Security & Trust
Security and privacy are foundational to SkillIQ. Below is an honest overview of our current security posture and our certification roadmap.
SOC 2 Type II — readiness in progress
Data Protection
Encryption in transit & at rest
All traffic is served over TLS/HTTPS, and sensitive data (including biometric data) is encrypted at rest.
Authentication
Sessions are protected using secure, httpOnly cookies (not accessible to JavaScript), reducing XSS token-theft risk. Passwords are hashed; brute-force protection via rate limiting.
Access controls
Role-based access control (Super Admin, Admin, Recruiter, Candidate) with least-privilege data scoping across the platform.
Rate limiting & abuse prevention
API rate limits on authentication, payments, and public endpoints to mitigate abuse and credential-stuffing.
Privacy & Compliance
Designed to support GDPR, DPDP 2023, BIPA, PDPL/PDPA
Consent management, biometric consent capture, data-subject request handling, and documented retention/destruction. These reflect product capabilities, not certifications.
Biometric consent & retention
Explicit informed consent before any face capture; documented Biometric Data Retention & Destruction Policy.
Data-subject requests
Individuals can submit access/deletion/correction requests routed to our Data Protection Officer.
Certifications Roadmap
SOC 2 Type II — In progress
We are working toward SOC 2 Type II attestation, the most widely requested control framework for B2B SaaS.
ISO 27001 / 27701 — Planned
Information security and privacy information management certifications are on our roadmap.
For security questionnaires, a Data Processing Agreement (DPA), or sub-processor information, contact contact@consultmein.com.