Security & Data Protection Statement

InsightCP – Security & Data Protection Statement

Last Updated: 16 December 2025

At InsightCP, we take the security of information seriously.
We are committed to protecting personal data, safeguarding organisational insight, and ensuring the confidentiality, integrity, and availability of the Platform.

This Security & Data Protection Statement explains the measures used to protect data across the InsightCP website and platform.

InsightCP is operated by PathwayAI Ltd.

1. Our Commitment to Security

Security is embedded into how InsightCP is designed, built, tested, and operated.

We apply modern security practices, role-based access controls, and industry-standard protections to ensure that individual and organisational data remains secure at all times.

2. Data Encryption

In Transit

All data transmitted between your device and the Platform is protected using TLS encryption (HTTPS).

At Rest

Data stored within the Platform is encrypted using modern encryption technologies provided by our hosting and infrastructure services.

3. Authentication & Access Control

We use structured authentication and access control mechanisms to ensure users can access only the data they are authorised to view.

This includes:

secure login mechanisms

role-based access control (RBAC)

row-level data segregation

administrative controls for organisational accounts

User passwords are never stored in plain text.

4. Platform Architecture

InsightCP is built on modern, secure infrastructure incorporating:

segmented environments (development, testing, production)

restricted access to operational systems

monitoring and logging for unusual or suspicious activity

secure APIs with server-side validation

We apply the principle of least privilege across all systems.

5. Data Minimisation & Purpose Limitation

We collect and process only the data necessary to deliver:

skills and capability mapping

analytics and dashboards

learning and development insights

workforce capability assessment

During testing or beta phases, synthetic or anonymised data may be used to reduce risk.

We do not sell, trade, or monetise personal data.

6. Secure Development Practices

Our development practices include:

code reviews and change control

version control and auditability

restricted contributor access

dependency monitoring

continuous testing and improvement

Security considerations are integrated into every feature release.

7. Monitoring & Incident Response

The Platform is monitored for performance, availability, and unusual activity.

In the event of a suspected security incident, we will:

investigate promptly

mitigate identified risks

notify affected users where legally required

review and improve controls to prevent recurrence

All incidents are treated seriously and handled with urgency.

8. Organisational Controls

Internal security measures include:

restricted administrative access

confidentiality expectations for all contributors

enhanced security controls for key systems

regular clean-up of test and inactive accounts

strong credential and access management practices

9. Backups & Resilience

We maintain backups of key system components to support:

system continuity

protection against accidental data loss

recovery following disruption

Backup environments remain encrypted and access-controlled.

10. Use of Artificial Intelligence (AI)

InsightCP uses AI-assisted processing to enhance capability insight, learning recommendations, and workforce analytics.
We are committed to responsible, transparent, and ethical use of AI.

10.1 Purpose of AI Processing

AI within InsightCP supports:

skill extraction and profile analysis

competency and framework alignment

development pathway recommendations

chartership readiness indicators

workforce capability trend analysis

AI is used to support decisions, not replace human judgement.

10.2 No Automated Decision-Making with Legal or Significant Effects

AI outputs are advisory only and must not be treated as:

formal assessments

certified or guaranteed results

regulatory or compliance determinations

employment decisions (e.g. hiring, promotion, dismissal)

Final decisions must always involve human evaluation.

10.3 Data Protection in AI Processing

We do not:

use personal data to train public or external AI models

allow third parties to use user data for AI training

create externally accessible, identifiable AI datasets

deploy AI systems that store or recall user-specific data

All AI processing occurs within secure, controlled environments.

10.4 Transparency of AI Outputs

Where AI-assisted insights are used, InsightCP aims to make clear:

when AI is involved

what inputs are used

how outputs should be interpreted

We avoid opaque or misleading AI behaviour.

10.5 Accuracy & Limitations

AI-generated insights may be:

probabilistic

incomplete

dependent on input quality

influenced by data availability

Users are encouraged to validate AI-assisted outputs before relying on them.

10.6 Human Oversight

InsightCP is designed to augment human capability, not replace it.

Organisations and individuals remain responsible for:

evaluating recommendations

making accreditation or professional decisions

interpreting reports and analytics

validating competency alignment

10.7 Ethical Use of AI

We are committed to:

fairness and non-discrimination

transparency

data protection

responsible innovation

AI features are reviewed regularly against evolving best practices.

10.8 User Rights Related to AI

Users may:

request access to personal data used in AI processing

request correction of inaccurate inputs

object to automated profiling (where applicable)

request deletion of personal data

Requests are handled in line with UK GDPR requirements.

11. Data Location & International Access

Data is primarily processed within the UK.
Where data is accessed or transferred internationally, appropriate safeguards (including encrypted connections and secure hosting practices) are applied.

12. Your Responsibilities as a User

Security is a shared responsibility. Users must:

protect login credentials

avoid sharing passwords

upload only authorised content

report suspicious activity promptly

end sessions securely

13. Contact Us

If you have concerns about data security or wish to report an issue, contact:

📧 admin@pathwayailtd.com

We take all reports seriously and respond promptly.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.