Security & Privacy
How the PWD Employment & Skills Portal handles user data, safeguards information, and supports inclusive & responsible usage.
Data We Collect
Account & Role
- Name, email, chosen role (job seeker, employer, admin)
- Session identifiers (for login state)
- Employer verification status (Approved / Pending / Rejected)
Profile & Application
- Job seeker: education, experience indicators, optional disability field
- Uploaded documents: resume (PDF), optional video intro
- Employer: company name, description, permit / registration no., optional website & phone
- Uploaded employer verification document (PDF/JPG/PNG/WEBP)
Job Posting
- Title, description, skill requirements, work setup (WFH, part/full time)
- Original location (region/city), salary range, education & experience requirements
- Match‑criteria fields locked after applicants appear (integrity control)
Reports & Moderation
- User reports of suspicious or non‑compliant jobs (reason + optional details)
- Administrative resolution status & timestamps
How Data Is Used
- Facilitate job discovery, filtering, and application workflows
- Verify employer legitimacy and reduce fraudulent postings
- Improve fairness via locked job criteria once there are applicants
- Support moderation (reviewing job reports & policy violations)
- Enhance future features (e.g. planned match scoring) in aggregated form
Lawful / Legitimate Basis
Data is processed based on: (a) fulfilling the platform’s core service (connecting job seekers & employers), (b) legitimate interest in maintaining safety & integrity, and (c) user consent for optional uploads (resume, video intro, employer documents).
Your Controls & Choices
- Edit profile details (except locked application‑critical fields after applications exist)
- Choose whether to upload resume, video intro, or employer verification documents
- Report suspicious jobs (which notifies admins)
- Request removal of optional uploads by deleting or replacing them (future explicit delete UI can be added)
Security Measures
- Role‑based access & server‑side permission checks
- Prepared statements to mitigate SQL injection (core DB operations)
- File uploads stored in segmented directories (resumes, videos, employers)
- Restricted accepted MIME types for documents / media
- Integrity logic: job requirement fields locked after applicants appear
- Planned improvements: CSRF tokens, stricter MIME validation, encryption at rest for sensitive docs
Retention
Core account & job posting data persists while the account or posting remains active. Optional uploads (resume, video, employer document) remain until replaced or manually purged during housekeeping. Resolved reports may be archived for audit history.
Sensitive Information
Disability information (if provided) is user‑entered descriptive text; the platform does not classify medical conditions. Please avoid entering highly sensitive medical records. Do not upload IDs unless explicitly required for verification (current system does not request government IDs).
Minors
The platform targets professional employment; accounts from users under legal working age should not be created.
Incident Handling
Suspected security or data exposure incidents are prioritized: isolate issue, restrict access, audit logs, and notify affected stakeholders where required. Future versions will include automated alerting hooks.
Changes to This Page
Material changes will update the version tag above. Continued use after changes indicates acceptance of the revised policy.
Contact / Feedback
For privacy questions or removal requests, use the Support channel (when logged in) or the general feedback mechanism planned in future releases.
- Request incorrect data correction
- Flag potential misuse of uploaded content
- Suggest additional accessibility protections