or more of: OpenAI, Anthropic, Replicate, ElevenLabs, and D-ID. Geographic, search, and supplementary tools may also call: OpenStreetMap, Nominatim, Open-Meteo, JSearch, Adzuna, and SerpAPI.

When you use these tools:

  • Your input data (text, images, audio, documents, prompts) is sent to the relevant provider for processing
  • Each provider operates under its own published privacy and data-handling policy
  • Where contractually available, we have selected configurations that disable training on your inputs (for example, the OpenAI API does not, by default, train on inputs sent through it). We cannot guarantee provider behavior beyond our contract — review each provider's policy for definitive terms
  • Generated outputs (text, images, 3D models, documents, audio, video) are returned to you and are not shared with other users
  • AI-generated content may be stored in your work history if you choose to save it

4. Data Storage, Security & Retention

Storage & Security

Your data is stored using Supabase (hosted on AWS) with encryption at rest and in transit. We implement industry-standard security measures including:

  • HTTPS encryption for all data transmission
  • Secure authentication via Supabase Auth
  • API rate limiting to prevent abuse
  • Server-side validation of all inputs

Data Retention Periods

  • Account data — retained while your account is active; deleted within 30 days of an account-deletion request, except where longer retention is required for billing, tax, or legal purposes
  • Work history — retained until you delete it or close your account
  • Uploaded files — not retained server-side after the request completes, except thumbnails or derived outputs you save to work history
  • Logs (server access, error logs) — retained up to 90 days for diagnostic purposes, then automatically deleted
  • Billing records — retained 7 years to comply with tax and accounting requirements
  • Authentication tokens — rotated regularly; expired tokens are deleted

Breach Notification

In the event of a confirmed data breach affecting your personal data, we will notify you by email without undue delay and, in any case, within 72 hours of confirmation, consistent with GDPR Article 33 obligations and applicable US state breach-notification laws. Notice will describe the nature of the breach, data categories involved, likely consequences, and remediation steps we are taking.

5. Cookies and Tracking

We use essential cookies for authentication and session management. We use anonymized analytics to understand how our services are used. We do not sell your data to third parties or use invasive tracking technologies.

6. Children's Privacy

SkillEra.IO is intended for users 16 years of age and older. We do not knowingly collect personal data from anyone under 16. If we learn that we have collected such data, we will delete it. Parents or legal guardians who believe their child has provided personal data should contact us at the email below so we can take appropriate action.

7. Your Rights

Subject to your jurisdiction, you may have rights to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your work history and saved data
  • Opt out of non-essential communications
  • Object to or restrict certain processing
  • Lodge a complaint with a supervisory authority

California Residents (CCPA / CPRA)

If you reside in California, you have the rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and non-discrimination for exercising any right. We do not sell personal information. We will verify your request through email confirmation and respond within 45 days, extendable by an additional 45 days where reasonably necessary.

Other US State Residents

If you reside in Virginia, Colorado, Connecticut, Texas, Utah, Oregon, Montana, Iowa, Indiana, Tennessee, Florida, Delaware, New Jersey, New Hampshire, Kentucky, Maryland, Minnesota, or Rhode Island, you have rights similar to those above under your state's comprehensive privacy law, including access, correction, deletion, and portability. Contact us at the email below to exercise these rights; we will respond within the timeframe required by your state's law.

EU / UK / EEA Users (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and equivalent local laws apply.

Lawful basis for processing:

  • Contract performance — to provide the service you requested
  • Legitimate interest — to improve the service, prevent abuse, and analyze aggregate usage
  • Consent — for optional features you explicitly enable, such as marketing communications
  • Legal obligation — for tax, accounting, and regulatory requirements

Your rights include access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your local supervisory authority. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

International transfers: Some processing occurs in the United States. Where personal data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) and provider-level safeguards.

Data Protection Officer: We have not appointed a DPO as we do not meet the GDPR Article 37 thresholds for mandatory appointment. Privacy questions should be directed to the contact email below.

To exercise any of these rights, contact us at Kristopher.Penland@Skillera.io.

8. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

9. Contact

For privacy-related inquiries, contact us at Kristopher.Penland@Skillera.io.