This Security Policy and Practices document describes the administrative, technical, and operational measures SkopGO Ventures LLC uses to support the security, confidentiality, integrity, and availability of its Services.
The Services include websites, dashboards, APIs, webhooks, integrations, AI-powered voice-assistant workflows, transcripts, recordings, logs, analytics, and related operational systems.
SkopGO maintains a risk-based security program that is intended to be appropriate to the company's size, the nature of the Services, and the categories of data involved. The program is designed to support access control, secure transmission, vendor oversight, change management, system monitoring, incident response, and business continuity.
SkopGO secures the platform, hosted systems, and access-controlled tooling it manages. Each Client remains responsible for its own websites, forms, end-user disclosures, consent collection, account administration, endpoint security, and the legality of the data and instructions it sends into the Services.
SkopGO limits access to systems and data based on role, function, and business need. Access rights are intended to be reviewed and adjusted when personnel roles change or access is no longer required.
Clients are responsible for controlling user provisioning within their own organization; using strong passwords and, where available, multi-factor authentication; promptly disabling access for departed personnel; and limiting access to only the users who need it.
SkopGO seeks to protect service data in transit using encrypted transport where supported by the relevant system or provider. Dashboard access, API traffic, and webhook-based integrations are expected to use authenticated and secure channels appropriate to the integration.
Clients are responsible for protecting their API keys, webhook secrets, credentials, and other authentication artifacts. SkopGO may rotate, revoke, or suspend credentials if misuse, compromise, or abnormal activity is detected.
SkopGO maintains logging and monitoring practices appropriate to its environment to support troubleshooting, service integrity, abuse detection, security review, and incident investigation. Logs may include operational events, authentication events, configuration changes, dashboard actions, API and webhook activity, call workflow outcomes, and vendor alerts, subject to system capabilities and retention settings.
SkopGO may use rate limits, anomaly review, suppression controls, and other technical or operational safeguards to detect or reduce misuse, complaint spikes, wrong-number patterns, or other abnormal behavior.
SkopGO is designed so that Client data is logically separated by account, configuration, and access permissions. Client data is not shared across Clients except as needed to provide the Services, comply with law, or as directed by the applicable Client.
SkopGO uses controlled development and deployment practices intended to reduce the risk of unauthorized or unstable changes, including code review, testing, environment separation where practical, issue tracking, and change management procedures appropriate to the size and complexity of the Services.
SkopGO relies on third-party vendors and subprocessors for portions of the Services, which may include cloud infrastructure, communications infrastructure providers, speech services, AI model providers, analytics tools, support tools, email providers, and payment processors.
SkopGO evaluates vendors in a manner appropriate to the service they provide and the sensitivity of the information involved. When practical, SkopGO uses contract, access, confidentiality, security, and technical controls to manage vendor risk.
SkopGO maintains procedures for identifying, escalating, containing, investigating, and remediating suspected security incidents affecting the Services. Response steps may include internal triage, log review, vendor coordination, containment measures, remediation, recovery, customer communication, and documentation.
If SkopGO determines that a confirmed incident requires notice under applicable law or contract, SkopGO will provide notice in accordance with those obligations and the circumstances of the event.
SkopGO retains data for operational, contractual, legal, accounting, security, backup, and support purposes for periods that are reasonable in light of the nature of the data and the Services. Deletion timing may depend on the type of data, system architecture, vendor retention behavior, backup cycles, legal obligations, disputes, and Client instructions.
SkopGO uses commercially reasonable measures to support service continuity, backup, restoration, and recovery processes appropriate to the company's size, risk profile, and vendor environment. Because the Services depend in part on internet, telecom, cloud, AI, and email providers, uninterrupted service cannot be guaranteed.
Clients using the Services should provide required notices regarding AI, recording, monitoring, or transcription; obtain and document any consent required for outbound calling, messaging, or recording; protect API keys and webhook endpoints; review assistant behavior, prompts, scripts, and outputs; maintain their own legal and compliance review for industry-specific obligations; and notify SkopGO promptly of any suspected misuse, compromise, or abnormal activity involving the Services.
Security concerns, suspected vulnerabilities, and incident reports may be sent to info@skopgo.com. Please include sufficient detail to allow investigation, such as timestamps, affected account information, a description of the issue, and any relevant screenshots or logs.
SkopGO may update this Security Policy and Practices document from time to time to reflect operational, legal, technical, or business changes. The updated version will be posted with a revised effective date.
Website: www.skopgo.com
Security contact: info@skopgo.com
General legal contact: info@skopgo.com