Privacy Policy

Last updated: January 19, 2026

1. Introduction and GDPR Compliance

Welcome to SKapi.pro ("we," "our," or "us"). We are committed to protecting your personal information and your fundamental right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our automation platform for Skool communities.

This Privacy Policy has been drafted in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws, including the UK GDPR and the California Consumer Privacy Act (CCPA).

1.1 Data Controller

For the purposes of GDPR, SKapi.pro acts as the Data Controller. We determine the purposes and means of the processing of personal data.

1.2 Data Protection Principles

We are committed to processing your personal data in accordance with the following GDPR principles:

• Lawfulness, Fairness, and Transparency: We process your data lawfully, fairly, and in a transparent manner.
• Purpose Limitation: We only collect your data for specified, explicit, and legitimate purposes.
• Data Minimization: We only collect data that is adequate, relevant, and limited to what is necessary.
• Accuracy: We ensure your data is accurate and kept up to date.
• Storage Limitation: We retain your data only for as long as necessary.
• Integrity and Confidentiality: We process your data securely to ensure its confidentiality, integrity, and availability.

2. Information We Collect

2.1 Data Minimization Policy

We follow a strict data minimization approach. We only collect personal data that is absolutely necessary to provide our services. We do not collect excessive or irrelevant data.

2.2 Information You Provide to Us

We collect only the following minimal information when you use our platform:

• Email Address: Required for account creation and communication. This is the primary identifier for your account.
• Name (Optional): You may choose to provide your name, but it is not required.
• Skool API Credentials: Stored locally on your device (browser extension) for authentication with Skool. We do NOT store your Skool API credentials on our servers.
• Communication Data: Information when you contact us for support, such as your message content and email address.

2.3 Information We Do NOT Collect

To protect your privacy, we deliberately do NOT collect:

• Passwords (we use encrypted authentication tokens)
• Payment details (processed securely by third-party payment processors)
• Sensitive personal data (health, political opinions, religious beliefs, etc.)
• Biometric data
• Criminal records

2.4 Information Automatically Collected

We automatically collect only essential technical information:

• IP Address: Temporarily logged for security purposes and fraud prevention, automatically anonymized after 30 days.
• Browser Type and Version: For technical compatibility and security.
• Operating System: For technical compatibility.
• Usage Statistics: Anonymized aggregate data about feature usage (cannot identify you individually).

3. Legal Basis for Processing (Article 6 GDPR)

We only process your personal data when we have a valid legal basis under Article 6 of the GDPR:

3.1 Contractual Necessity

Legal Basis: Article 6(1)(b) GDPR - Performance of a Contract

We process your email address and account information to perform our obligations under our Terms of Service and provide you with the automation platform you requested.

3.2 Legitimate Interests

Legal Basis: Article 6(1)(f) GDPR - Legitimate Interests

We process certain data for our legitimate interests, including:

• Maintaining security and preventing fraud
• Improving our services (anonymized data only)
• Technical troubleshooting

We have carefully balanced these interests against your privacy rights and have determined that our processing does not override your fundamental rights and freedoms.

3.3 Legal Obligation

Legal Basis: Article 6(1)(c) GDPR - Legal Obligation

We may process data to comply with legal obligations, such as tax laws and anti-money laundering regulations.

3.4 Consent

Legal Basis: Article 6(1)(a) GDPR - Consent

For certain processing activities, such as marketing communications, we will obtain your explicit consent. You have the right to withdraw your consent at any time.

4. How We Use Your Information

We use the minimal information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our automation platform (Article 6(1)(b) - Contract)
• Authentication: To verify your identity and secure your account (Article 6(1)(b) - Contract)
• Security: To detect, prevent, and address fraudulent activity and security threats (Article 6(1)(f) - Legitimate Interests)
• Communication: To respond to your inquiries and provide essential service updates (Article 6(1)(b) - Contract)
• Legal Compliance: To comply with legal obligations (Article 6(1)(c) - Legal Obligation)

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We only share your data with carefully selected third-party service providers that perform essential services on our behalf. All service providers are contractually bound to protect your data and may only use it for the specified purpose:

• Hosting Providers: To host our platform in secure, GDPR-compliant data centers
• Payment Processors: To process payments (e.g., Stripe, PayPal). We do not store your payment details.
• Email Service Providers: To send essential service communications (e.g., account notifications)

5.2 Integration Partners

When you use our integrations with services like Make.com or n8n, certain data may be shared with those platforms. These platforms are independent Data Controllers for any data they process. We encourage you to review their privacy policies:

• Make.com Privacy Policy
• n8n Privacy Policy

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (Article 6(1)(c) - Legal Obligation).

