Privacy
Our privacy program covers website visitors, pilot users, and enterprise deployments. Read exactly what we collect and why.
CoSkip is designed private-first: on-device guidance, minimal data movement, and admin controls.
On-device by default
Zero-retention option
SSO / SAML
MDM-ready
TLS in transit
Encrypted at rest
Data Processing Addendum
Standard terms for GDPR/UK GDPR and US state laws, including SCCs annex, TOMs, and Subprocessors reference.
Subprocessors
Live list of trusted vendors with purpose, data types, and region—plus a change log and feeds you can follow.
Security Overview
High-level architecture, encryption, access controls, vendor management, incident response, and SDLC practices.
Compliance Roadmap
We're building toward SOC 2 Type I/II and ISO 27001. Ask for current attestations or milestones during vendor review.
Status & Availability
Real-time availability, incident history, and scheduled maintenance windows for CoSkip services.
Security contact. Report a vulnerability or incident to
[email protected].
We'll acknowledge promptly and keep you updated.
Data requests (DSRs). Email
[email protected]
for access, deletion, or corrections. If we process on behalf of your employer, we'll coordinate with their admin.
Technical & Organisational Measures (at a glance)
| Area | Highlights |
|---|---|
| Access Control | SSO/SAML, least-privilege, MFA for admin, RBAC, audit logs |
| Encryption | TLS 1.2+, encrypted at rest (cloud KMS), key rotation |
| On-device by default | Voice guidance & recognition on device/edge where supported |
| Zero-retention | Admin setting to discard transient audio/images post-processing |
| Resilience | Backups for critical metadata, DR procedures, redundancy |
| SDLC | Code review, dependency scanning, vuln management |
| Vendors | DPA/SCCs, security due diligence, least-data principle |
| Incident Response | Defined IR plan; notify without undue delay on personal-data breach |
See the DPA Annex II for full TOMs.