SkillsWorkbench
PrivacyTermsDisclaimer

Privacy Policy

We respect your privacy. This policy explains exactly what data we collect, why, and your rights over it.

Effective: May 17, 2026Last updated: May 17, 2026
Key facts at a glance:We collect your email and name for login only. Your Skill drafts, chat messages, stress-test results, and eval data are processed in-session and are never stored on our servers. Your prompts are sent to Anthropic's Claude API to generate responses. We do not sell your personal data.

1. Who We Are

SkillsWorkbench (“we,” “us,” or “our”) operates the skillsworkbench.com website and associated services. For the purposes of the EU General Data Protection Regulation (GDPR) and UK GDPR, we are the data controller of your personal data.

Contact for privacy matters: contact@skillsworkbench.com

2. Data We Collect

2.1 Data you provide directly

DataWhen collectedWhy
Email addressAccount registration (email/password sign-up)Account identification and communication
Display nameAccount registrationPersonalise your experience
Password (hashed)Email/password sign-upAuthentication — stored and managed by Firebase, never seen by us in plaintext
Google profile (name, email, avatar)Google Sign-InAuthentication via OAuth — we receive only the profile data Google shares
Chat messages / promptsDuring a workbench sessionForwarded to Anthropic Claude API to generate Skill drafts and evaluations — not stored by us

2.2 Data collected automatically

DataSourceWhy
IP addressServer / Cloud infrastructure logsSecurity, abuse prevention, and regulatory compliance
Browser type, operating system, device typeHTTP request headersService compatibility and aggregate usage analytics
Pages visited, timestamps, referrer URLServer logs and session cookiesUnderstanding how the Service is used; improving user experience
Firebase Authentication tokensFirebase SDKMaintaining your logged-in session
Error and performance logsGoogle Cloud infrastructureDiagnosing bugs and maintaining service reliability

2.3 Data we do NOT collect

  • Credit card numbers or payment information (no payment processing currently)
  • Your completed Skill drafts, stress-test results, or eval sets (these exist in your browser only)
  • Health, financial, biometric, or sensitive personal data
  • Precise geolocation

3. How We Use Your Data

  • Providing the Service: Authenticating you, delivering AI-generated responses, and operating the workbench features
  • Service improvement: Analysing aggregate usage patterns to improve features and performance
  • Security and fraud prevention: Detecting abuse, preventing unauthorised access, and complying with legal obligations
  • Communications: Sending transactional emails (e.g., password reset, account notices) — we do not send marketing emails without your explicit consent
  • Legal compliance: Meeting our obligations under applicable law and responding to valid legal requests

We do not use your data to train AI models, and we do not sell your data to any third party.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

Processing activityLegal basis (Article 6 GDPR)
Account creation and authenticationPerformance of a contract (Art. 6(1)(b))
Forwarding prompts to Anthropic APIPerformance of a contract (Art. 6(1)(b))
Security logging and abuse preventionLegitimate interests (Art. 6(1)(f)) — maintaining a safe and reliable service
Service analytics (aggregate, non-identifying)Legitimate interests (Art. 6(1)(f)) — improving the Service
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))
Marketing communications (if applicable)Consent (Art. 6(1)(a)) — you may withdraw at any time

5. Data Processors and Third-Party Sharing

We share your personal data only with the processors and in the circumstances described below. We do not sell, rent, or trade personal data.

ProcessorCountryData sharedPurpose
Anthropic PBCUSAYour chat prompts and session contextAI inference for Skill drafting and evaluations; governed by Anthropic's Privacy Policy and API Data Processing Agreement
Google LLC (Firebase Auth)USA (global)Email, display name, hashed password or OAuth tokenUser authentication; governed by Google's Privacy Policy and Firebase DPA
Google LLC (Cloud Platform)USA (global)IP address, request logs, error logsApplication hosting; governed by Google Cloud DPA

We may disclose your personal data to government or regulatory authorities where required by law, or to protect the rights, property, or safety of SkillsWorkbench, our users, or the public.

6. International Data Transfers

SkillsWorkbench is hosted on Google Cloud infrastructure. Your data may be transferred to and processed in the United States and other countries where our processors operate.

