Security Policy

Last updated: March 26, 2025

1. Commitment to Security

At Skillbru AI, protecting your data is our highest priority. We implement robust technical and organizational security measures to ensure that:

• Personal and assessment data is protected against unauthorized access.
• Systems are safeguarded from data loss, theft, or manipulation.
• Payments and sensitive information are handled securely.

2. Infrastructure Security

• Cloud Hosting: All services are hosted on trusted cloud infrastructure (e.g., AWS, Azure, or similar), with geographically redundant backups and compliance with Indian data localization rules.
• Firewalls & Intrusion Detection: We use modern firewalls, intrusion prevention systems (IPS), and anti-malware tools.
• Uptime & Monitoring: Real-time monitoring is employed to detect downtime, breaches, or suspicious activity.

3. Data Encryption

• In Transit: All data transmitted between user devices and our servers is encrypted using TLS 1.2+ (HTTPS) protocols.
• At Rest: Sensitive data (e.g., assessments, resumes, internal analytics) is encrypted using AES-256 industry-standard encryption.
• Passwords: Passwords are hashed and salted using bcrypt or equivalent secure algorithms.

4. Access Controls

• Role-Based Access: Access to data is granted only on a need-to-know basis according to employee or client roles.
• Multi-Factor Authentication (MFA): Used internally for administrative tools.
• Audit Logs: All access to backend systems is logged and regularly reviewed.

5. Payment Security

• Payments are processed through Razorpay, a PCI-DSS-compliant payment gateway.
• Skillbru AI does not store card numbers, CVV, or payment credentials on its own servers.
• All billing interactions are encrypted and securely routed.

6. User Best Practices

We recommend that users:

• Use strong and unique passwords.
• Never share login credentials.
• Log out of their accounts after use (especially on shared devices).
• Report any suspicious activity immediately to support@skillbrew.com.

7. Incident Response

In the unlikely event of a data breach or cyberattack:

• Our security team will initiate an internal incident response protocol.
• Affected users will be notified within 72 hours as per applicable law.
• Root cause analysis and corrective action will be conducted promptly.

8. Regular Security Reviews

• We conduct periodic security audits and penetration tests.
• Our security policies are reviewed semi-annually and updated as needed.
• External experts may be engaged to review infrastructure and compliance.

9. Legal Compliance

• The Digital Personal Data Protection Act, 2023 (India).
• Applicable provisions of the Information Technology Act, 2000.
• Relevant RBI, UGC, and corporate data protection norms.

10. Reporting Vulnerabilities

We encourage responsible disclosure of any potential security risks. If you discover a vulnerability:

Email us at: support@skillbrew.com

Include: Description, potential impact, steps to reproduce (if safe).

We take such disclosures seriously and respond within 7 working days.

11. Contact

SkillBru AI Private Limited
Email: support@skillbrew.com
54-55, Second Floor, Kumbha Marg, Pratap Nagar, Jaipur, Rajasthan, India - 302033