How Your Data Is Protected
Guide Updated: August 30, 2025
SkiveCore uses a layered security approach to protect your account and content. This page explains the core protections we apply across transport, storage, account security, and private messaging.
In‑Transit Encryption (HTTPS/TLS)
All traffic between your device and SkiveCore services is protected using industry‑standard HTTPS/TLS so that data is encrypted while in transit over the network.
- Protects logins, API calls, and media retrieval from interception and tampering.
- Applies to web, API, and mobile app communications.
End‑to‑End Encryption for Private Chats
Direct, private conversations are protected with end‑to‑end encryption (E2EE): messages are encrypted on the sender’s device and decrypted only on the recipient’s device.
- Messages stored on SkiveCore servers remain in encrypted form.
- SkiveCore staff cannot read your private conversations.
- Learn more: E2EE explained.
Scope: E2EE currently covers direct, one‑to‑one messages. Public content (posts, comments, blogs, video comments) is not E2EE.
Protecting Your Private Keys
Your device generates a unique key pair for private messaging. Your private key is encrypted and protected by your account password and remains inaccessible to SkiveCore.
- Your private key is stored in encrypted form and unlocked locally when you log in.
- If you reset your password, past E2EE messages cannot be decrypted with the old key. See E2EE explained for details.
Encryption at Rest
We use encryption at rest and other safeguards where appropriate for sensitive data stored on our infrastructure.
- Secrets and sensitive records are stored in encrypted form.
- Access to storage systems is restricted and audited.
Account Security
- Password protection: Passwords are stored using industry‑standard hashing with salt; we never store plaintext passwords.
- Verification: Accounts are verified with a 6‑digit code emailed during registration; see Account Verification.
- Two‑factor options: Support for codes and push‑based approvals where enabled; see Logging In.
- Session safeguards: Sessions are protected against common web threats.
Access Controls & Monitoring
- Least privilege: Internal systems and staff access follow least‑privilege principles.
- Separation: Sensitive services and data paths are logically segmented.
- Monitoring: Security‑relevant events are monitored to detect abuse and anomalies.
Data Minimization
We aim to collect only what’s necessary to operate the service. During early access testing, we limit collection to operational needs and basic, non‑identifying technical logs. See our Privacy Policy for details.
Retention & Deletion
- Backups: Critical data is backed up and protected to support recovery from failures.
- Deletion: You can request account deletion; see Deleting Your Account. E2EE message history tied to old keys cannot be recovered after password resets.
Work in Progress
SkiveCore is actively evolving. As features expand (e.g., group messaging), we will document the security model and encryption scope for new areas before launch.
Questions or Security Reports
For general questions, visit the Support Center or email support@skivecore.com.
For vulnerability reports or sensitive security matters, see our Security page (PGP key and contact).