Log in
security

Your safety at the heart of our priorities

At Skello, we make every effort to ensure that your experience is optimal. It is therefore quite natural that the protection of your data is at the heart of our concerns. Because it is important to us that you trust us, we make sure that safety is not a cause for concern.

The most frequently asked questions

What is the RGPD?
The RGPD Is the General Data Protection Regulation. It came into force in the European Union in May 2018 and therefore impacts all companies processing the personal data of European residents.
In particular, its objective is to standardize data protection regulations at the European level, but also to make companies more responsible and to strengthen the rights of the persons concerned with respect to their personal data.
What is a cookie?
A cookie is a file stored by a server in a user's terminal (computer, telephone, etc.) and associated with a web domain. This file is automatically returned upon subsequent contacts with the same domain.
Cookies have multiple uses: they can be used to remember the language in which the web page is displayed, an identifier that allows you to track your browsing for statistical or advertising purposes, etc.
Two main categories of cookies can be distinguished:
  • Cookies that are strictly necessary for the operation of the site and its functionalities. These so-called essential cookies are exempt from consent.
  • Third-party cookies (analytical, advertising, etc.) for which user consent must be obtained.
What is a server?
A computer server offers services that are accessible via a network. It can be hardware or software, it is a computer that executes operations according to the requests made by another computer called a “client”.
What is encryption?
Encryption is a process that makes it possible to make a document, a piece of data, illegible for the person who does not have the decryption key. This is to ensure data security. If you are looking for more information on this subject, you can consult the CNIL article .

