Login
Get Started
Security and GDPR complience

Security and GDPR compliance overview

1. Introduction

We at the skillball app fully realize that our users’ trust is the foundation of our operations. When working with extensive video materials and innovative artificial intelligence technologies, data security and privacy are not just formal legal requirements – they are the cornerstone of the technical architecture and business philosophy of our platform (hereinafter – the Platform or the skillball app).

This document is designed to provide a clear, understandable, and transparent overview of how we protect your data on a daily basis. It summarizes the technical and organizational security measures we have implemented, which ensure the Platform’s strict compliance with the requirements of the European Union’s General Data Protection Regulation (GDPR) and other applicable privacy regulations.

Our main commitment to you includes three fundamental principles:

  • Your data belongs to you: we respect your intellectual property and privacy. Your uploaded video materials are processed solely for the purpose of providing you with the requested service and generating “game highlights”.
  • Security first: protection mechanisms are integrated into every stage of the Platform’s software development and data processing – from secure video uploading and encryption to the irreversible deletion of data at the end of its life cycle.
  • Transparency: we remain open about what security standards are applied, where your data is geographically stored, and which trusted technology partners help us ensure the uninterrupted operation of the Platform.

 

2. GDPR compliance

To ensure the highest data protection standards, the Platform’s architecture is built on the principles of “privacy by default”.

 

Distribution of roles and the European Union data space

Within the meaning of the GDPR, responsibility is clearly separated depending on the type of data. The skillball app acts as a data controller regarding account registration data and payment information. Authentication systems and databases are located in Germany (Frankfurt). Payment invoices and subscriptions for European customers are processed by Stripe Payments Europe Ltd. in Ireland. Absolutely all system components that process user data are physically located only within the European Union. In no process is user data sent or stored outside the borders of the European Union. Regarding uploaded video files, we act as a Data Processor. The primary storage for this data is located in Sweden (Stockholm).

 

Data minimization and AI computing isolation

The system collects and stores only the information necessary for the provision of the service. During the payment processing, the Platform never sees or stores raw credit card numbers, ensuring minimal data processing. A special data minimization approach is used for artificial intelligence video processing. Video analysis takes place in ephemeral computing nodes. All intermediate files, extracted frames, model calculations, and temporary buffers are processed solely in the node’s local memory. As soon as the processing job is completed and the finished game highlights are uploaded back to the primary storage, the computing node and all its local memory are immediately deleted. User data is not stored in the artificial intelligence computing layer.

 

Ensuring user rights

Users are provided with full control over their data. Access, information correction, and data deletion can be carried out in the platform’s settings. In the event of account closure, all associated information is deleted from our active systems in accordance with the terms set out in the Privacy Policy.

 

3. Infrastructure and data storage

The Platform is based on a world-class, high-availability cloud computing infrastructure. To ensure maximum security and GDPR compliance, we cooperate only with carefully vetted and certified technology partners.

All servers and databases that process user information are physically located solely within the territory of the European Union (primarily in Germany, Sweden, and Ireland). In no process is customer and user data transferred outside the borders of the European Union.

 

Our partners

To maintain the system and service, we engage the following partners, all of whom have signed data processing agreements with us:

  • Cloud computing and Platform hosting: we use industry-standard service providers (Amazon Web Services and Vercel), whose infrastructure is certified according to ISO 27001, SOC 2 Type II, and other highest international security standards.
  • Database and authentication management: the security of user profiles and sessions is managed by a specialized service provider (Supabase), whose internal processes comply with SOC 2 Type II and HIPAA data protection requirements.
  • Payment processing: all financial transactions are processed by Stripe, which complies with the strictest security standards of the financial industry, including PCI DSS Level 1.
  • Artificial intelligence computing: for artificial intelligence video processing, we engage partners (for example, SimplePod / RunPod) that provide real-time computing power. Video processing occurs temporarily on these nodes, and after the process ends, user data is not permanently stored on them.

 

4. How we protect your data, or technical security measures

We use modern technologies to ensure that your information and video files on the Platform are always protected.

  • Data encryption: all your data (both profile information and uploaded videos) is securely encrypted – both at the moment you upload it and when it is stored on our servers. This means they are not readable by third parties.
  • Secure access and isolation: our employees have very strictly limited access to the systems. The Platform is designed so that each user can see only their own data and their own videos.
  • Account and password protection: the system automatically recognizes and blocks suspicious activities, for example, attempts to mass-guess your password. All passwords and technical keys are stored only in an encrypted form, guaranteeing the security of your profile.

 

5. Platform reliability and monitoring

We do everything necessary to ensure that the Platform operates without interruption and that your processed data is never lost.

  • Backups: the system automatically and regularly creates backups of your profile and settings. Meanwhile, your video files are stored on world-class servers that provide the highest data preservation guarantee and protection against technical damage.
  • Protection against attacks: our servers are equipped with automatic filters and protection against cyber attacks (for example, attempts to artificially overload the system).
  • Secure implementation of improvements: Before adding any new features to the Platform, they are tested in a completely separate test environment. Your real data and videos are never used for system testing.

 

6. Response to security incidents and contacts

Although we use world-class security solutions, no digital system is completely immune to cyber incidents. If a security incident or data leak occurs that could pose a risk to your information or rights, we commit to:

  • Take immediate action to stop the incident and eliminate its consequences.
  • In accordance with GDPR requirements, inform you about what happened without undue delay, explaining the situation and providing recommendations for further action.
  • Notify the responsible data protection authority (for example, the Data State Inspectorate) of the incident no later than 72 hours after becoming aware of it.

 

How to contact us

If you have any questions about how we protect your data or if you wish to exercise your rights (for example, request data deletion), please contact us:

E-mail for security and privacy questions: info@skill-ball.com