Privacy Policy

1. Who We Are

UKSponsorJobs ("we", "us", "our") operates the website at uksponsorjobs.co.uk. We are the data controller for the personal data we collect from you. If you have any questions about this policy, contact us at privacy@uksponsorjobs.co.uk.

2. What Data We Collect

• Account data: email address and hashed password when you register.
• Subscription data: your plan tier (Free, Base, Premium) and subscription dates.
• Payment data: processed entirely by Stripe. We store only your Stripe customer ID — we never see or store your card details.
• Usage data: jobs you save, companies you follow for alerts, and alert preferences.
• Referral data: referral codes and wallet balances if you use the referral programme.
• Technical data: IP address (used for rate limiting and security) and browser user-agent. We do not run analytics or tracking scripts.

3. How We Use Your Data

• Providing the service: authenticating you, serving job listings appropriate to your plan, and saving your preferences.
• Billing: processing subscription payments via Stripe and managing upgrades or cancellations.
• Job alerts: sending you email digests when companies you follow post new jobs (Premium only).
• Transactional emails: password reset links and withdrawal confirmations sent via Resend.
• Security: detecting abuse, rate limiting, and protecting our infrastructure.
• Legal compliance: retaining records as required by UK law.

4. Legal Basis (UK GDPR)

• Contract performance: processing your account and subscription data to deliver the service you signed up for.
• Legitimate interests: security monitoring, fraud prevention, and improving our service.
• Legal obligation: retaining financial records as required by HMRC.

5. Third Parties

• Stripe — payment processing. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
• Resend — transactional email delivery (password resets, job alerts). See Resend's Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties.

6. Data Storage & Security

Your data is stored on a private server in the European Economic Area. We use bcrypt password hashing, JWT authentication tokens, HTTPS encryption in transit, and strict access controls. Authentication tokens are stored in your browser's localStorage — not cookies — and expire after 30 days.

7. Data Retention

• Account data is retained while your account is active and for 30 days after deletion.
• Payment and transaction records are retained for 7 years to comply with HMRC requirements.
• Job alert history is deleted when you remove an alert.

8. Your Rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectification of inaccurate data.
• Erasure ("right to be forgotten") subject to legal retention obligations.
• Restriction of processing in certain circumstances.
• Data portability — receive your data in a machine-readable format.
• Object to processing based on legitimate interests.

To exercise any right, email privacy@uksponsorjobs.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of any material changes. Continued use of the service after changes take effect constitutes acceptance of the updated policy.