Skip to main content

Client Data Policy

  1. Purpose

This policy establishes the requirements for restricting access to client data within the Skpr hosting platform solution to ensure data privacy, security, and compliance with regulatory and contractual obligations.

  1. Scope

This policy applies to:

  • All Skpr platform team members
  1. Policy Statement
  • Team members must have access only to the minimum data required to perform their duties
  • Skpr team member access must be temporary and reviewed periodically (e.g., quarterly access audits).
  • Client data must not be used for secondary purposes (e.g., analytics) unless explicitly authorized.
  • Any access to client data must be logged, monitored, and subject to multi-factor authentication (MFA).
  1. Access Control Measures
  • Role-Based Access Control (RBAC): Skpr team members should be granted access based on their role and required functions.
  • Time-Limited Access: Skpr team members should be restricted to the shortest duration necessary.
  • Logging & Monitoring: All Skpr team member interactions with client data must be logged and subject to regular security reviews.
  • Incident Reporting: Skpr team members must report any unauthorized access or security incidents immediately.