Protecting your organisation’s data is a priority for us. We use EU-only data hosting, independently verified security practices, and regular penetration testing to keep information secure. Customer data is never used to train AI models, so your workflows and data always remain under your control.
Built on a proactive, standards-driven approach
Our approach to security includes adhering to industry best practices, such as the OWASP Application Security Verification Standard (ASVS), implementing robust password policies, ensuring secure session management, and regularly validating system integrity. By maintaining these high standards and conducting ongoing security assessments, we ensure that your data remains safe and secure.
Rigorously tested by leading security experts
We've partnered with Cobalt, a leading provider of penetration testing, to rigorously evaluate the security of our Journeys application. We are proud to share that the application successfully meets their stringent security standards, demonstrating our commitment to providing a secure and trustworthy platform.
Cyber Plus certified
We maintain strong security standards and undergo regular assessments to ensure compliance with industry requirements. 50skills has been awarded the Cyber Essentials Plus certification, independently verified by The IASME Consortium (BlockMark Registry).
This certification confirms that our systems and processes meet the UK government’s baseline cyber security standard at the highest level.
Cloud hosting backed by global standards and certifications
Our computing infrastructure is hosted in the cloud and powered by Heroku. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilises Amazon Web Service (AWS) technology.
Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
Responsible AI and data handling
AI capabilities in the 50skills platform are optional and can be disabled for each customer account. When AI features are used, data is processed only to perform the workflow action requested by the customer. Customer data is never used to train, fine tune, or improve AI models by 50skills or our AI providers.
Workflow transparency and audit trail
Every action within a workflow is fully visible and auditable. Where AI is used, the prompt, input data, and output are all visible to administrators. A complete audit trail is maintained for workflow actions and data changes, supporting internal governance and regulatory compliance.
We take a multi-layered approach to security, leveraging both our sub-processors' robust compliance frameworks and our own internal audits and testing.
If you have additional questions please contact us directly at security@50skills.com
What is the data retention policy for traveller records?
Which third-party data processors do you use, and are they GDPR-compliant?
Does OpenAI use our data for model training?
How do your AI agents work if the LLMs do not retain data?
Is traveller data isolated per customer?
Do you use encryption and other security best practices?
.webp)
.webp)
.png)
