SkillsDB Privacy Policy

Updated: May 8, 2026

SkillsDB Inc. ("SkillsDB," "we," "our," or "us,") provides software and services to help organizations manage skills, competencies, and workforce planning. Our mission is to make learning culture universal. We are committed to protecting your privacy and handling personal information with transparency and care.

This Privacy Policy explains how we collect, use, and protect information when you use our marketing website, applications, and services (collectively, the "Services"). It also explains your rights under applicable data protection laws, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR, the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and Texas TDPSA).

Information We Collect

We collect different types of information depending on whether you interact with our marketing website or use our products.

From our website and marketing activities:

• Contact details you provide (name, email, company, etc.)
• Analytics and usage data (cookies, IP addresses, device/browser information, etc.)
• Marketing preferences and communications history

From our products:

• Account information (name, email, role, company, etc.)
• Skills, competency, and job-related information you or your organization provide
• Log data, device information, and usage activity within SkillsDB
• Customer support requests and communications

We do not intentionally collect sensitive personal information unless explicitly provided for business purposes.

Sources of information: In addition to data you provide directly, we may receive limited business contact and firmographic information about visitors to our marketing website from third-party data providers (including reverse-IP identification and B2B contact enrichment services). We use this only for legitimate B2B marketing purposes and will honor any opt-out, deletion, or access request you submit.

How We Use Information

We use collected information to:

• Provide, operate, and improve our Services
• Authenticate users and ensure secure access
• Deliver support and respond to requests
• Analyze usage to improve features and usability
• Send service-related and administrative messages
• Comply with legal, contractual, and security obligations

Marketing-related communications are sent only where permitted by law, and you may opt out at any time.

Legal Bases for Processing (GDPR)

For individuals in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on the following legal bases:

• Contractual necessity: To provide the Services you or your organization requested
• Legitimate interests: To improve our Services, prevent fraud, and maintain security
• Consent: For certain marketing or optional data uses
• Legal obligations: To comply with laws and regulations

Automated Decision-Making and Profiling

SkillsDB does not make decisions producing legal or similarly significant effects about individuals based solely on automated processing. The Services may surface AI-assisted suggestions (for example, skill matches or learning recommendations), but these are advisory inputs presented to a human decision-maker — final personnel, employment, or eligibility decisions remain with our customers and their authorized administrators.

Sharing & Subprocessors

We do not sell personal data for monetary consideration. We share information only as follows:

• Subprocessors: Trusted third parties who provide hosting, analytics, communications, and security services. A current list is maintained in our Trust Center
• Business partners: When necessary to fulfill customer requests
• Advertising and measurement partners: Where you consent on our marketing website, we share limited online identifiers (e.g., cookie IDs, device identifiers, IP address) with platforms such as Google Ads, LinkedIn, and Meta to measure ad performance and deliver relevant ads. Under California law (CPRA), this activity is considered "sharing" for cross-context behavioral advertising — see "Your U.S. State Privacy Rights" below for how to opt out
• Legal or security needs: If required by law, court order, or to protect rights, safety, or security

All subprocessors are bound by contractual obligations that include confidentiality, security, and data protection requirements.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, accounting, and security obligations. The criteria we use to determine retention periods include:

• Customer and end-user account data: Retained for the term of the customer agreement plus a post-termination period (typically up to 90 days) during which a customer may export or request deletion of their tenant data. After that, data is deleted or anonymized within 30 days unless a longer period is required by law or contract
• Billing and tax records: Retained for the period required by applicable tax and accounting law (typically up to 7 years)
• Support and communications records: Retained for up to 3 years after the last interaction
• Security and audit logs: Retained for up to 1 year, or longer where needed to investigate an incident
• Marketing-website analytics, cookies, and lead-form data: Retained per the durations described in our Cookie Policy, and deleted or anonymized once no longer needed

Customers and individuals may request deletion of their personal data at any time in accordance with applicable data protection laws (e.g., GDPR, UK GDPR, CCPA/CPRA, and other U.S. state laws). Upon such request, we permanently delete personal data from our systems unless retention is required for legal, regulatory, or security purposes.

