Security at SkillRadar

Infrastructure

• All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Hosted on Vercel (frontend) and managed PostgreSQL with automated backups
• No customer data stored in browser local storage or cookies beyond session tokens
• Regular dependency audits and security updates

Authentication

• Passwordless authentication: no password storage, no credential stuffing risk
• Social OAuth (Google, GitHub, LinkedIn, Microsoft) with magic link fallback
• Database-backed sessions with server-side validation and revocation
• Enterprise SSO (SAML/OIDC) available on Enterprise plan

Data privacy

• Peer ratings are never exposed individually. Aggregates only, with minimum response thresholds
• All API inputs validated with strict schema enforcement
• AI suggestion data retained for 30 days only, then permanently deleted
• Full GDPR compliance: export and delete your data at any time

AI safety

• All AI-generated content goes through a human review queue and is never written directly to live data
• External AI integrations (MCP, API) write to a suggestion queue, not production data
• AI providers (Anthropic) do not use your data for model training

Reporting vulnerabilities

If you discover a security vulnerability, please report it responsibly to security@skillradar.com. We take all reports seriously and will respond within 48 hours.