SkillSync LogoSkillSync.

Data & Privacy Policy

Last Updated: 15-May-2025

1. Introduction

SkillSync ("we," "us," or "our") operates an AI-driven talent management platform that revolutionizes recruitment through automated sourcing, dynamic AI interviews, bias mitigation, and end-to-end hiring workflow optimization. This Privacy Policy outlines our comprehensive data practices in compliance with global regulations including the General Data Protection Regulation (GDPR), Singapore's Personal Data Protection Act (PDPA), and other applicable laws.

By accessing or using our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please refrain from using our platform.

2. Scope & Definitions

  • Platform Services: Includes but not limited to AI-powered interviews, job postings, candidate matching, skill assessments, interview scheduling, and analytics.
  • Data Subjects: Candidates, clients (employers), recruiters, and platform administrators.
  • Personal Data: Any information relating to an identifiable individual, directly or indirectly.
  • AI Processing: Automated analysis of data to generate insights, scores, or recommendations through machine learning algorithms.

3. Data Collection Categories

A. Candidate Data

  • Identification: Full name, email address, phone number, physical address, nationality.
  • Professional Data: Resumes/CVs, work history, educational background, skills, certifications, salary expectations.
  • AI-Interview Data:
    • Real-time voice transcripts and video recordings (where applicable)
    • Behavioral analytics (problem-solving approach, communication style)
    • AI-generated competency scores (technical skills, cultural fit)
    • Bias detection flags and mitigation recommendations
  • Technical Data: IP addresses, device identifiers, browser type, operating system, usage patterns.

B. Client/Recruiter Data

  • Corporate Information: Company name, industry, size, tax identification numbers.
  • User Accounts: Admin credentials, role permissions, activity logs.
  • Hiring Data: Job descriptions, candidate requirements, interview feedback.

C. Derived & Anonymized Data

  • Aggregated hiring metrics and platform usage statistics.
  • Anonymized datasets used for AI model training and improvement.

4. Data Processing Purposes & Legal Bases

PurposeProcessing ActivitiesLegal Basis
Recruitment AutomationAI-driven candidate screening and matchingContractual Necessity
Dynamic InterviewsReal-time adaptive questioning and analysisExplicit Consent
Bias MitigationAlgorithmic fairness audits and adjustmentsLegitimate Interest
Platform SecurityFraud detection and prevention measuresLegal Obligation
Service ImprovementAnonymized data analytics and AI trainingLegitimate Interest

5. Infrastructure & Data Security

Cloud Infrastructure

  • Compute & Hosting:
    • Microsoft Azure: GDPR-compliant hosting in Singapore with ISO 27001 certification
    • DigitalOcean: AICPA SOC 2 Type II and SOC 3 Type II certified infrastructure in in Singapore
  • Database Solutions:
    • Supabase: Enterprise-grade PostgreSQL with row-level security
    • MongoDB Atlas: SOC 2 Type II and HIPAA compliant NoSQL database
  • Network & Security:
    • Cloudflare: Enterprise DDoS protection and global CDN with TLS 1.3 encryption

Security Measures

  • Encryption:
    • AES-256 encryption for data at rest
    • TLS 1.3 for all data in transit
  • Access Controls:
    • Role-based access management (RBAC)
    • Multi-factor authentication enforcement
  • Operational Security:
    • Regular penetration testing and vulnerability scans
    • Immutable audit logs for all data access

Data Retention

  • Candidate profiles: 24 months post last activity
  • Interview recordings: 12 months unless otherwise requested
  • Client contracts: 7 years post termination for legal compliance

6. Data Sharing & Third Parties

Controlled Sharing

  • With client organizations for legitimate hiring purposes
  • With candidates regarding their own application status

Service Providers

  • Cloud Infrastructure: Azure, DigitalOcean
  • Database Providers: Supabase, MongoDB
  • Security Services: Cloudflare

International Transfers

  • All cross-border data transfers utilize GDPR-approved mechanisms including:
    • Standard Contractual Clauses (SCCs)
    • EU-US Data Privacy Framework

7. AI Ethics & Governance

Algorithmic Accountability

  • Human-in-the-loop review for all critical decisions

Transparency Measures

  • Public-facing AI Principles documentation
  • Candidate right to explanation for automated decisions

Model Management

  • Version control for all production AI models
  • Rollback protocols for model drift detection

8. Data Subject Rights

Available Rights

  1. Access and data portability
  2. Rectification of inaccuracies
  3. Erasure requests ("Right to be Forgotten")
  4. Processing restrictions
  5. Objection to automated decision-making

Request Process

  • Submit verified requests to [email protected]
  • 30-day response timeline with possible 60-day extension

9. Incident Response

Breach Notification

  • 72-hour notification to regulators for GDPR incidents
  • Individual notices for high-risk breaches

Response Protocol

  • Immediate isolation of affected systems
  • Forensic investigation by certified professionals
  • Remediation plans with regulatory consultation

10. Policy Administration

Version Control

  • Publicly accessible change log
  • 30-day advance notice for material changes

11. Contact Information

ZOFA AI SOLUTIONS PTE. LTD.
10 ANSON ROAD, #22-02A, INTERNATIONAL PLAZA, SINGAPORE 079903
UEN: 202519486W

Privacy Requests
[email protected]

This policy is effective as of the "Last Updated" date and supersedes all previous versions.

Return to Homepage