Privacy Policy

Last updated: April 2, 2026

1. Who we are

Sqillable is a Skill & Knowledge Coverage Platform, developed by Sqillable ("we", "us"). We help organizations map and develop the skills, knowledge, and competencies of their team.

For questions about this privacy policy, please reach out via privacy@sqillable.nl.

2. What data we collect

We collect the following categories of personal data:

Account data

  • Email address (for Magic Link login)
  • Full name
  • Profile photo (optional)

Organization data

  • Organization name and settings
  • Roles, skills, knowledge, and competencies you create
  • Employee records (name, email, job title, start date)

Skill data

  • Skill levels and knowledge entries per employee
  • Competency assessments
  • Certifications and supporting evidence
  • Learning progress and completed modules

Technical data

  • IP address (for security and rate limiting)
  • Browser and device type
  • Login timestamps

3. Why we collect this data

We process your data for the following purposes:

PurposeLegal basis (GDPR)
Delivering the service (skill management)Performance of contract
Account creation and authenticationPerformance of contract
Security and fraud preventionLegitimate interest
Improving the serviceLegitimate interest
Legal obligationsLegal obligation

4. Who has access to your data

Sqillable is a multi-tenant platform. That means your data is strictly separated from other organizations. Employees within your organization only see data from their own organization.

We share your data with the following processors:

  • Supabase (database & authentication) β€” servers in the EU (Frankfurt)
  • Vercel (hosting) β€” edge network, data processed in the EU

We never sell your data to third parties. We only share data with the processors listed above, who are necessary to deliver the service.

5. Security

We take the security of your data seriously and apply, among other things, the following measures:

  • All connections use HTTPS (TLS encryption)
  • Passwordless authentication via Magic Link (no passwords stored)
  • Row-Level Security (RLS) at the database layer for strict data isolation
  • Server-side authorization checks on every API endpoint
  • Input validation and XSS protection on every form
  • Rate limiting to prevent brute-force attacks
  • Secured preview environments (Vercel Authentication)

6. Retention periods

We retain your data for as long as your account is active. After deletion of your account or organization:

  • Account data: deleted within 30 days
  • Organization and employee data: deleted within 30 days
  • Technical logs: automatically deleted after 90 days
  • Backups: overwritten within 30 days at most

7. Your rights

Under the GDPR you have the following rights:

  • Access: request which data we hold about you
  • Rectification: have incorrect data corrected
  • Erasure: request deletion of your data
  • Portability: request your data in a common format
  • Objection: object to processing based on legitimate interest
  • Restriction: ask us to temporarily halt processing

To exercise these rights, contact us at privacy@sqillable.nl. We respond to your request within 30 days.

8. Cookies

Sqillable only uses strictly necessary cookies for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics.

9. Changes

We may amend this privacy policy from time to time. For significant changes we will notify you by email. The latest version is always available on this page.

10. Complaints

If you have a complaint about how we handle your data, please contact us first. You also have the right to file a complaint with the Dutch Data Protection Authority: autoriteitpersoonsgegevens.nl.