1. Security by Design
We embed security into every stage of development to eliminate vulnerabilities before they emerge.
- Secure Development Lifecycle (SDL)
- Rigorous Code Reviews & Testing (SAST/DAST)
- Vetted 3rd-Party Components
Skykit Trust Center
Security, Compliance, Privacy
Explore how Skykit protects your data with enterprise-grade security, industry certifications, and transparent operational practices—all built to keep your organization safe, secure, and informed.
Quick Access
Our 360-Degree Security Model
We protect your network from every angle. Our security lifecycle ensures that threats are mitigated during development, deployment, and ongoing operation.
2. Secure Architecture
Built on a fortified foundation ensuring your data is protected at rest, in transit, and at the edge.
- Hardened Firmware, Operating System & Media Players Devices
- End-to-End Encryption (AES-256 / TLS)
- GCP Best Practices (Isolated VPCs)
3. Proactive Security Services
Security isn't a one-time effort. We maintain continuous vigilance against emerging threats.
- 24/7 Monitoring & Threat Intelligence
- Regular Penetration Testing by leading independent security firms
- SOC2 Type 2 Compliant & Compliance Audits
Security Controls & Specifications
Detailed specifications on how we secure your data, devices, and infrastructure.
Compliance
We adhere to rigorous independent audit standards to ensure your data is safe and available.
SOC2 Type 2 Compliant- Achieved 2024
NIST Framework- Aligned
- GDPR / CCPA
- Compliant Tools
ISO 27001 (via GCP)- Inherited
Infrastructure Security
Built on Google Cloud Platform (GCP) for hyperscale security and resilience.
- Cloud Provider
- Google Cloud (GCP)
- Hosting Region
- US Multi-Zone
- Encryption at Rest
- AES-256
- Encryption in Transit
- TLS 1.2+ (HTTPS)
- DDoS Protection
- Google Cloud Armor
Device Hardening
Purpose-built firmware that eliminates common Android attack vectors at the edge.
- Security Level
- OWASP ASVS L2
- Google Play Store
- Removed / Disabled
- Kiosk Mode
- Firmware Locked
- ADB / Developer Tools
- Disabled
- Content Storage
- Encrypted Filesystem
Product Security & Access
Strict logical isolation and identity management for every tenant.
- Authentication
- Okta, Google, Microsoft
- MFA
- Enforced for Admins
- Tenant Isolation
- Logical (Tenant ID)
- Role-Based Access
- Granular RBAC
- Penetration Testing
- Annual (3rd Party)
Reliability & DR
Designed for 24/7 uptime with rigorous disaster recovery protocols and SLAs.
- Playback Uptime
- 99.99%
- Recovery Point (RPO)
- 1 Hour
- Recovery Time (RTO)
- 4 Hours
- Failover
- Automated Zonal
- Backups
- Daily Encrypted
Subprocessors
Transparent listing of key third-party vendors processing customer data.
- Hosting
- Google Cloud Platform
- Device Messaging
- ClearBlade & EMQX (MQTT)
- Auth
- Firebase / Okta
- Support
- Salesforce / Zendesk
- Mailgun / Twilio
Shared Responsibility Model
Security is a partnership. We define clear boundaries so you know exactly what we handle.
Skykit Trust Center
FAQ
Where does Skykit store my data?
Skykit stores your data primarily on Google Cloud Platform (GCP) across US Regions & Zones, ensuring high availability. Backups are performed at least daily and stored on Google Cloud Storage fixed media. Approved storage locations for confidential data include Skykit laptops, Google Drive, and GitHub.
How does Skykit protect my data?
Skykit protects your data through multiple security measures: Data separation through logical tenant isolation, encryption in transit (TLS/HTTPS) and at rest (AES-256), strict role-based access control, multi-factor authentication for sensitive systems, DDoS protection via Google Cloud Armor, Web Application Firewalls in blocking mode, and comprehensive logging/monitoring.
Does Skykit sell my data?
No. At Skykit, we are committed to protecting your privacy. We do not sell, rent, or trade your personal information or customer data to third parties. Your data is used solely to provide and improve our services.
How long does Skykit retain my data?
Skykit follows a formal Change Management Policy for all production system changes. We utilize an agile development process where every change requires documentation, security review, testing (automated and manual), and leadership approval prior to deployment. We maintain strict separation between development, staging, and production environments, and all deployments include defined back-out procedures to ensure system stability.
How can I request data deletion?
For data deletion requests, contact Skykit support directly at support@skykit.com. Data subject requests may be reviewed by legal counsel before processing.
Does Skykit use customer data to train Artificial Intelligence (AI) models?
No. Skykit does not use customer content or data to train public Artificial Intelligence (AI) or Machine Learning (ML) models. Your data remains confidential and isolated within your tenant.
How does Skykit handle hardware end-of-life and disposal?
Skykit follows strict decommissioning procedures for hardware. All devices returned to Skykit (RMA or end-of-life) undergo a secure data wiping process to remove all customer configurations and credentials before being recycled or disposed of in accordance with environmental regulations.
Compliance Reports & Resources
Get access to our official security documentation, agreements, and audit reports.
SOC 2 Type 1 Report
Independent audit report covering Security, Availability, and Confidentiality.
Security Overview 2026
Comprehensive guide to policies, architecture, and controls.
Penetration Test Summary
Attestation letter from independent security firms regarding our latest cloud and hardware penetration tests.
Device Security Whitepaper
Technical deep-dive into Android firmware and hardening specs.