Security Practices

We maintain strict technical and organizational measures to protect data, consistent with our SOC 2 compliance program. These include, but are not limited to:

• Encryption of data in transit and at rest
• Access controls and authentication safeguards
• Continuous monitoring and vulnerability management
• Vendor due diligence and contractual protections
• Incident detection and response protocols

While no system is completely secure, we work to ensure the confidentiality, integrity, and availability of customer data.

Data Breach Notification

In the event of a personal data breach affecting your information, we will notify our customers and, where required, supervisory authorities and affected individuals without undue delay and, in line with GDPR Article 33, within 72 hours of becoming aware of the breach where feasible. Notifications will describe the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address it.

International Data Transfers

SkillsDB is based in the United States and may process data outside your country of residence. When transferring personal data from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Other safeguards or adequacy decisions where applicable

Your Rights

Depending on your location, you may have the right to:

• Access, correct, or update your personal data
• Request deletion ("right to be forgotten")
• Restrict or object to certain processing
• Request a copy of your data (portability)
• Withdraw consent where processing is based on consent
• Opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising
• Limit the use and disclosure of sensitive personal information
• Be free from unlawful discrimination for exercising any of these rights

EEA/UK users may lodge a complaint with their local data protection authority (e.g., the UK ICO at ico.org.uk). U.S. residents may exercise their state privacy rights by contacting us as described below.

Your U.S. State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, Texas, or another U.S. state with comprehensive consumer privacy legislation, you may have rights to know, access, correct, delete, and obtain a portable copy of your personal information; to opt out of targeted advertising, sale, or sharing of your personal information; and to limit the use of sensitive personal information. To exercise any of these rights, email support@skillsdb.com or use our Trust Center at trust.skillsdb.com. We will not discriminate against you for exercising your rights. You may also designate an authorized agent to submit a request on your behalf, subject to verification.

Do Not Sell or Share My Personal Information

SkillsDB does not sell personal information for monetary consideration. However, our use of advertising and analytics cookies (such as Google Ads, LinkedIn Insight Tag, and Meta Pixel) on our marketing website may be considered "sharing" for cross-context behavioral advertising under California (CPRA) and similar laws. To opt out:

• Click Cookie Preferences at the bottom of this page (or in our website footer) and select "Reject"
• Review our Cookie Policy for category-by-category controls

Global Privacy Control (GPC)

We honor opt-out preference signals sent by your browser, including the Global Privacy Control (GPC) signal. When we detect a GPC signal from your browser, we treat it as a valid request to opt out of the "sale" and "sharing" of personal information for cross-context behavioral advertising for that browser and device, as required by California, Colorado, Connecticut, and other applicable U.S. state laws.

Children's Privacy

Our Services are intended for business and workforce use and are not directed to children. We do not knowingly collect personal information from children under 16 (or the equivalent minimum age in your jurisdiction). If we learn that we have collected personal information from a child without verifiable parental or guardian consent, we will delete that information promptly. If you believe a child has provided personal information to us, please contact support@skillsdb.com.

Data Access Requests (GDPR/DSARs)

If you are located in the EEA, UK, or another jurisdiction with similar rights, you may request confirmation of whether we process your personal data and obtain a copy of that data, along with information about how it is processed. We will respond to all such requests within one month, in accordance with applicable law. Requests are free of charge unless manifestly unfounded or excessive. To protect your privacy, we may take steps to verify your identity before fulfilling the request.

Requests can be made by emailing support@skillsdb.com.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. If changes are material, we will provide notice through our website, email notifications, Trust Center or Services.

Contact Us

If you have questions or requests regarding this Privacy Policy or your data, please contact us at:

SkillsDB Inc.
trust.skillsdb.com or support@skillsdb.com

EU & UK Representative Contact Information