Privacy Policy
Last updated: 20 May 2026
1. Who We Are
SkillStamp (“we”, “us”, “our”) operates the platform available at skillstamp.io. We are the data controller responsible for your personal data processed through this platform.
Contact: support@skillstamp.io
2. Data We Collect
We collect the following categories of personal data:
- Account data: name, email address, password (hashed), account type (candidate or employer)
- Profile data: headline, bio, location, years of experience, LinkedIn/GitHub/website URLs, profile photo URL
- Skills & assessment data: quiz results, project submissions, AI readiness scores, sector certification results
- Employment data: work history and experience you voluntarily provide
- Employer data: company name, industry, company description
- Interview data: messages exchanged in live interview rooms, AI-generated assessment reports
- Usage data: pages visited, actions taken within the platform (collected via server logs)
- Technical data: IP address, browser type, device type, operating system
We do not collect payment card details directly. Any future payment processing will be handled by a PCI-compliant third-party processor.
3. How We Use Your Data
We use your data for the following purposes and on the following legal bases under the UK/EU GDPR:
| Purpose | Legal Basis |
|---|---|
| Provide the platform and manage your account | Contract performance (Art. 6(1)(b)) |
| Display your public portfolio to employers | Contract performance / Legitimate interests |
| Generate AI skill assessments and reports | Contract performance (Art. 6(1)(b)) |
| Send transactional emails (e.g. interview invitations) | Contract performance (Art. 6(1)(b)) |
| Improve and secure the platform | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Send marketing communications (with opt-in) | Consent (Art. 6(1)(a)) |
4. Third-Party Processors
We share data with the following sub-processors to operate the platform. All processors are bound by data processing agreements and comply with GDPR requirements.
| Processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | USA (SCCs applied) |
| Vercel, Inc. | Hosting and edge delivery | USA/Global (SCCs applied) |
| Anthropic, PBC | AI assessment generation | USA (SCCs applied) |
Where data is transferred outside the UK/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
5. Data Retention
- Account and profile data is retained while your account is active.
- Upon account deletion, personal data is deleted or anonymised within 30 days, except where we are required to retain it by law.
- Interview records and AI-generated reports are retained for 12 months after the interview date, then deleted.
- Server logs are retained for 90 days.
6. Your Rights
Under the UK/EU GDPR, you have the following rights:
- Access: request a copy of the personal data we hold about you.
- Rectification: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
- Portability: receive your data in a structured, machine-readable format.
- Restriction: request that we restrict processing of your data in certain circumstances.
- Objection: object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, email us at support@skillstamp.io. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (e.g. the ICO in the UK, or your local EU data protection authority).
7. Cookies
We use only essential cookies required for authentication and security. We do not use advertising, analytics, or tracking cookies. See our Cookie Policy for full details.
8. Children's Privacy
SkillStamp is not directed at persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at support@skillstamp.io and we will delete it promptly.
9. Security
We implement industry-standard technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage, access controls, and row-level security on all database tables. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and update the “Last updated” date at the top of this page. Continued use of the platform after changes constitutes acceptance.
11. Contact Us
For any privacy-related questions or to exercise your rights, please contact us at: support@skillstamp.io