Privacy Policy — Job Studio

This Privacy Policy explains how Syntrex Consulting - FZCO ("Syntrex", "we", "us", "our") collects, uses, shares, and protects personal data when you use Job Studio (the "Service") at job-studio.io.

We take this seriously: Job Studio processes your résumé and career history, which can be among the most personal information you hold. This policy tells you exactly what we do with it, who we share it with, and the rights you have.

1. Who we are (Data Controller)

The controller responsible for your personal data is:

Syntrex Consulting - FZCO License No. 61500 IFZA Business Park, Dubai Digital Park (DDP) Dubai Silicon Oasis, Dubai, United Arab Emirates

Privacy contact: contact@job-studio.io

EEA & UK users

We offer the Service to individuals in the European Economic Area (EEA) and the United Kingdom and process personal data in line with the GDPR and UK GDPR. For any privacy question or to exercise your rights, contact us at contact@job-studio.io. You also have the right to lodge a complaint with your local data protection authority (see Section 13).

2. The personal data we collect

  • Identity & account — Email, name, phone, authentication data. Source: you / our auth provider (Clerk).
  • Profile — Display name, target role, location, address, pronouns, contact links, education, skills. Source: you.
  • Career content — Uploaded résumés/CVs and the experience details extracted from them. Source: you.
  • AI-derived data — Career knowledge graph, opportunity scores, candidate snapshots, generated résumés and cover letters, enriched free-text answers. Source: generated by the Service from your inputs.
  • Subscription — Plan tier (free/pro/premium) and credit balance. Source: the Service.
  • Usage telemetry — Session activity, pages visited, viewport, browser/user-agent, in-product actions (first-party only). Source: collected automatically.

Special category data

Your résumés, career content, and the AI-derived data built from them may reveal special category data under Article 9 GDPR — for example health, ethnicity, religion, political opinions, or trade union membership — because real career histories often contain it. We process this data only on the basis of your explicit consent, which we ask for at signup. You can withdraw that consent at any time (see Section 7).

We do not ask you to provide special category data, and we recommend you remove any you do not wish to share — but we recognise it may appear naturally in a CV, so we treat all career content as if it contains it.

3. Why we process your data, and our lawful basis

  • Create and operate your account; deliver the core Service (scoring opportunities, generating tailored materials, building your career knowledge graph) — Performance of a contract (Art. 6(1)(b)).
  • Process your résumé and career content, including any special category data within it — Your explicit consent (Art. 9(2)(a)).
  • Keep the Service secure, prevent abuse and fraud, and debug — Our legitimate interests (Art. 6(1)(f)).
  • Understand product usage to improve the Service (first-party telemetry) — Our legitimate interests (Art. 6(1)(f)).
  • Send you service and account communications — Performance of a contract (Art. 6(1)(b)).
  • Send marketing (if any) — Your consent (Art. 6(1)(a)).
  • Comply with legal obligations — Legal obligation (Art. 6(1)(c)).

4. How AI is used, and automated processing

Job Studio is an AI-native service. We use third-party AI models to read your career content, build your knowledge graph, score opportunities, and generate documents.

  • Outputs are AI-generated. Résumés, cover letters, scores, and other materials are produced by AI and may contain errors or inaccuracies. You are responsible for reviewing them before use.
  • No automated decisions with legal effect. Job Studio does not make automated decisions that produce legal or similarly significant effects about you (Art. 22 GDPR). Opportunity scores and generated materials are suggestions to inform your decisions — they do not decide anything on your behalf and are not shared with employers by us.
  • AI transparency. Where you interact with AI features or receive AI-generated content, we tell you so.
  • Your career content is sent to the AI providers described in Section 5. We choose providers that do not train their models on your data via our integrations, and where available we enable data-minimising and zero-retention settings.

5. Who we share your data with

We do not sell your personal data. We share it only with trusted service providers who process it on our behalf, under contract and on our instructions, to help us run the Service. These fall into the following categories of recipients:

  • Identity and authentication providers
  • Cloud database, file storage, and hosting providers
  • AI model providers that process your prompts and career content to generate outputs
  • Analytics and service-monitoring providers
  • Email/communication providers

Our AI providers do not train their models on your content through our integrations, and we use data-minimising and short-retention settings where available. Some providers are located in the EU; others outside it (see Section 6).

You may request the specific identities of the providers we use, and details of the safeguards in place, by contacting us at contact@job-studio.io. We will notify users before adding a new category of recipient that materially changes how your data is handled.

We may also disclose personal data where required by law, to protect our rights or the safety of others, or in connection with a corporate transaction (merger, acquisition, asset sale), in which case we will notify you.

6. International data transfers

We are based in the UAE and host the Service primarily in the United States (US-East). Some of our service providers are in the US; one of our primary AI providers (Mistral) is in the EU.

When we transfer personal data of EEA/UK individuals outside the EEA/UK, we rely on appropriate safeguards, including:

  • the EU-US Data Privacy Framework (for certified US providers), and/or
  • Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, with supplementary measures where appropriate.

You can request a copy of the relevant safeguards using the privacy contact above.

7. Your rights

Depending on where you live, you have some or all of the following rights. We will respond within the timeframe required by applicable law (generally one month under GDPR).

Under the GDPR / UK GDPR, you have the right to: access your data; correct it; erase it; restrict or object to processing; data portability; and withdraw consent at any time (including consent to process special category career data — withdrawal does not affect processing already carried out). You also have the right to lodge a complaint with your local supervisory authority.

Under the California CCPA/CPRA (if applicable), you have the right to: know what we collect; access and delete it; correct it; and opt out of "sale" or "sharing" — we do not sell or share your personal data as those terms are defined. We will not discriminate against you for exercising these rights.

Under the UAE PDPL, you have rights of access, correction, deletion, restriction, portability, and to object, and to complain to the UAE Data Office.

To exercise any right, contact us at the privacy address above. We provide in-product tools to export your data (a downloadable copy) and to delete your account and associated data.

8. Data retention

We keep your personal data only as long as needed for the purposes above:

  • Account, profile, career content, and AI-derived data: kept while your account is active, and deleted within 30 days of you deleting your account or withdrawing consent, except where we must retain limited records to meet a legal obligation.
  • Usage telemetry: kept for up to 12 months, then deleted or aggregated.
  • Backups: purged on a rolling cycle of up to 90 days.

When you delete your account, we purge your data across our database, file storage, knowledge graph, and authentication provider, and instruct our service providers to delete it.

9. Security

We protect your data with encryption in transit (TLS) and at rest, access controls (SSO + multi-factor authentication for staff, least-privilege access), and audit logging of access to user data. No system is perfectly secure, but we work to protect your information and will notify you and the relevant authority of a personal data breach where the law requires.

10. Cookies and tracking

Job Studio uses only strictly necessary cookies — for example, the authentication session cookie that keeps you logged in. These are required for the Service to work and do not require consent.

We use first-party telemetry to understand how the Service is used. We do not use third-party advertising or analytics trackers, and we do not capture your IP address for analytics. If we ever add non-essential cookies or trackers, we will ask for your consent first and update this policy.

11. Children

Job Studio is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes to this policy

We may update this policy. If we make material changes, we will notify you (for example by email or in-product) before they take effect, and post the updated version here.

13. How to contact us or complain

Questions or requests: contact@job-studio.io

If you are in the EEA/UK and are unhappy with our response, you may complain to your local data protection authority. If you are in the UAE, you may complain to the UAE Data Office.