Privacy Policy
Your privacy matters to us. This comprehensive policy explains how we collect, use, protect, and share your personal information across all SkillThrive services.
📋 Table of Contents
1. Introduction
Welcome to SkillThrive ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").
This policy applies to all users of our Services, including job seekers, companies, and visitors. By using our Services, you agree to the collection and use of information in accordance with this policy.
🔍 What's New in Version 3.2
- • Enhanced disclosures for algorithmic job matching and automated decision-making
- • Detailed email analytics and engagement tracking information
- • Expanded payment processing and financial data collection details
- • Updated third-party service integrations and data transfers
- • New sections on skill assessment data and career progression tracking
- • NEW: Google Calendar integration for interview scheduling and availability management
- • NEW: Compliance with Google API Services User Data Policy and Limited Use requirements
- • UPDATED: Explicit OAuth scope descriptions for Google Calendar API permissions
- • UPDATED: Enhanced in-app integration management instructions and revocation options
- • UPDATED: Detailed calendar data retention policies (immediate deletion upon disconnect)
- • NEW: Public API and third-party AI tool integration disclosures (ChatGPT, Claude, MCP)
2. Contact Information
Data Controller
Asterix Technologies LLP
Address:
167-169 Great Portland Street, 5th Floor
London W1W 5PF, United Kingdom
Registration: OC446847
Contact Information
Company: Asterix Technologies LLP
Registered Office:
167-169 Great Portland Street, 5th Floor
London W1W 5PF, United Kingdom
Email: support@skillthrive.io
3. Information We Collect
We collect information you provide directly, information about your usage of our Services, and information from third parties. Here's a comprehensive overview:
👤 Account and Profile Information
Basic Account Data:
- • Full name and display name
- • Email address and phone number
- • Profile photos and cover images
- • Account preferences and settings
- • Location and timezone information
- • Language and accessibility preferences
Professional Information:
- • Work experience and employment history
- • Education background and qualifications
- • Skills, expertise levels, and certifications
- • Professional portfolio and work samples
- • Career goals and aspirations
- • Salary expectations and compensation data
🧠 Skill Assessment and Career Data
Assessment Data:
- • Skill challenge attempts and solutions
- • Assessment scores and completion times
- • Code submissions and technical responses
- • Performance analytics and progress tracking
- • Learning path preferences and progress
Career Analytics:
- • Career progression tracking and goals
- • Job match scores and compatibility ratings
- • Application success rates and patterns
- • Skill development recommendations
- • Market positioning and competitive analysis
💳 Payment and Financial Information
Payment Processing:
- • PayPal order IDs and capture IDs
- • Payment amounts, currency, and timestamps
- • Billing addresses and contact information
- • Payment method preferences
- • Transaction status and history
Subscription Data:
- • Plan types and billing cycles
- • Subscription start, renewal, and cancellation dates
- • Usage patterns and feature access
- • Upgrade/downgrade history
- • Financial records for compliance (7 years)
📅 Calendar Integration Information
When you connect your Google Calendar to schedule interviews and manage job-related events, we access:
Calendar Data We Access:
- • Calendar event titles, descriptions, and times
- • Event attendees and organizer information
- • Event locations (physical or virtual meeting links)
- • Event status (confirmed, tentative, cancelled)
- • Free/busy availability information
How We Use Calendar Data:
- • Schedule and manage interview appointments
- • Send automated interview reminders
- • Prevent scheduling conflicts for job applications
- • Sync calendar events with your job application timeline
- • Enable rescheduling and cancellation workflows
🔒 Important Privacy Information:
- • Calendar access requires explicit OAuth consent through Google
- • You can disconnect calendar integration anytime from Settings → Integrations within Skillthrive
- • You can also revoke calendar access via Google Account permissions at myaccount.google.com/permissions
- • We only access calendars you explicitly authorize
- • Calendar data is not sold or shared with third parties except as required for interview scheduling
- • We comply with Google's Limited Use Requirements for API scopes
📋 OAuth Scopes We Request:
When you connect your Google Calendar, we request the following specific permissions:
- •
https://www.googleapis.com/auth/calendar.events
Allows us to create, read, update, and delete calendar events specifically for interview scheduling - •
https://www.googleapis.com/auth/calendar
Allows us to read calendar metadata to check your availability and prevent double-booking
These permissions are only requested when you explicitly click "Connect Google Calendar" in your integration settings.
