Privacy Policy

1.1 Account Information

When you register, we collect your name, email address, and password. You also select a role (Job Seeker, Recruiter, or Vendor/Agency).

1.2 Profile Information

Depending on your role, you may provide: biographical information, work experience, education and qualifications, skills and certifications, profile photograph, location, salary expectations, work arrangement preferences, industry preferences, notice period, and any other information you choose to add to your profile.

1.3 Verification Documents (Optional)

Submitting documents for verification is entirely voluntary. You are not required to upload any documents to use SkillSwypeAI. If you choose to undergo verification, you may upload: identity documents (ID card, passport), criminal background check authorisation, qualification certificates, professional certifications, and reference contact details. These documents are stored securely and accessed only for verification purposes. By uploading documents for verification, you consent to them being processed by an approved verification provider for background screening purposes (see Section 4.6). You may remove your verification documents at any time, and all documents are permanently deleted when you delete your account.

1.4 Communications

Messages sent through our in-platform messaging system between candidates, recruiters, and vendors are stored to facilitate communication.

1.5 Payment Information

When you subscribe to a premium plan, payment is processed by our third-party payment provider, Paystack. We do not store your credit card numbers or bank account details on our servers. We receive and store transaction references, subscription status, and billing history.

1.6 Usage & Analytics Data

We automatically collect: session data (login times, session duration), pages visited and features used, device type, browser, and operating system, approximate geographic location (derived from IP address using ipapi.co, queried once per session), and interaction data (profile views, search appearances, swype actions).

1.7 AI Interaction Data

When you use AI-powered features (CV generation, interview preparation, job spec creation, smart search), the prompts you provide and the generated outputs are processed to deliver the service. We may retain anonymised interaction data to improve our AI features.

We use your information to:

• Create and manage your account
• Display your profile to relevant recruiters or candidates (based on your role and privacy settings)
• Process verification checks (ID, criminal, qualifications, references, certifications)
• Enable AI-powered features including CV generation, interview preparation, job specification creation, smart search, and matching
• Facilitate communication between platform users via in-app messaging
• Process subscription payments and manage billing
• Send transactional emails (verification updates, interview notifications, password resets)
• Provide analytics about your profile performance (views, search appearances, match scores)
• Operate the swype matching system to connect candidates with opportunities
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Improve and develop the Service

We process your personal information based on:

• Consent: When you create an account, upload verification documents, or use AI features.
• Contractual necessity: To provide the Service you have registered for and to process your subscription.
• Legitimate interest: To improve our Service, ensure platform security, prevent fraud, and provide analytics.
• Legal obligation: To comply with applicable laws and regulations.

We share your data with the following categories of third parties, solely for the purposes of operating the Service:

4.1 Cloud Infrastructure

Google Firebase (Google Cloud Platform) — for authentication, database storage (Firestore), file storage (Cloud Storage), and serverless compute (Cloud Functions). Data is primarily hosted in the africa-south1 (Johannesburg, South Africa) region.

4.2 Payment Processing

Paystack — processes all subscription payments. Paystack is PCI-DSS compliant. We send Paystack your email address and subscription plan details. See Paystack's privacy policy for details on how they handle your payment data.

4.3 AI Processing

Azure OpenAI (Microsoft) — processes AI feature requests including CV generation, interview preparation, job specification creation, and natural language search parsing. Profile data and user prompts are sent to Azure OpenAI for processing. Microsoft's data handling policies apply to this processing.

4.4 Location Services

Google Maps API — provides location autocomplete when entering addresses. ipapi.co — used once per session to determine approximate geographic location from your IP address for analytics purposes.

4.6 Background Screening

Our approved verification provider — our third-party background screening partner. If you voluntarily submit documents for verification, your information may be shared with an approved verification provider to conduct identity verification, criminal record checks, qualification validation, and other background screening services. Our approved verification provider processes your data in accordance with their own privacy policy and applicable South African law (including POPIA). No data is shared with an approved verification provider unless you actively upload and submit documents for verification.

4.7 Other Users

Your profile information (excluding sensitive verification documents) is visible to other platform users according to your role. Recruiters can view candidate profiles; candidates can view job listings and recruiter company information. Verification status (verified/unverified badges) is visible, but underlying documents are not.

We do not sell your personal information to third parties. We do not share your data with advertisers.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit (TLS/HTTPS) and at rest
• Firebase Authentication with email verification and optional two-factor authentication (TOTP)
• Cloud Functions enforce authentication tokens and rate limiting on all API endpoints
• Sensitive verification documents are stored in secured Cloud Storage with owner-only access rules and time-limited signed URLs (15-minute expiry)
• Firestore security rules enforce row-level access control — users can only read and write their own data
• CORS restrictions limit API access to authorised domains only
• Input validation and sanitisation on all server-side endpoints
• Secrets and API keys are stored in server-side environment variables, never exposed to the client

While we take every reasonable precaution to secure your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained until you delete your account or request deletion.
• Verification documents: Retained for the duration of your account. Deleted upon account deletion or upon request.
• Messages: Retained for the duration of both participants' accounts.
• Payment records: Retained as required by applicable tax and financial regulations (typically 5-7 years).
• Analytics data: Session and usage data is retained in aggregate form.
• Rate limiting data: Automatically expires based on sliding window periods.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements). You can delete your entire account through your account settings, which will permanently remove all your data — including profile information, verification documents, and associated records — from the platform.
• Portability: Request a machine-readable copy of your data.
• Restriction: Request that we limit how we process your data.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, email us at support@skillswypeai.com. We will respond within 30 days.

SkillSwypeAI uses essential cookies and local storage for:

• Authentication session management (Firebase Auth tokens)
• User preferences and settings
• Session-based analytics (stored in sessionStorage, not persistent)

We do not use third-party advertising cookies or tracking pixels. Our analytics are collected in-house and stored in our own database — we do not use Google Analytics or similar third-party analytics services.

SkillSwypeAI uses AI (powered by Azure OpenAI) to provide the following features:

• CV Generation: Creates professional CVs based on your profile information.
• Interview Preparation: Generates practice questions and coaching based on job descriptions and your profile.
• Job Spec Generator: Helps recruiters create detailed job specifications.
• Smart Search: Parses natural language queries to find matching candidates.
• Career Insights: Provides personalised career advice and market insights.
• Quote Generation: Assists vendors in creating professional service quotes.

When you use these features, relevant profile data and your inputs are sent to Azure OpenAI for processing. AI-generated content is provided as assistance and should be reviewed by you before use. We do not guarantee the accuracy of AI-generated content.

We track your monthly usage of AI features (number of requests per feature) to enforce fair-use quotas. This usage data is stored alongside your account and resets monthly. It is not shared with third parties.

All payment processing is handled by Paystack, a PCI-DSS compliant payment processor. When you subscribe:

• Your card details are collected and processed directly by Paystack — they never pass through our servers
• We receive a transaction reference, subscription status, and customer identifier from Paystack
• Paystack sends us webhook notifications for payment events (successful charges, subscription changes, failed payments)
• We verify webhook authenticity using HMAC signature validation
• All prices are displayed and charged in United States Dollars (USD)

SkillSwypeAI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@skillswypeai.com and we will promptly delete such information.

Our primary data infrastructure is located in South Africa (Google Cloud africa-south1 region). However, some data processing involves transfers to other regions:

• AI processing via Azure OpenAI may involve data transfer to Microsoft data centres outside South Africa
• Payment processing via Paystack may involve data transfer to Paystack's infrastructure
• Email delivery services may process data in various regions

Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

For users in South Africa, we comply with the Protection of Personal Information Act (POPIA). Under POPIA:

• SkillSwypeAI (Pty) Ltd is the responsible party for your personal information
• We process your information lawfully, for a specific purpose, and only what is necessary
• You have the right to access, correct, and delete your personal information
• You may lodge a complaint with the Information Regulator of South Africa
• Our Information Officer can be contacted at support@skillswypeai.com

For users in the European Economic Area (EEA) or United Kingdom, we comply with the General Data Protection Regulation (GDPR). In addition to the rights listed in Section 7:

• You have the right to lodge a complaint with your local data protection authority
• We process your data based on the legal bases described in Section 3
• International transfers are conducted with appropriate safeguards
• You may request information about the specific safeguards used for international data transfers

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email or in-platform notification for significant changes
• Where required by law, obtain your consent before applying changes

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: