SkyLocker is operated by SkyLocker, Inc. (“SkyLocker”, “we”, “us”). This Privacy Policy explains what data we collect when you use SkyLocker — through WhatsApp, our web dashboard at skylocker.co, or any other SkyLocker-branded surface — how we use it, who we share it with, and the rights you have over it.
By using SkyLocker, you agree to the practices described here. If you don't agree, please don't use the service.
1. Information we collect
Information you provide directly
- Phone number. We use your WhatsApp phone number as your account identifier. It's how we route messages to your locker.
- Email address. Optional — only if you choose to add one for account recovery, billing, or product notifications.
- Payment information. If you upgrade to a paid plan, billing details (card, billing address) are collected and stored by Stripe. We never see or store your full card number.
- Content you forward to SkyLocker. Files, voice notes, links, locations, contacts, photos, text — anything you send to our WhatsApp number, or upload via the web dashboard.
- Account preferences. Settings you configure, such as notification preferences, default language, and saved tags.
Information we collect automatically
- Usage events. Which skills you've used, how often, and how the service performed — to understand what works and prioritize what to build next.
- Technical logs. IP address, user agent, request timestamps — for security, fraud prevention, and debugging.
- Cookies and local storage. A small number of cookies on the web dashboard for session and preferences. We do not use third-party advertising cookies.
- Operational cost telemetry. When a skill calls an external AI service on your behalf (e.g., classifying a voice note, tagging a photo), we log the call's approximate token count and cost per-user and per-skill. This helps us monitor our unit economics and detect abusive-usage patterns. We retain these logs for 14 days.
Referral and gift program data
If you share a referral code, we record which users sign up with it so we can credit your account. If you send a paid gift, we store the recipient's WhatsApp number and any personal note you include so the gift can be delivered when they first message the service. We never contact the recipient for marketing; the only outbound message is the one-time gift notification.
What we don't collect
- The content of messages you send to other WhatsApp contacts. SkyLocker only sees messages you forward or send to its number.
- Your address book, unless you specifically save contacts to your locker via the Contact Vault skill.
- Continuous location data. We only store the location pins you explicitly send.
2. How we use your information
- To run the service. Classify your messages, store your files, retrieve them when you ask, send you reminders, and execute the skills you trigger.
- To improve SkyLocker. Understand which skills are most used, where the product can do better, and how to fix bugs.
- To communicate with you. Account notifications (e.g., security alerts, billing receipts) and occasional product updates if you've opted in.
- To handle payments. Process subscriptions through Stripe.
- To keep the service safe. Detect abuse, prevent fraud, and comply with legal obligations.
We do not use your content to train AI models. Content sent to AI providers (see § 4) is processed only for your immediate request and not retained for training by those providers under their enterprise terms.
3. Who we share data with
To run SkyLocker, we share specific pieces of information with the trusted service providers below. Each one only receives what it needs to do its job.
| Service | What they receive | Purpose |
|---|---|---|
| Anthropic (Claude) | Message content, extracted file text | Intent classification, file tagging, document Q&A |
| OpenAI | Audio (for transcription), text (for embeddings) | Voice transcription, search indexing |
| Evolution API / Meta WhatsApp | Phone number, message content | WhatsApp message delivery |
| DigitalOcean | All stored data (files, database) | Hosting infrastructure |
| Upstash (Redis) | Session and queue state | OTP delivery, rate limiting, background jobs |
| Stripe | Email, billing details | Subscription billing |
| Sentry | Error logs, request metadata | Bug reporting and monitoring |
| Resend | Email address (if provided) | Transactional and product emails |
We do not sell, rent, or share your data with advertisers, data brokers, or any third party for marketing purposes. We may disclose information when legally required (subpoena, court order, regulatory request), or to protect the rights, safety, or property of SkyLocker or others.
4. Storage and retention
Your files and structured data are stored in DigitalOcean Spaces (S3-compatible) and PostgreSQL. Files are accessed via pre-signed URLs that expire 15 minutes after they are issued — there are no public download links to your data.
We keep your data for as long as your account is active. When you delete a file or other item from the dashboard, it's removed from storage immediately. When you delete your account, all your data is permanently removed within 30 days, except where we're legally required to retain certain records (e.g., billing records for tax compliance, which we keep for 7 years).
5. Your rights and controls
You can:
- Access all your stored data via the dashboard at skylocker.co
- Delete any file, contact, reminder, or other piece of saved content with one tap
- Delete your entire account, which permanently removes your data from our systems within 30 days
- Export your data in a standard format on request — email hello@skylocker.co
- Opt out of non-essential email communications via the unsubscribe link in those emails or in your dashboard settings
If you're in the EU, UK, California, Brazil, or another jurisdiction with specific data protection laws, you may have additional rights — including data portability, correction, restriction of processing, and the right to lodge a complaint with your local data protection authority. To exercise any of these rights, email us at hello@skylocker.co.
6. Security
We use industry-standard practices to protect your data:
- All connections use TLS encryption in transit
- Data at rest is encrypted on disk by our hosting providers
- Access to production systems is restricted to authorized personnel and audited
- File downloads use signed URLs with short expiry windows (15 minutes)
- Authentication uses WhatsApp OTP — there's no password we could lose
No system is perfect. If you discover a security issue, please email security@skylocker.co — we appreciate responsible disclosure.
7. Children's privacy
SkyLocker is not intended for children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has used SkyLocker, please contact us and we'll remove the account and any associated data.
8. International data transfers
Our infrastructure is hosted in jurisdictions that may differ from your own. By using SkyLocker, you consent to your data being transferred to and processed in those jurisdictions. Where required by applicable law, we put appropriate safeguards in place for international transfers.
9. Changes to this policy
We may update this policy from time to time. When we make material changes, we'll notify you via WhatsApp, email, or in-app message at least 30 days before the change takes effect. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of SkyLocker after the effective date constitutes acceptance of the updated policy.
10. Contact us
Questions, requests, or complaints? Email hello@skylocker.co or, for privacy-specific matters, privacy@skylocker.co.
See our Terms of Service for the rest of how SkyLocker works.