🔧 Technical and Usage Information
Device and Browser:
- • IP addresses and geolocation data
- • Device type, operating system, browser
- • Screen resolution and device capabilities
- • Unique device identifiers
- • Network connection information
Platform Usage:
- • Page views, clicks, and navigation patterns
- • Session duration and frequency
- • Feature usage and preferences
- • Search queries and filters applied
- • Error logs and performance metrics
4. How We Use Information
We use your information to provide, improve, and personalize our Services. Our use of data is based on the following legal grounds under GDPR:
📋 Service Delivery (Contract Performance)
- • Account creation and management
- • Job matching and recommendations
- • Application processing and tracking
- • Interview scheduling via calendar integrations
- • Payment processing and billing
- • Customer support and assistance
- • Platform functionality and features
🎯 Personalization (Legitimate Interest)
- • Customized job recommendations
- • Skill development suggestions
- • Content personalization
- • User experience optimization
- • Analytics and insights
📧 Communications (Consent/Contract)
- • Transactional emails and notifications
- • Marketing communications (with consent)
- • Product updates and announcements
- • Educational content and tips
- • Survey and feedback requests
🛡️ Security and Compliance (Legal Obligation)
- • Fraud prevention and detection
- • Account security monitoring
- • Legal compliance and reporting
- • Data backup and recovery
- • Audit and investigation support
📊 Analytics and Improvement (Legitimate Interest)
- • Platform performance monitoring
- • Feature usage analytics
- • A/B testing and optimization
- • Market research and insights
- • Product development and innovation
⚡ Business Operations (Legitimate Interest)
- • Internal reporting and analytics
- • Quality assurance and training
- • Business intelligence and planning
- • Risk assessment and management
- • Operational efficiency improvements
5. Algorithmic Processing and Automated Decision-Making
GDPR Article 22 Notice - Automated Decision-Making
We use automated systems to process your data for job matching and recommendations. You have the right to request human intervention, express your point of view, and contest these decisions.
🤖 Job Matching Algorithm
How It Works:
- • Analyzes your skills, experience, and preferences
- • Compares against job requirements and company culture
- • Generates compatibility scores (0-100)
- • Ranks opportunities based on multiple factors
- • Updates recommendations based on your activity
Data Used:
- • Profile information and skills data
- • Past application patterns and outcomes
- • Assessment results and performance
- • Location and availability preferences
- • Similar user behavior patterns (anonymized)
📈 Career Progression Analytics
Purpose:
- • Identify skill gaps and development opportunities
- • Suggest learning paths and certifications
- • Predict career trajectory possibilities
- • Benchmark against industry standards
Your Rights:
- • Request explanation of recommendations
- • Provide feedback to improve accuracy
- • Opt out of automated recommendations
- • Access raw data used for decisions
🎯 Personalization Engine
Our personalization algorithms customize your experience by:
Content Curation
- • Relevant job listings
- • Educational content
- • Industry news
- • Networking suggestions
Interface Optimization
- • Dashboard layout
- • Feature prioritization
- • Notification timing
- • Content formatting
Communication Timing
- • Email send optimization
- • Notification frequency
- • Engagement predictions
- • Content preferences
6. Information Sharing and Third-Party Services
We share your information in limited circumstances and with appropriate safeguards. Here are the specific situations when sharing occurs:
✅ With Your Explicit Consent
Job Applications:
- • Profile data shared with employers when you apply
- • Resume and portfolio materials
- • Contact information for interview scheduling
- • Application status and feedback (if provided)
Public Profile Features:
- • Information you choose to make public
- • Portfolio items and work samples
- • Professional achievements and certifications
- • Skills and endorsements (if enabled)
🔧 Essential Service Providers
We work with trusted third-party services to provide our platform. All processors are bound by data processing agreements and GDPR compliance requirements.
| Service | Purpose | Data Shared | Location | Privacy Policy |
|---|---|---|---|---|
| Supabase | Database & Authentication | Profile, Usage, Preferences | EU (Primary), US (Backup) | View Policy |
| PayPal | Payment Processing | Billing Info, Transaction Data | Global (Varies by Region) | View Policy |
| Resend | Email Delivery | Email Addresses, Message Content | EU & US | View Policy |
| Vercel | Hosting & CDN | Log Data, Performance Metrics | Global Edge Locations | View Policy |
| Google Analytics | Website Analytics | Usage Data, Device Info | Global | View Policy |
| Google Calendar API | Interview Scheduling & Calendar Integration | Calendar Events, Availability, Meeting Details | Global | View Policy |
📅 Google Calendar Integration
Our use of Google Calendar API adheres to Google API Services User Data Policy, including the Limited Use requirements.
