Security

Your safety at the heart of our priorities

Here at Skello, we do everything we can to offer you an optimal experience. So naturally, protecting your data is one of our top priorities. Because it is important to us that you can trust us, we make sure you never have to worry about security. 

Frequently Asked Questions

What is GDPR ?
The GDPR is the General Data Protection Regulation. It went into effect in the European Union in May 2018, and applies to any company that processes the personal data of EU residents.
The GDPR was introduced in order to standardize data protection rules for all of Europe, make companies more aware of their responsibilities, and strengthen individuals’ rights to the protection of personal data. 
What is a cookie ?
A cookie is a file associated with a particular website that is stored by a server on a user’s device (computer, phone, etc.). These files are sent back to the server whenever the user consults the same website.
Cookies serve multiple purposes. They can be used to save what language a website should be displayed in, or to track a user’s browsing history for statistical or marketing purposes, etc.
There are two main types of cookies: 
  • Strictly necessary cookies, which the website needs in order to work properly. These “essential” cookies do not require the user’s consent.
  • Third-party cookies (for analytical or marketing purposes), for which the user must give their consent.
What is a server ?
Computer servers offer services that can be accessed via a network. They can be physical or virtual. A server is a computer that carries out operations based on requests from “client” computers.
What is encryption ?
Encryption is a process through which a document or any other kind of data is encoded so that it can only be read by someone who has the decryption key. The purpose of encryption is to enhance data security. For more information about encryption, check out this from the CNIL.

Data

These days, data is at the heart of the software-as-a-service industry, and Skello is no exception.
t is a sensitive topic, and we are well aware of that. That is why we do everything necessary to protect our data, and to protect you. Obviously, we use some of the data we collect to improve our product and make it more intelligent, but that data is always anonymous, and never includes personal information.
You will find the answers to your questions below. If you want to know more, feel free to contact us at (). We will be happy to answer any further questions you may have.
As a customer, who will have access to my employee and company data ?
  • Our employees
    Only authorized Skello employees will have access to your personal data. In addition, all activity that involves client data is tracked in order to guarantee maximum traceability.
  • Our subcontractors
    Sometimes, we may need to share your personal information with our subcontractors. We keep an up-to-date list of these subcontractors. They will only have access to the information they need to do their job. They are strictly forbidden from using this personal information for any purpose other than that of performing the service in question.
  • Legal compliance
    In order to fulfill our legal obligations, the following entities may be given access to your personal information: public bodies, representatives of the law, ministers of state, monitoring services, and debt collection agencies.
How do you ensure the non-EU companies you work with are GDPR-compliant ? Is the data sent to the US ?
For non-EU companies, at least one of the following conditions must be met:
  • An adequacy decision has been adopted (article 45 of the GDPR):
    Data transfer is authorized because the Commission has decided that all or part of the third country or the international organization in question offers an adequate level of protection
  • Appropriate safeguards are present (article 46 of the GDPR): 
    n the absence of an adequacy decision as described in article 45, the data controller or processor can only transfer personal data to a third country or an international organization if said third party has provided appropriate safeguards and on the condition that the individuals whose data is being processed have been given the right to refuse and legal recourse to do so.
In light of the decision to invalidate Privacy Shield, we ensure our American subcontractors have appropriate safeguards in place, in accordance with article 46 of the GDPR. What kind of safeguards? Contractual clauses that have been approved by the European Commission. 
How long do you keep my data? When will my data be deleted ? 
Your data is only kept for the duration of our contractual relationship, and can be deleted earlier by written request from the client. Once the contract between us has come to an end, or when there is no longer any justifiable reason for us to keep your personal data, we promise to return it to you or destroy it, in accordance with your instructions and in a timely manner. 
Who has access to my data, and what security measures have been put in place to protect it ?
In order to ensure the privacy, integrity, and accessibility of your personal data, we have implemented several different security measures on both a technical and an organizational level.
For example, our data is encrypted for maximum protection. 
We control and restrict our employees’ access to your personal data, as well as physical access to our facilities. We have also put a number of different security procedures into place, in accordance with the GDPR and recommendations from the CNIL, to ensure the protection of your personal data.
Do you sell my personal data ? 
Skello does not sell your personal data, and we never will. 
Where is your data stored? Where are the servers located ? 
Our data is stored on Amazon Web Services (AWS) servers located in Ireland. Since Ireland is part of the European Union, it is subject to the same GDPR requirements as the rest of the EU. AWS is one of the biggest players in cloud computing, and is used by Société Générale, LeBonCoin, SNCF, and even Apple.
Could I lose my data if the servers catch fire ? 
No, we use a multi-AZ deployment, which means our data is backed up in multiple data centers in different locations. If one data center catches fire, a different data center will take over for the damaged servers—so there is no need to worry about your data going up in flames! 
Is your database encrypted ? 
All of the data and files contained in our databases are encrypted. They are always encrypted, and therefore can only be read by our services. This means that even if someone were to infiltrate our databases, they would not be able to read the information contained in them. The purpose of encryption is to make data unreadable for anyone who does not have the decryption key.
How do you protect data when transferring it between your database, servers, and clients ?
All data transfers are done within our private network hosted by our cloud provider. Requests are encrypted throughout the process, from the moment the request is sent to until the moment a response is provided.
For more information, please see our privacy policy or contact us at .

General Security

In addition to protecting data, software solutions such as Skello must also protect our buildings, our servers, and our employees. That is why we continue to strengthen our security measures each day. We do intrusion testing and organize awareness campaigns regularly, in an effort to ensure our system is as secure as possible.
Why don’t you have any physical servers at your facilities ?
If we wanted to have servers in our own facilities, we would need dedicated infrastructure and specialized employees to manage and protect those servers. Our data is hosted at Amazon Web Services (AWS), which means it is stored on their physical servers. This offers better security, leaving us more time and energy to devote to improving our product and boosting your satisfaction! 
What security tests do you perform ? 
We do regular pen tests.
This intrusion testing is conducted by security experts to check our infrastructure and detect any potential loopholes in the system, thereby verifying the security of both our IT system and our physical facilities.
These pen tests are performed companies that specialize in this kind of testing. They have OSEP, OSED, and OSWE certifications. 
Could someone break into your facilities and steal my data ? 
A guard is present at each of our facilities, for added security. All of our employees have badges, which they must scan to get into the building. We keep a record of which employee badges are scanned and when. We also have surveillance cameras monitoring all the entrances to our buildings. We launch frequent initiatives to raise awareness about security best practices, ensuring everyone remains vigilant at all times. We also use Dashlane to protect our employees’ individual work stations, thus preventing any third parties from gaining access to their computers. 
How do you protect your database from SQL injection attacks ? 
Our architecture has multiple levels of filters to prevent injection attacks from reaching the database.
What would you do in the case of a DDOS attack ? 
We have two firewalls, one upstream and one at the entrance point to the platform. We also use several different monitoring solutions to protect ourselves from potential attacks and detect any unusual behavior on the platform. 
By clicking on "Accept", you agree to the use of cookies essential to the operation of the site, for personalisation, statistical and targeted advertising purposes, including third-party cookies.