Back to home

Privacy Policy

Last updated: March 25, 2026

1. Introduction

Skill Control Plane ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform.

2. Data We Collect

Account Data

When you sign up, we collect your name, email address, and profile picture via our authentication provider (Clerk). Organization details are collected when you create or join a team.

Usage Data

We collect logs of your interactions with the platform, including skill creation, approval actions, MCP tool calls, and API usage. This data is used for billing, analytics, and security monitoring.

Payment Data

Payment information is processed directly by Stripe. We do not store credit card numbers. We receive subscription status, plan details, and billing events from Stripe.

Cookies

We use essential cookies for authentication and session management. Analytics and marketing cookies are only set with your explicit consent. See our cookie consent banner for details.

3. How We Use Your Data

  • Providing and operating the Service
  • Authenticating users and managing access control
  • Processing billing and enforcing plan limits
  • Generating audit logs for security and compliance
  • Communicating service updates and notifications
  • Improving the platform based on aggregated usage patterns

4. Third-Party Processors

We share data with the following service providers to operate the platform. See our Subprocessor List for details.

  • Clerk — Authentication, user management, session tokens
  • Stripe — Payment processing, subscription management
  • AWS — Cloud hosting, data storage, compute
  • Resend — Transactional email delivery

5. Data Retention

Account data is retained for the lifetime of your account. Upon account deletion, personal data is soft-deleted immediately and anonymized after 30 days. Audit logs are retained in anonymized form for compliance purposes. Usage data is retained for 90 days for billing reconciliation.

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — Request a copy of your personal data
  • Export — Download your data in a portable format (JSON/ZIP)
  • Rectification — Correct inaccurate personal data
  • Erasure — Request deletion of your account and data
  • Restrict processing — Limit how we use your data
  • Object — Object to processing based on legitimate interests

You can exercise your data export and deletion rights directly from Settings > Account in your dashboard. For other requests, contact us at [email protected].

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, role-based access control, audit logging, and regular security scanning of uploaded skills.

8. International Transfers

Data may be processed in the United States. For EU users, transfers are governed by Standard Contractual Clauses. See our Data Processing Agreement for details.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email. The "Last updated" date at the top reflects the most recent revision.

10. Contact

For privacy-related inquiries: [email protected]

Privacy Policy — Skill Control Plane | Skill Control Plane