Security & Data Protection
Last updated: June 30, 2026
We know that the documents and funding data you entrust to SkyRate are sensitive. This page explains, in plain language, how we protect your information and how long we keep it. If you have a question that is not answered here, email us at contact us and we will respond.
1. Encryption
- In transit: All traffic to and from SkyRate is encrypted using TLS 1.2+ (HTTPS). We do not serve any part of the application over an unencrypted connection.
- At rest: Your account data and uploaded documents are stored on encrypted, access-controlled infrastructure.
2. Hosting & Infrastructure
SkyRate runs on managed cloud infrastructure (DigitalOcean) in U.S. data centers. Application servers and databases are isolated, and administrative access is restricted to authorized personnel only. We apply security patches to our platform on an ongoing basis.
3. Authentication & Access Control
- Passwords are hashed using industry-standard one-way hashing — we never store them in plain text.
- Access to the platform is session-based, with role-based permissions separating Consultant, Vendor, Applicant, and Administrator capabilities.
- Multi-factor authentication (MFA) is available to add a second layer of protection to your account.
- Rate limiting protects authentication endpoints against automated abuse.
4. Payment Security
Payments are processed by Stripe, a PCI-DSS Level 1 certified provider. SkyRate never sees or stores your full credit card number or bank account details — that information is handled directly by Stripe.
5. Your Documents
Documents you upload (for example, Forms 470/471, bids, or supporting files for compliance review) are stored on encrypted, access-controlled storage and are visible only to your account and authorized SkyRate staff acting on your behalf. We do not sell your data and we do not share your documents with other customers.
6. Data Retention
- We retain your account data and uploaded documents for as long as your account is active.
- If you delete your account, we remove your personal information and uploaded documents within 30 days, except where retention is required by law or for legitimate business purposes (for example, billing records).
- You may request export or deletion of your data at any time.
- Publicly available E-Rate program data sourced from USAC/FCC (FRN statuses, Form 470 filings, funding commitments) is public information and may be retained independently of your account.
7. Monitoring & Reliability
We monitor our systems for errors and unusual activity, and maintain backups of customer data to support recovery. While we strive to protect your information, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Responsible Disclosure
If you believe you have found a security vulnerability in SkyRate, please report it to us at contact us. We appreciate responsible disclosure and will work with you to verify and address valid reports.
9. Questions
For any questions about our security or document-retention practices, contact us at contact us or visit https://skyrate.ai. See also our Privacy Policy and Terms of Service.