Security and trust, explained.
SkillSwipe is operated by a Shenzhen-registered company and deployed on Tencent Cloud Hong Kong. This page explains the controls we actively rely on today — not aspirational future-state marketing.
Dedicated PIPL notice, bilingual consent flows, DPO contact, and user-facing deletion/export controls.
Production web and backend run on Tencent Cloud Hong Kong with dual-domain parity on .cn and .com.cn.
JWT-authenticated APIs, role-based access control, consent tracking, and account lifecycle controls are enforced server-side.
Public health and status surfaces expose current API, database, cache, and backup state instead of static uptime claims.
Access and application security
Authenticated product APIs use JWT validation on the backend; protected routes are enforced by Spring Security rather than client-only gating.
Sensitive workflows such as account deletion, billing access, support, and admin actions are tied to authenticated sessions and role checks.
Rate limiting, request IDs, structured logs, and maintenance controls are built into the backend layer.
Data handling
Operational company information is surfaced consistently from one source of truth, including the legal entity and USCC used across contracts and fapiao requests.
Candidates and employers can access privacy notice, PIPL notice, and terms from every major public trust surface.
Account deletion and data export are part of the product surface, not hidden support-only processes.
Operational evidence
Status evidence is available publicly at the status page and API status endpoints, including component health and current incident state.
SkillSwipe uses deployment smoke checks and dual-domain validation to keep skillswipe.cn and skillswipe.com.cn aligned after each verified release.
We do not describe provider-side billing or legal filing work as complete until those external dependencies are actually live.
- Security
- security@skillswipe.cn
- Privacy
- privacy@skillswipe.cn
- Support
- support@skillswipe.cn