सुरक्षा जानकारी

SkillPath takes the security of your personal data and career information seriously. This document outlines the technical, administrative, and organizational measures we implement to protect the Platform and its Users.

 

1. Our Security Commitment

SkillPath applies a defense-in-depth approach to security, combining multiple layers of protection to safeguard personal data, career records, AI systems, and platform infrastructure. We continually review and update our security practices in response to emerging threats and regulatory requirements.

 

2. Data Encryption

•       All data transmitted between your device and SkillPath's servers is encrypted using TLS (Transport Layer Security) 1.2 or higher.

•       Personal data and Skill Profiles stored in SkillPath's databases are encrypted at rest using industry-standard encryption protocols.

•       Blockchain Career Records benefit from the cryptographic security inherent to distributed ledger technology, providing tamper-evident verification of career credentials.

 

3. Access Controls

•       Access to personal data within SkillPath's systems is granted on a strict need-to-know basis.

•       All internal staff and contractors with data access are subject to confidentiality agreements.

•       Employer access to the talent pool is authenticated via secure login credentials and restricted to the scope of their subscription.

•       Administrative access to Platform systems is protected by multi-factor authentication (MFA).

•       Access logs are maintained and monitored to detect unauthorized or anomalous activity.

 

4. AI System Security

•       The AI Career Engine and its underlying model weights are protected as proprietary intellectual property and are not accessible to external parties.

•       Training data used to improve the AI is anonymized and aggregated prior to use. Personally identifiable information is never directly used in model training.

•       AI outputs (Match Scores, career predictions) are generated in controlled environments with audit logging.

•       SkillPath performs regular reviews of AI outputs to detect and correct potential bias or inaccuracies in matching results.

 

5. Infrastructure Security

•       SkillPath's platform is hosted on reputable cloud infrastructure providers with certified security standards.

•       Servers and databases are protected by firewalls, intrusion detection systems, and regular security patching.

•       Automated vulnerability scanning and penetration testing are conducted on a regular basis.

•       Backup and recovery procedures are in place to ensure data availability and business continuity in the event of system failure.

•       Server environments are isolated and segmented to minimize the impact of any potential security incident.

 

6. Account Security — Your Responsibilities

SkillPath provides security infrastructure, but the security of your account also depends on your own practices. You are responsible for:

•       Creating a strong, unique password for your SkillPath account.

•       Not sharing your login credentials with any other person.

•       Logging out of your account when using shared or public devices.

•       Notifying SkillPath immediately at hello@startuplab.ph if you suspect your account has been compromised.

•       Keeping your registered email address current and secure.

SkillPath will never ask for your password via email, phone, or chat.

 

7. Blockchain Security

Blockchain Career Records are secured through the cryptographic properties of the distributed ledger. Each verified record is digitally signed and linked to preceding records, making unauthorized modification computationally infeasible. Users should note that the immutability of blockchain records means verified data cannot be fully deleted once written to the ledger.

 

8. Incident Response

In the event of a data breach or security incident affecting personal data, SkillPath will:

•       Investigate and contain the incident as quickly as possible.

•       Notify affected Users within 72 hours of confirming the breach, where practicable.

•       Report the incident to the National Privacy Commission (NPC) as required under the Philippine Data Privacy Act.

•       Take remediation steps to prevent recurrence.

•       Provide clear communication to affected Users about the nature of the breach and recommended protective actions.

 

9. Third-Party Security

SkillPath conducts due diligence on third-party service providers to ensure they maintain adequate security standards. All third parties with access to SkillPath data are bound by data processing agreements that require compliance with our security and privacy requirements.

 

10. Vulnerability Disclosure

If you discover a security vulnerability in the SkillPath platform, we encourage responsible disclosure. Please report security concerns directly to our team at hello@startuplab.ph with the subject line "Security Disclosure." We commit to acknowledging reports within 3 business days and working to resolve confirmed vulnerabilities promptly. We request that you do not publicly disclose vulnerabilities until we have had a reasonable opportunity to address them.

 

11. Regulatory Compliance

SkillPath's security program is designed to comply with:

•       Republic Act 10173 — Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations.

•       National Privacy Commission (NPC) guidelines on personal data protection.

•       Industry best practices aligned with internationally recognized security frameworks.

 

12. Contact Our Security Team

For security-related questions, concerns, or to report a vulnerability:

•       Email: hello@startuplab.ph  (Subject: Security Inquiry or Security Disclosure)

•       Phone: +63.967.336.8655 / +63.46.472.0877

•       Address: Pearl Plaza, 7001 F. Manalo Road, Navarro, General Trias, Cavite, Philippines