Overview
This Privacy Policy explains how [AfricaHackOn Talent] collects, uses, shares, and protects personal data for candidates, employers, and visitors of our platform and related services. By using our services, you consent to this Policy.
Who we are
[AfricaHackOn Talent] is a platform connecting employers with vetted cybersecurity professionals, including academy graduates and experienced practitioners who complete a multi-stage vetting process. Contact: privacy@[yourdomain] or support@[yourdomain].
Data we collect
Account data: name, email, password/SSO identifiers, and profile preferences collected during sign up.
Profile data (candidates): location, work preference, skills, experience, projects, certifications, education, memberships, achievements, and optional CV. Contact details are private by default.
Vetting data: identity documents, selfies, technical assessment results, admin skill ratings (1–5), reviewer notes/evidence, references, and badge status.
Employer data: organization details, job posts, shortlist requests, in‑platform messages, interview scheduling details, and hiring outcomes.
Usage data: search queries, filters, profile views, invites, messages, analytics events (e.g., profile_view, invite_sent, job_posted, shortlist_requested).
Device/technical data: logs, IP, browser, and basic telemetry necessary for security and performance monitoring.
How we use data
Provide the service: enable profiles, search, filters, job posts, messaging, and interview scheduling.
Vetting: conduct identity checks, technical assessments, admin ratings, reference checks, badge assignment, and appeals logging.
Matching and ranking: surface candidates based on admin ratings, badge presence, skill fit, availability, and activity recency.
Communications: send transactional emails for onboarding, verification, vetting outcomes, interviews, and support.
Safety, security, and quality: prevent fraud/abuse, enforce Terms, ensure candidate privacy controls, and maintain audit logs.
Analytics and improvements: track KPIs such as time‑to‑shortlist, vetting pass rate, funnel drop‑offs, and search/filter usage to improve the platform.
Legal bases (where applicable)
Consent: sharing candidate contact details with employers, vetting participation, and optional background checks where offered.
Contract: delivering core platform features to registered users.
Legitimate interests: improving services, preventing abuse, and ensuring platform integrity, balanced against user rights.
Legal obligations: responding to lawful requests and complying with applicable regulations.
Candidate privacy controls
Visibility: contact details are hidden by default and shared only when a candidate grants permission.
Profile fields: candidates choose which fields to display; visibility toggles are provided in the profile.
Revocation: consent for contact sharing or vetting visibility can be changed at any time in the dashboard, affecting future disclosures.
Vetting and badges
Process: identity verification, technical assessment, admin skill review, optional references/background checks, final review, and badge assignment.
Transparency: admin ratings map to visible levels (Foundations/Intermediate/Advanced/Expert) and appear on profiles with average scores.
Evidence handling: reviewer notes and evidence supporting higher ratings are retained in audit logs and are not publicly disclosed.
Employer data use
Job posts: reviewed to ensure privacy and quality before publication.
Shortlists and messaging: employers receive suggested matches and can message candidates; messaging is logged for compliance.
Contact permissions: employers may only access candidate contact details when candidates explicitly allow it.
Sharing of data
With employers: candidate profile fields the candidate marks as public; contact details only upon candidate permission.
With service providers: cloud hosting, analytics, communications, identity verification, and security services under contractual safeguards.
Legal and safety: to comply with law, enforce Terms, or protect rights, property, and safety of users and the platform.
Transfers: where cross-border transfers occur, appropriate safeguards are applied consistent with applicable laws and internal policies.
Data retention
Accounts: retained while accounts remain active; limited archival after closure for compliance, fraud prevention, and audit.
Vetting records: retained as long as necessary for badge validity, auditability, and appeals, then minimized or anonymized.
Communications and logs: retained for a limited period for security, support, and legal requirements, then deleted or anonymized.
Your rights
Access, correction, deletion: request a copy, correct inaccuracies, or delete your data subject to legal/operational constraints.
Objection and restriction: object to or restrict certain processing based on your circumstances and applicable law.
Portability: request export of provided personal data in a machine-readable format where feasible.
Consent management: withdraw consent for contact sharing or vetting participation at any time in settings.
How to exercise: contact privacy@[yourdomain] from your registered email; identity verification may be required.
Security
Technical and organizational measures: encryption in transit, access controls, least-privilege admin access, audit logs for vetting changes, and routine reviews.
Incident response: security incidents are investigated promptly; where required, affected users and regulators are notified.
Accessibility: controls and notices designed to meet WCAG 2.1 AA guidelines in relevant interfaces.
Children’s data
The service is not intended for individuals under the age of 16; do not submit data for minors. Accounts detected to be underage may be removed.
Cookies and similar technologies
The platform may use essential and analytics cookies to enable authentication, remember preferences, and analyze usage; settings may be available in your browser or account.
International considerations
Data may be processed in multiple countries by vetted providers; safeguards and contractual measures are applied for lawful transfers. Local residency decisions and frameworks are reviewed with legal counsel.
Third-party links
Links to third-party sites are provided for convenience; their privacy practices are governed by their own policies.
Changes to this Policy
Material changes will be posted on this page and notified via email or in‑app where appropriate; the “Last updated” date will reflect the latest revision.
Contact
For questions or to exercise your rights, contact: privacy@[yourdomain] or support@[yourdomain]. For accessibility needs, contact accessibility@[yourdomain].
Region-specific notices
Candidates and employers may have additional rights under applicable data protection laws; region-specific addenda can be provided on request.
Background checks are performed only where candidates consent and where lawful; results are handled as sensitive data.