Skip to main content
Skyecord Inc.

Security Policy

Effective Date: April 5, 2026

At Skyecord, protecting the data our clients entrust to us is foundational to how we build and operate our platform. This policy outlines the security practices we maintain across our organization.

Encryption & Access Controls

Client data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption. Access to production systems and client data follows the principle of least privilege, meaning employees are granted only the minimum level of access required for their role. All access is authenticated through MFA, logged, and subject to periodic review.

AI & Data Usage

Skyecord leverages artificial intelligence capabilities through enterprise-grade accounts with our AI providers. Client data processed through AI features is not used to train, fine-tune, or improve any underlying AI models. All AI processing occurs within secure, isolated environments subject to the same encryption and access control standards outlined in this policy. Client data remains the property of the client at all times.

Breach Reporting

In the event of a confirmed or suspected security breach involving client data, Skyecord is committed to notifying affected clients promptly. Our incident response process includes immediate containment, investigation, root cause analysis, and remediation. Following resolution, we conduct a post-incident review to identify improvements and prevent recurrence.

Vendor Selection

Third-party vendors and service providers are evaluated against our security requirements before engagement. We assess each vendor's data handling practices, encryption standards, compliance posture, and incident response capabilities. Vendors with access to client data are subject to contractual obligations that align with our own security commitments and are reviewed on a regular basis.

Security Training

Every Skyecord employee and contractor completes security awareness training during onboarding and on a recurring annual basis. Training covers topics including phishing identification, secure data handling, password hygiene, and incident escalation procedures. Role-specific training is provided to engineering and infrastructure teams responsible for platform security.

Regulatory Alignment

Skyecord operates in compliance with applicable Canadian federal and provincial privacy legislation governing the collection, use, and disclosure of personal information. We regularly review our practices to ensure alignment with evolving regulatory requirements and industry best practices.

Device & System Security

All company-issued devices are equipped with endpoint protection software, full-disk encryption, and automatic operating system updates. Remote access to internal systems requires multi-factor authentication (MFA). Lost or stolen devices are subject to immediate remote wipe procedures. Personal devices used for work purposes must meet the same baseline security standards before accessing company systems.

Questions about our security practices? Contact us at security@skyecord.com.