For transfers from the EEA or UK to the United States, we rely on the following transfer mechanisms:

  • Google and Anthropic are certified under the EU-U.S. Data Privacy Framework (DPF) where applicable
  • Standard Contractual Clauses (SCCs) as approved by the European Commission where DPF certification is not available
  • UK International Data Transfer Agreements (IDTAs) for transfers from the UK

7. Data Retention

Data typeRetention period
Account information (email, name)For the duration of your account, plus 30 days after deletion request
Chat messages / promptsNot stored by us. Anthropic's retention policies apply to API traffic.
Server and security logs (IP, timestamps)90 days, then deleted
Firebase Authentication tokensUntil you sign out or revoke access
Backup dataUp to 30 days after the corresponding live data is deleted

8. Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Google Cloud's infrastructure-level encryption at rest
  • Firebase Authentication handling credential storage (passwords are hashed using bcrypt; we never see plaintext passwords)
  • API keys and secrets stored in Google Secret Manager, not in application code
  • Access controls limiting who within our team can access production systems

No method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal data, we will notify you and applicable regulators as required by law.

9. Your Rights (EEA and UK Users)

Under GDPR and UK GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Portability: Receive your personal data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
  • Lodge a complaint: File a complaint with your national data protection authority

To exercise any of these rights, email us at contact@skillsworkbench.com. We will respond within 30 days (or within the statutory period required by applicable law).

10. California Residents — CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions
  • Right to Correct: You may request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioural advertising
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Categories of personal information collected (past 12 months): Identifiers (email, name, IP address); internet or network activity (pages visited, session data).

Business purpose for collection: Providing and improving the Service, security and fraud prevention, and legal compliance.

To submit a verifiable consumer request, email contact@skillsworkbench.comwith “CCPA Request” in the subject line. We will verify your identity before responding. You may designate an authorised agent to make a request on your behalf.

11. Brazil Residents — LGPD

If you are located in Brazil, Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018) provides you with the following rights:

  • Confirmation of the existence of processing and access to your data
  • Correction of incomplete, inaccurate, or outdated data
  • Anonymisation, blocking, or deletion of unnecessary or excessive data
  • Portability of your data to another service provider
  • Information about the public and private entities with which we share data
  • Revocation of consent at any time
  • Review of decisions made solely by automated means

We process your data on the bases of contract performance and legitimate interest as defined by LGPD. Requests may be submitted to contact@skillsworkbench.com.

12. Canada Residents — PIPEDA

For users in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances, with your knowledge and consent where required. You have the right to access your personal information and to challenge its accuracy. Contact us at contact@skillsworkbench.com to make a request.

13. India Residents — DPDPA

For users in India, we comply with the Digital Personal Data Protection Act 2023 (DPDPA). We process your personal data only for the purposes described in this policy and with your consent where required by law. You have the right to:

  • Access information about your personal data that we process
  • Correction and erasure of your personal data
  • Grievance redressal
  • Nominate a representative to exercise your rights in the event of your death or incapacity

Contact our grievance officer at contact@skillsworkbench.com.

14. Australia Residents — Privacy Act 1988

For users in Australia, we comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You have the right to access personal information we hold about you and to request correction of inaccurate information. You may also make a complaint to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs. Contact us first at contact@skillsworkbench.com and we will endeavour to resolve your complaint within 30 days.

15. Cookies and Tracking

We use the following cookies and similar technologies:

CookieTypePurposeDuration
Firebase Auth sessionEssentialMaintains your logged-in stateSession / up to 1 year if “Stay signed in”
CSRF tokenEssentialPrevents cross-site request forgerySession

We do not use advertising cookies or third-party tracking pixels. Essential cookies cannot be disabled as the Service requires them to function. You may clear cookies via your browser settings, which will log you out of the Service.

16. Children's Privacy

The Service is not directed at children under 18 years of age (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately at contact@skillsworkbench.com and we will promptly delete it.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.

18. Contact and Data Protection Officer

For privacy-related questions, data subject requests, or to contact our Data Protection Officer (where applicable under GDPR), please use:

SkillsWorkbench — Privacy Team
Email: contact@skillsworkbench.com

For EU/EEA users with unresolved complaints, you have the right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

© 2026 SkillsWorkbench. All rights reserved.

Privacy PolicyTerms of ServiceDisclaimer