5.4 Data Transfers Outside the EEA

International Data Transfers (Chapter V GDPR):

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:

• European Commission adequacy decisions: For countries recognized by the EC as providing adequate data protection
• Standard Contractual Clauses (SCCs):> We use European Commission-approved Standard Contractual Clauses for transfers to countries without an adequacy decision
• GDPR-compliant service providers: We only use service providers that comply with GDPR requirements

6. Data Security

We implement appropriate technical and organizational measures (Article 32 GDPR) to protect your personal data, including:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest where applicable
• Access Control: Strict access controls limit who can access your data
• Regular Security Audits: We regularly review and update our security measures
• Pseudonymization: We pseudonymize data where possible to enhance security
• Secure Development: We follow secure software development practices

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention (Article 5(1)(e) GDPR)

We follow the storage limitation principle and retain your personal data only for as long as necessary:

7.1 Retention Periods

• Active Account: While your account is active, we retain data necessary for service provision
• After Account Deletion: Your data is permanently deleted within 30 days of account closure, except where required by law
• IP Addresses: Anonymized after 30 days
• Usage Logs: Anonymized after 30 days
• Financial Records: Retained for 7 years to comply with tax and accounting laws

7.2 Criteria for Determining Retention

We determine retention periods based on:

• The purpose for which the data is processed
• Legal requirements (e.g., tax laws)
• Statute of limitations
• Your consent and preferences

8. Your GDPR Rights (Chapter III GDPR)

Under the GDPR, you have the following fundamental rights regarding your personal data:

8.1 Right to be Informed (Articles 13 & 14 GDPR)

You have the right to be informed about the collection and use of your personal data. This Privacy Policy provides this information.

8.2 Right of Access (Article 15 GDPR)

You have the right to access your personal data and obtain:

• Confirmation of whether your data is being processed
• A copy of your personal data
• Information about the processing purposes, categories of data, and recipients
• The retention period
• Information about your rights

How to exercise: Contact us at connect@skapi.pro. We will provide your data within 30 days of your request, free of charge.

8.3 Right to Rectification (Article 16 GDPR)

You have the right to request correction of inaccurate or incomplete personal data. We will correct inaccurate data without undue delay.

8.4 Right to Erasure (Right to be Forgotten) (Article 17 GDPR)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purpose for which it was collected
• You withdraw your consent (where consent is the legal basis)
• You object to the processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with legal obligations

How to exercise: Contact us at connect@skapi.pro. We will delete your data within 30 days, except where we are required by law to retain it.

8.5 Right to Restrict Processing (Article 18 GDPR)

You have the right to request restriction of processing when:

• You contest the accuracy of the data (for a period enabling us to verify accuracy)
• The processing is unlawful, but you oppose erasure
• We no longer need the data, but you require it for legal claims
• You have objected to processing, pending verification of our legitimate grounds

8.6 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used format and the right to transmit that data to another controller.

8.7 Right to Object (Article 21 GDPR)

You have the right to object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

8.8 Rights Related to Automated Decision-Making (Article 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you. We do not use automated decision-making for significant decisions.

8.9 Right to Withdraw Consent (Article 7(3) GDPR)

Where we rely on consent as the legal basis, you have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

8.10 Right to Lodge a Complaint (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of GDPR occurred.

EU Supervisory Authorities: You can find your local data protection authority here: European Data Protection Board Members

9. Children's Privacy

Our platform is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Note for EU Users: Under GDPR, we only offer services to individuals over 16. If we discover we have collected data from a child under 16, we will immediately delete it.

10. Cookies and Tracking Technologies

10.1 Essential Cookies

We use only essential cookies that are strictly necessary for the functioning of our platform:

• Authentication Cookies: To keep you logged in
• Security Cookies: To maintain security and prevent fraud

10.2 No Marketing or Analytics Cookies

We do NOT use:

• Marketing or advertising cookies
• Cross-site tracking cookies
• Third-party analytics cookies (e.g., Google Analytics)

10.3 Cookie Consent

Since we only use essential cookies required for the platform to function, no cookie consent banner is displayed. These cookies are exempt from consent requirements under GDPR Article 5(3).

11. Data Breach Notification (Articles 33 & 34 GDPR)

In the unlikely event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Article 33)
• Notify you without undue delay if the breach poses a high risk to your rights and freedoms (Article 34)
• Provide information about the nature of the breach, the categories of data concerned, and the measures taken to address it

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For changes that materially affect your rights, we will:

• Notify you by email at least 30 days before the changes take effect
• Post the updated policy on this page
• Update the "Last updated" date

Your continued use of the platform after changes constitutes acceptance of the updated policy.

13. Skool Disclaimer

SKapi is a custom API and automation platform and is not affiliated with, endorsed by, or sponsored by Skool. Any data collected from or related to Skool communities is used solely to provide our automation services and is subject to this Privacy Policy.

When you connect SKapi to your Skool community:

• Your Skool API credentials are stored locally on your device (browser extension)
• We do NOT have access to your Skool community members' data unless you explicitly choose to process it through our integrations
• You remain the data controller for your Skool community data

14. Your Privacy Choices

You can take the following actions to protect your privacy:

• Access your data: Request a copy of all data we hold about you
• Delete your account: Contact us to permanently delete your account and all associated data
• Opt-out of marketing: We do not send marketing communications, so no opt-out is needed
• Manage integrations: Disconnect third-party integrations at any time through your account settings
• Withdraw consent: Revoke any consent you have given us

Our commitment to your privacy: We are committed to transparency, data minimization, and protecting your fundamental right to privacy. If you have any concerns about how we handle your data, please contact us.