In terms of data

Nowadays, data is at the heart of SaaS software and Skello is no exception.
This is a sensitive subject and we are aware of it. That's why we're doing everything we need to protect them, to protect you. Of course, we use this data to improve our product, to make it smarter, but it is always anonymized data and never personal data.
You will find answers to your questions below. If that is not enough, do not hesitate to contact us (), we will be happy to answer them.
As a customer, who will have access to my employee data?
To my business data?
  • Our collaborators
    At Skello, only our authorized employees will have access to your personal data. In addition, all of their activity on customer data is traced in order to guarantee maximum traceability.
  • Our subcontractors
    We may share your personal data with our subcontractors. For example, our host is Amazon Web Services and its datacenter is located in Ireland. We keep an up-to-date list of all of our subcontractors.
    They only receive the information that is strictly necessary for the performance of their service. They are in no way authorized to use this personal data for any purpose other than that of the service in question.
  • Legal compliance
    In order to meet our legal obligations, public bodies, judicial officers, ministerial officers, control services and organizations responsible for debt collection may also be recipients of your personal data.
As a customer, who will have access to my employee data? To my business data?
How do you manage the GDPR for the non-EU businesses you work with? Does the data transit to the US?
For non-EU companies we work with, we have two options:
  • The transfer is based on an adequacy decision (article 45 RGPD):
    the transfer is authorized because the Commission has decided that the third country, a territory or one or more specific sectors in that third country, or the international organisation in question ensures a adequate level of protection.
  • The transfer is based on appropriate guarantees (article 46 RGPD):
    in the absence of a decision pursuant to Article 45, the controller or processor may only transfer personal data to a third country or to an international organization if it has provided appropriate guarantees and provided that the persons concerned have enforceable rights and effective remedies.
In view of the invalidation of the Privacy Shield, we ensure that our American subcontractors have appropriate guarantees, in accordance with article 46 of the GDPR. What are these guarantees? These are standard contractual clauses approved by the European Commission.
How do you manage the GDPR for the non-EU businesses you work with? Does the data transit to the US?
What is the data retention period? How long does it take to delete them?
Your personal data is only processed for the duration of the contractual relationship but can be deleted before at the customer's written request. At the end of the contractual relationship, or when the storage of your personal data is no longer legitimate, we undertake to return or destroy them to you, according to your instructions and as soon as possible.
What is the data retention period? How long does it take to delete them?
How are accesses managed and what security measures are in place?
In order to protect the confidentiality, integrity and availability of your personal data, we have implemented technical and organizational security measures.
For example, our data is encrypted according to current standards in order to guarantee maximum protection for it.
We control and limit the access of our employees to your personal data as well as physical access to our premises. We have also put in place various security procedures, in accordance with the RGPD and the recommendations of the CNIL, in order to guarantee the protection of your personal data.
How are accesses managed and what security measures are in place?
Is my personal data being sold?
Personal data processed by Skello is not resold, and never will be.
Is my personal data being sold?
Where is the data stored? Where are the servers?
Our data is stored at Amazon Web Services (AWS) on servers located in Ireland. As this country is located in the European Union, there is no need to worry about complying with the RGPD. AWS is one of the major players in cloud computing and is also used by Société Générale, LeBonCoin, SNCF and even Apple.
Where is the data stored? Where are the servers?
Can my data be lost if the servers catch fire?
No, our servers are multi-AZ. This means that they are duplicated in several datacenters in different availability areas. If a data center catches fire, another data center with the back-up data takes over. So don't worry, your data won't go up in smoke!
Can my data be lost if the servers catch fire?
Is your database encrypted?
All the data and files in our databases are encrypted according to current standards. They are permanent and can therefore only be read by our services. This means that, in the event that a person were able to infiltrate our databases, they would still not be able to read the data there.
The purpose of encryption is to make data unreadable for a person who does not have the decryption key.
Is your database encrypted?
How are data exchanges between your database, servers and clients protected?
All exchanges take place in our private network of our cloud provider.
Requests are encrypted throughout the process. From the moment a person addresses until the answer comes back.
For more information, we invite you to consult our privacy policy and to contact us at .
How are data exchanges between your database, servers and clients protected?
As a customer, who will have access to my employee data? To my business data?
  • Our collaborators
    At Skello, only our authorized employees will have access to your personal data. In addition, all of their activity on customer data is traced in order to guarantee maximum traceability.
  • Our subcontractors
    We may share your personal data with our subcontractors. For example, our host is Amazon Web Services and its datacenter is located in Ireland. We keep an up-to-date list of all of our subcontractors.
    They only receive the information that is strictly necessary for the performance of their service. They are in no way authorized to use this personal data for any purpose other than that of the service in question.
  • Legal compliance
    In order to meet our legal obligations, public bodies, judicial officers, ministerial officers, control services and organizations responsible for debt collection may also be recipients of your personal data.
How do you manage the GDPR for the non-EU businesses you work with? Does the data transit to the US?
For non-EU companies we work with, we have two options:
  • The transfer is based on an adequacy decision (article 45 RGPD):
    the transfer is authorized because the Commission has decided that the third country, a territory or one or more specific sectors in that third country, or the international organisation in question ensures a adequate level of protection.
  • The transfer is based on appropriate guarantees (article 46 RGPD):
    in the absence of a decision pursuant to Article 45, the controller or processor may only transfer personal data to a third country or to an international organization if it has provided appropriate guarantees and provided that the persons concerned have enforceable rights and effective remedies.
In view of the invalidation of the Privacy Shield, we ensure that our American subcontractors have appropriate guarantees, in accordance with article 46 of the GDPR. What are these guarantees? These are standard contractual clauses approved by the European Commission.
What is the data retention period? How long does it take to delete them?
Your personal data is only processed for the duration of the contractual relationship but can be deleted before at the customer's written request. At the end of the contractual relationship, or when the storage of your personal data is no longer legitimate, we undertake to return or destroy them to you, according to your instructions and as soon as possible.
How are accesses managed and what security measures are in place?
In order to protect the confidentiality, integrity and availability of your personal data, we have implemented technical and organizational security measures.
For example, our data is encrypted according to current standards in order to guarantee maximum protection for it.
We control and limit the access of our employees to your personal data as well as physical access to our premises. We have also put in place various security procedures, in accordance with the RGPD and the recommendations of the CNIL, in order to guarantee the protection of your personal data.
Is my personal data being sold?
Personal data processed by Skello is not resold, and never will be.
Where is the data stored? Where are the servers?
Our data is stored at Amazon Web Services (AWS) on servers located in Ireland. As this country is located in the European Union, there is no need to worry about complying with the RGPD. AWS is one of the major players in cloud computing and is also used by Société Générale, LeBonCoin, SNCF and even Apple.
Can my data be lost if the servers catch fire?
No, our servers are multi-AZ. This means that they are duplicated in several datacenters in different availability areas. If a data center catches fire, another data center with the back-up data takes over. So don't worry, your data won't go up in smoke!
Is your database encrypted?
All the data and files in our databases are encrypted according to current standards. They are permanent and can therefore only be read by our services. This means that, in the event that a person were able to infiltrate our databases, they would still not be able to read the data there.
The purpose of encryption is to make data unreadable for a person who does not have the decryption key.
How are data exchanges between your database, servers and clients protected?
All exchanges take place in our private network of our cloud provider.
Requests are encrypted throughout the process. From the moment a person addresses until the answer comes back.
For more information, we invite you to consult our privacy policy and to contact us at .
As a customer, who will have access to my employee data?To my business data?
Our collaborators
At Skello, only our authorized employees will have access to your personal data. In addition, all of their activity on customer data is traced in order to guarantee maximum traceability.

Our subcontractors
We may share your personal data with our subcontractors. For example, our host is Amazon Web Services and its datacenter is located in Ireland. We keep an up-to-date list of all of our subcontractors.
They only receive the information that is strictly necessary for the performance of their service. They are in no way authorized to use this personal data for any purpose other than that of the service in question.

