This notice describes what personal data SkillAuthor collects, why, and how long we keep it. We operate under EU GDPR principles.
1. What we collect
- Name and email you supply at registration. The name is printed on the certificate and listed in the public registry; the email is used for payment receipts and for authorship verification correspondence.
- The .mdc file you submit, including its full contents and metadata. By default this is publicly listed; Pro tier offers private content with public-hash anchoring.
- Payment metadata from Stripe (session ID, intent ID, last 4 of card, country). We never store full card numbers; Stripe handles that under PCI-DSS.
- Standard web logs (IP, user agent, timestamps) retained for 30 days for security and abuse-prevention purposes.
2. Why we collect it
To deliver the service: minting a registration number, generating a certificate, listing a public record, processing payment, and protecting the registry from abuse. We do not sell, rent, or share personal data for advertising.
3. Your rights
Under GDPR you can request access to, correction of, or erasure of your personal data. Note that erasure of the cryptographic ledger entry would defeat the service’s purpose; if you exercise the right to erasure we will replace your name with “Author withdrawn” while preserving the hash and registration number. The certificate PDF you downloaded remains valid offline.
4. Data processors
- Stripe Payments Europe Ltd. — payment processing.
- Hetzner Online GmbH — server hosting, EU region.
5. Contact
Direct privacy requests to [email protected].