GDPR commitment
Last updated on October 12, 2025
Acceptance of Terms
Skill Studio AI is committed to maintaining the highest standards of data protection and privacy compliance. This commitment is grounded in our comprehensive Data Protection Impact Assessment (DPIA-2026-001) and reflects our organization's dedication to the General Data Protection Regulation (GDPR) and applicable privacy laws.
Data Protection Principles:
Lawfulness, Fairness & Transparency: All personal data processing is based on explicit legal grounds and informed user consent. We maintain clear privacy notices and provide transparent information about how data is collected and used.
• Purpose Limitation: Data is collected for specific, explicit purposes (account creation, learning analytics, skill assessment) and is not repurposed without obtaining additional user consent.
• Data Minimization: We collect only the minimum data necessary to provide our Learning Management System services, including profile information, learning activity data, and AI-assisted tutoring conversations.
• Accuracy: We maintain accurate records of personal data and provide users with the ability to access, correct, or update their information through our account management tools.
• Storage Limitation: Personal data is retained only as long as necessary to fulfill the purposes for which it was collected. We implement automated deletion policies for inactive accounts after 2 years of inactivity.
• Integrity & Confidentiality: All data is protected using industry-standard encryption both in transit and at rest. We implement strict access controls, role-based permissions, and secure authentication mechanisms.
Security & Technical Measures:
• Encryption: All data is encrypted using PostgreSQL encryption at rest; data in transit uses TLS/SSL encryption
• Access Controls: Role-based access control (RBAC) and row-level security (RLS) restrict data access based on user permissions
• Authentication: Secure session management and optional multi-factor authentication (MFA) for enhanced account security
• Monitoring & Auditing: Comprehensive logging of all data access and administrative actions for accountability and security monitoring
User Rights & Data Subject Requests:
• Right to Access: Users can access their personal data through their account dashboard at any time
• Right to Rectification: Users can correct or update their information through account settings
• Right to Erasure: Users can request deletion of their account and associated data through GDPR Data Subject Request tools
• Right to Data Portability: Users can export their learning records and personal data in standard formats
• Right to Withdraw Consent: Users can disable analytics tracking, opt-out of communications, and manage cookie preferences at any time
Third-Party & Sub-Processor Management:
• All sub-processors are bound by Data Processing Agreements (DPAs) that ensure equivalent data protection
• Cookie consent is granular and analytics tracking is disabled by default unless explicitly enabled by the user
• Standard Contractual Clauses (SCCs) are in place for any EU data transfers
Governance & Accountability:
• Appointed Data Protection Officer (DPO) responsible for overseeing GDPR compliance and handling data subject requests
• Annual DPIA reviews and updates to ensure continued compliance and risk mitigation
• Quarterly security assessments and penetration testing to identify and address vulnerabilities
• Incident response procedures and data breach notification protocols compliant with GDPR Article 33
Data Subject Rights & Contact:
Any user wishing to exercise their data subject rights (access, rectification, erasure, data portability, or objection) or with privacy-related concerns may contact our Data Protection Officer at privacy@skillstudio.ai
Commitment Confirmation:
Skill Studio AI certifies that this Learning Management System has been assessed according to GDPR requirements and determined to be compliant when implemented with the controls and measures described in our Data Protection Impact Assessment (DPIA-2026-001). We commit to maintaining this compliance, conducting regular reviews, and implementing recommended enhancements including MFA, enhanced audit logging, and quarterly security testing.
Experience the Future of Training with Skill Studio AI
Get hands-on with our advanced AI-driven features and see the difference for yourself. Start your free trial today.