Legal compliance
In order to meet our legal obligations, public bodies, judicial officers, ministerial officers, control services and organizations responsible for debt collection may also be recipients of your personal data.
How do you manage the GDPR for the non-EU businesses you work with? Does the data transit to the US?
For non-EU companies we work with, we have two options:

The transfer is based on an adequacy decision (article 45 RGPD):
the transfer is authorized because the Commission has decided that the third country, a territory or one or more specific sectors in that third country, or the international organisation in question ensures an adequate level of protection.

The transfer is based on appropriate guarantees (article 46 RGPD):
in the absence of a decision pursuant to Article 45, the controller or processor may transfer personal data to a third country or to an international organization only if appropriate safeguards have been provided and provided that the persons concerned have enforceable rights and effective remedies.

In view of the invalidation of the Privacy Shield, we ensure that our American subcontractors have appropriate guarantees, in accordance with article 46 of the GDPR. What are these guarantees? These are standard contractual clauses approved by the European Commission
What is a server?
A computer server offers services that are accessible via a network. It can be hardware or software, it is a computer that executes operations according to the requests made by another computer called a “client”.
What is encryption?
Encryption is a process that makes it possible to make a document, a piece of data, illegible for the person who does not have the decryption key. This is to ensure data security. If you are looking for more information on this subject, you can consult the CNIL article .

General safety

Beyond data, SaaS software like Skello has several points of vigilance to protect. Our buildings, our servers, our employees... It is therefore logical that we continue to strengthen security measures every day. We regularly carry out intrusion tests and awareness campaigns so that overall security is optimal.
Why don't you have physical servers on your premises?
We could have them on our premises but we would then need dedicated infrastructures and specialized personnel. As our data is hosted by Amazon Web Services (AWS), it is therefore on their physical servers. This is more efficient in terms of safety and we save time and energy that we can devote to improving the product and your satisfaction!
Why don't you have physical servers on your premises?
What safety tests are carried out?
We regularly carry out pentests.
These are intrusion tests carried out by security experts in order to check all of our infrastructures and detect any faults that may remain. They thus check the security of our computer system and that of our premises.
These pentests are each time carried out by different companies specialized in this type of test. They are OSEP, OSED and OSWE accredited.
What safety tests are carried out?
Can someone break into your premises and retrieve data?
A guard is present on our premises to guarantee the safety of the building. Each employee has a badge without which they cannot enter. Badges are recorded over a given period of time. We also have cameras filming all entrances and exits. Campaigns to raise awareness of good security practices are carried out regularly so that everyone remains vigilant on a daily basis. We have also implemented the Dashlane solution to secure each of our employees' workstations. This therefore makes it impossible for an external person to access the computer.
Can someone break into your premises and retrieve data?
How do you protect your database against SQL injection attacks?
Several levels of filtering are set up in our architecture which prevents reaching the base via this type of injection.
How do you protect your database against typical attacks
SQL injections?
What do you do when faced with a DDOS attack?
We use a double firewall, one at the top of the platform and the other at the entrance to the platform. Various monitoring solutions are put in place to allow the detection of attacks to protect against them as well as unusual behaviors on the platform.
What do you do when faced with a DDOS attack?
Why don't you have physical servers on your premises?
We could have them on our premises but we would then need dedicated infrastructures and specialized personnel. As our data is hosted by Amazon Web Services (AWS), it is therefore on their physical servers. This is more efficient in terms of safety and we save time and energy that we can devote to improving the product and your satisfaction!
What tests are carried out?
We regularly carry out pentests.
These are intrusion tests carried out by security experts in order to check all of our infrastructures and detect any faults that may remain. They thus check the security of our computer system and that of our premises.
These pentests are each time carried out by different companies specialized in this type of test. They are OSEP, OSED and OSWE accredited.
Can someone break into your premises and retrieve data?
A guard is present on our premises to guarantee the safety of the building. Each employee has a badge without which they cannot enter. Badges are recorded over a given period of time. We also have cameras filming all entrances and exits. Campaigns to raise awareness of good security practices are carried out regularly so that everyone remains vigilant on a daily basis. We have also implemented the Dashlane solution to secure each of our employees' workstations. This therefore makes it impossible for an external person to access the computer.
How do you protect your database against SQL injection attacks?
Several levels of filtering are set up in our architecture which prevents reaching the base via this type of injection.
What do you do when faced with a DDOS attack?
We use a double firewall, one at the top of the platform and the other at the entrance to the platform. Various monitoring solutions are put in place to allow the detection of attacks to protect against them as well as unusual behaviors on the platform.
© Skello, 69-71 Beaubourg Street,
75003 Paris
Paramètres des cookies