Security and Responsible Disclosure
We protect our members, creators, and partners. This page explains how we secure Skillzonia and how you can report a vulnerability safely.
For live service updates and incidents see the Status page.
Overview
Security is part of our product. We use encryption, access controls, monitoring, and regular updates to protect data and uptime. We also rely on good reports from the community.
Our approach
- Transport security: HTTPS across sites and APIs
- Access control: least privilege for staff and systems
- Data separation: production and test are separate
- Backups: regular encrypted backups with recovery tests
- Monitoring: uptime and anomaly alerts, rate limits, firewall
- Updates: core platform, plugins, and server patches kept current
Platform rules and retention are covered in the Privacy Policy and AI and Data Use Policy.
Your data
- Payments: handled by Paystack. We do not store card numbers
- Account data: used to run your membership and courses
- AI chat: logs kept for quality and abuse prevention as stated in the AI policy
- Exports and deletion: request at [email protected] or use the Privacy Requests page
Report a vulnerability
Send reports to [email protected]. Include clear steps so we can reproduce the issue:
- Summary of the issue and where it occurs
- Exact steps to reproduce
- Impact and who could be affected
- Any proof of concept or screenshots
- Your contact for follow up
Do not share details publicly until we fix it. We will credit you if you want once resolved.
Safe harbor
If you follow this policy and act in good faith, we will not take legal action or ask law enforcement to investigate you. This applies to research on our services and infrastructure only.
Do and do not for testing
Do
- Use test or your own accounts
- Limit tests to what is needed to show impact
- Stop if you see personal or payment data and report it
- Respect rate limits and uptime
Do not
- No social engineering of staff or members
- No DDoS, spam, or brute force
- No access to other users’ accounts or data
- No posting of exploit details before a fix
Our response targets
| Severity | Examples | Acknowledgement | Target fix |
|---|---|---|---|
| Critical | Auth bypass, direct data access, remote code | Within 24 hours | As fast as possible, usually days |
| High | Privilege escalation, stored XSS, sensitive info leak | Within 2 business days | Within 30 days |
| Medium | Reflected XSS, CSRF with limited impact | Within 3 business days | Within 60 days |
| Low | Best practice issues, clickjacking without impact | Within 5 business days | Planned with regular updates |
We will keep you updated on progress and ask for re-test when ready.
Incidents and communications
- Active updates appear on the Status page
- For security incidents that affect users we will notify impacted accounts as needed
- After action notes may be posted when useful
Security FAQ
Do you support Single Sign On
Not at this time for Originals. When this changes we will update this page.
How do I request my data or deletion
Email [email protected] or use the Privacy Requests page.
How do I report abuse or scams in the community
Email [email protected] or use the links on the Community Guidelines page.
Useful links
Status • Privacy Policy • Terms of Use • AI and Data Use Policy • Community Guidelines • IP Policy • Privacy Requests • Help
