Privacy Policy

Last updated: May 2026

1. Introduction

Talent At ("we", "us", "our") provides career management services to job seekers in the Middle East — including CV building, LinkedIn profile optimization, job search, and sending job applications on your behalf with your explicit consent. This Privacy Policy explains what data we collect, how we use it, and your rights regarding it.

By creating an account or using any of our services, you agree to the data practices described here.

2. Data We Collect

a. Data you provide

  • Name, email, phone number, profile photo
  • CV data: work experience, education, skills, languages, certifications, projects
  • Target positions, locations, expected salary, work preferences
  • Files you upload (CV PDFs, images)

b. Data from connected services

  • Google: name, email, profile photo (when signing in with Google)
  • LinkedIn: name, email, profile photo, experience, education, skills (when connecting LinkedIn)
  • Gmail: when connecting a Gmail account for sending job applications — details in Section 4 below

c. Automatically collected data

  • Usage data: pages visited, features used, timestamps
  • Device data: browser type, OS, IP address, approximate location (country only)
  • Session cookies and language preferences

3. How We Use Your Data

  • To provide core services: CV building, profile assessment, job search, and sending job applications with your explicit consent
  • To personalize recommendations based on your profile and skill level
  • To send essential operational notifications (send confirmations, account alerts)
  • To improve platform performance and security (without inspecting your personal email content)
  • To comply with legal obligations and respond to lawful requests when required

⚠️ We never sell your personal data, never use it for targeted advertising, and never share it with third parties for marketing purposes.

4. Google API Services & Gmail Data Use

We explicitly disclose here how we use your Google account data when you connect it, in accordance with the Google API Services User Data Policy.

a. Scopes we request

  • gmail.sendto send job application emails from your inbox to companies you approve
  • gmail.readonlyto read incoming replies to job applications only (to update the status of each application: replied / interview / rejected)
  • userinfo.emailto verify ownership of the connected account

b. How we handle Gmail data

  • We only read messages identifiable as replies to job applications we sent (matched by Message-ID and sender address)
  • We do not read, store, or analyze any personal or non-job-related messages
  • We only store: reply sender address, reply timestamp, reply category (positive / interview invite / rejection / undetermined)
  • Gmail data is never read by humans; processing is fully automated on our secure servers

c. Limited Use

Talent At's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We do not use Gmail data for advertising or any purpose other than the disclosed feature
  • We never sell Gmail data to any third party
  • We do not use Gmail data to develop, improve, or train generalized AI/ML models
  • We do not transfer Gmail data to third parties except as necessary to provide the service, by legal order, or with your explicit consent
  • Humans never read your Gmail data except in very limited cases (security, abuse investigations, legal requirements, or with your consent)

d. How to revoke Google access

You can revoke Google access at any time from the Settings page within Talent At, or directly from myaccount.google.com/permissions. When you revoke access, we immediately stop sending or reading, and delete authentication tokens within 24 hours.

5. Sharing with Third Parties

We share your data only with providers necessary to operate the service:

  • OpenAI: for AI processing (CV analysis, cover letter writing) — OpenAI does not retain your data per our business agreement
  • SendGrid: for essential system emails (account verification, password reset)
  • RapidAPI / JSearch: to fetch available jobs from job sources
  • Google Cloud / Microsoft Azure / Contabo: for server and database hosting

All these providers comply with strict data protection standards (GDPR, SOC 2).

6. Data Retention

  • Account data and CV: retained while your account is active, deleted within 30 days of account deletion
  • Job application logs: retained for 12 months to let you review your history
  • Gmail reply metadata: retained for only 6 months then auto-deleted
  • Security and access logs: retained for 90 days for security purposes
  • OAuth tokens: deleted immediately upon disconnection

7. Your Rights

Under Saudi PDPL and EU GDPR, you have the following rights:

  • Access your personal data and request a copy
  • Correct any inaccurate data
  • Delete your account and all data ("right to be forgotten")
  • Export your data in portable format (JSON)
  • Withdraw consent for data processing at any time
  • File a complaint with the data protection authority in your country

To exercise any of these rights, use the Settings page or contact us at privacy@talentat.org.

8. Data Security

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for stored passwords and OAuth credentials
  • Password hashing with bcrypt
  • Data access restricted to authorized personnel with full audit logs
  • Daily backups with full encryption

9. Children's Privacy

Our service is not directed at children under 16. We do not knowingly collect data from minors.

10. Policy Updates

We may update this policy from time to time. We will notify you of material changes via your registered email and update the "Last updated" date at the top.

11. Contact Us

For any questions about this policy or our data practices: