Published: February 1, 2025

Transparency Report

January 2025 • Reporting Period: January 1-31, 2025

✅

All Privacy Commitments Met

Third-Party Data Sales

0 (NEVER)

Security Scans

All Passed

Marketing Emails

0 (NEVER)

Data Export Requests

<24hr Response

👥

User Metrics

Total Users

Pre-launch: Stats coming soon

Active Users

Logged in during January

New Signups

New this month

Note: We're just launching! User metrics will populate as we grow. We're committed to publishing these numbers openly every month.

📧

Email Activity

Category	Emails Sent	Purpose
Grant Matches	--	Notify users of matching grants
Deadline Reminders	--	Remind users before grant deadlines
Account Notifications	--	Password resets, security alerts
Marketing Emails	0 (NEVER)	We will NEVER send marketing emails

🔒

Privacy & Data Requests

Metric	Count	Details
Third-Party Data Sales	0 (NEVER)	We will NEVER sell your data
Law Enforcement Requests	0	No government data requests
User Export Requests (GDPR)	--	All handled within 24 hours
User Deletion Requests	--	30-day grace period, then permanent
Consent Updates	--	User preference changes

🔍

Security Scan Results

✅

All Security Scans Passed

Automated scans run before every deployment

✅

Secret Detection (Gitleaks)

Scans git history for accidentally committed API keys, passwords, and credentials

Results: 149 commits scanned, 0 secrets found

✅

Static Analysis (Semgrep SAST)

Analyzes code for security vulnerabilities, OWASP Top 10 issues, and unsafe patterns

Results: 198 security rules run, 0 critical findings

✅

Dependency Vulnerabilities (Trivy)

Scans npm packages for known CVEs and security vulnerabilities

Results: 0 high/critical vulnerabilities detected

✅

Database Security (Supabase Test)

Tests Row-Level Security policies, schema integrity, and access controls

Results: 258 database tests passed, no schema errors

📋

Compliance Status

🇪🇺

GDPR Compliance

✅ Architecture Ready

Built with GDPR compliance from day one. Formal audit pending at scale.

🇺🇸

CCPA/CPRA Compliance

✅ Architecture Ready

No data sales, enhanced minor protections, opt-out mechanisms implemented.

👶

COPPA Compliance

✅ Fully Compliant

Age verification, parental consent for 13-15, no accounts under 13.

🔒

Privacy Policy

Updated: December 14, 2025

View current policy →

💡

What We Learned This Month

Launching with Privacy-First Architecture

We're starting Skozo.ai with privacy built in from day one, not retrofitted later. This foundational approach means:

🛡️ Database Security

Row-Level Security (RLS) policies protect user data by default at the database level

🔍 Continuous Scanning

Automated security scans run on every code commit and before deployment

✅ Consent by Design

User consent and email preferences are architected into the system, not added later

📊 Automated Transparency

Monthly reports are generated automatically, not manually compiled

What's Next: As we grow, we'll add more granular metrics to these reports and continue publishing openly. We're committed to radical transparency.

Questions or Feedback?

We're committed to transparency and accountability. If you have questions about this report or our privacy practices, we're here to help.

📧 Privacy Team 🔒 Security Team Read Privacy Policy