Data we process
Account profile data, workspace membership, Skill manifests, review decisions, install state, Project Key metadata, invocation logs, usage records, notification preferences, and support reports.
Privacy
Privacy and data handling.
SkillHub stores only the operational data needed to run the registry, review Skills, govern runtime usage, secure accounts, and support billing-preview workflows. We do not claim broad compliance certifications until they are formally completed.
Current public-launch privacy posture
Secrets and credentials
Project Keys, OAuth secrets, private keys, webhook signing secrets, and verification codes must not appear in public manifests, admin lists, logs, or support reports after first reveal.
Runtime governance
Runtime invocation requires signed-in workspace context and Project Keys. Calls are scoped by permissions, policies, rate limits, and audit trails.
Publisher responsibilities
Publishers must accurately declare permissions, data retention notes, support paths, and risk-sensitive behavior for each Skill they submit.
Retention and deletion
Operational records are retained while needed for security, auditability, billing preview, abuse response, and user support. Deletion and export requests can be routed through support.
Contact
Use the support page for privacy questions, data requests, or security disclosure routing. Do not include secrets in public reports.