- • We only request calendar access when you explicitly authorize it for interview scheduling
- • Calendar data is used solely for scheduling job interviews and related events
- • We do not transfer calendar data to third parties except as required for interview coordination
- • Calendar data is not used for advertising or marketing purposes
- • You can revoke access at any time through your Google Account permissions
⚖️ Legal and Safety Requirements
Legal Compliance:
- • Court orders and legal process
- • Regulatory investigations
- • Tax and financial reporting
- • Employment law compliance
Safety and Security:
- • Fraud prevention and investigation
- • Terms of service enforcement
- • Protecting user safety
- • Preventing abuse and spam
6A. Public APIs and Third-Party AI Tool Integration
SkillThrive makes certain career exploration tools available through public application programming interfaces (APIs) that can be accessed by third-party AI platforms, including but not limited to OpenAI's ChatGPT, Anthropic's Claude, and any platform supporting the Model Context Protocol (MCP). This section explains what data is shared, how it is used, and what information is not collected through these integrations.
What Data Is Served
- • Role profiles: Curated descriptions of tech roles including responsibilities, skills, tools, salary ranges, and learning paths
- • Job listings: Publicly posted job openings aggregated from third-party job boards (title, company, location, salary when available, apply link)
- • Salary data: Aggregated, anonymised salary ranges by role and location
What We Do NOT Collect or Share
- • No personal data about users of third-party AI platforms is collected, stored, or processed
- • No user authentication is required to access these public tools
- • No personally identifiable information (PII) is included in API responses
- • No conversation history or queries from third-party platforms is logged or retained
Public API Endpoints
The following public API endpoints are available without authentication. They return only publicly available, non-personal data:
- • Explain Role — Returns a curated career profile for a given tech role
- • Search Jobs — Searches active, publicly posted job openings by role, location, and remote status
- • Get Salary — Returns aggregated salary bands by role and optional location
Third-Party AI Platform Responsibilities
When you interact with SkillThrive tools through a third-party AI platform (e.g. ChatGPT or Claude), that platform's own privacy policy governs how your conversation data, queries, and interactions are collected and used. SkillThrive does not control and is not responsible for the privacy practices of third-party platforms. We encourage you to review the privacy policies of any AI platform you use.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Here are our specific retention periods:
🕒 Quick Reference
Note: You can request early deletion of your data at any time, subject to legal and contractual obligations. See our detailed Data Retention Policy for complete information.
💼 Active Users
- • Profile Data: Retained while account is active
- • Usage Analytics: 26 months rolling
- • Communication Logs: 3 years
- • Assessment History: Permanently (unless deleted)
- • Calendar Integration Data: Deleted immediately when you disconnect Google Calendar from Settings → Integrations
- • Calendar Events: Synced in real-time only; not permanently stored beyond active scheduled appointments
📤 Inactive/Deleted Accounts
- • Profile Deletion: 3 years after last login
- • Anonymized Analytics: Retained indefinitely
- • Legal Hold Data: Until resolution
- • Financial Records: 7 years (legal requirement)
8. Your Rights and Choices
Under GDPR, UK GDPR, CCPA, and other applicable laws, you have comprehensive rights regarding your personal data:
🔍 Access and Portability
- • Request a copy of all your personal data
- • Receive data in machine-readable format (JSON, CSV)
- • Transfer data to another service provider
- • Access algorithmic decision explanations
✏️ Correction and Updates
- • Update or correct inaccurate information
- • Complete incomplete personal data
- • Dispute automated decision outcomes
- • Update preferences and settings
🗑️ Deletion and Restriction
- • Request complete account deletion ("right to be forgotten")
- • Restrict processing for specific purposes
- • Object to processing based on legitimate interests
- • Delete individual data elements
⚙️ Consent and Preferences
- • Withdraw consent for optional processing
- • Opt out of marketing communications
- • Manage cookie and tracking preferences
- • Control automated decision-making participation
📞 How to Exercise Rights
- • Online: Account Settings → Privacy Controls
- • Email: support@skillthrive.io
- • Form: Submit Privacy Request
Response Time: 30 days (may be extended to 60 days for complex requests)
📋 Request Requirements
- • Identity verification (for security)
- • Specific description of request
- • Preferred delivery method
- • Legal basis for objections (if applicable)
9. Data Security
We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
🔐 Technical Safeguards
- • End-to-end encryption (TLS 1.3, AES-256)
- • Database encryption at rest
- • Secure key management and rotation
- • Multi-factor authentication (MFA)
- • Regular security audits and penetration testing
- • Automated vulnerability scanning
🏢 Organizational Measures
- • Role-based access controls (RBAC)
- • Regular staff security training
- • Data minimization principles
- • Incident response procedures
- • Vendor security assessments
- • Privacy impact assessments (PIAs)
🛡️ Infrastructure Security
- • SOC 2 Type II compliant hosting (Supabase)
- • Distributed denial-of-service (DDoS) protection
- • Web application firewall (WAF)
- • Continuous monitoring and alerting
- • Automated backup and disaster recovery
- • Geographic data replication
🚨 Incident Response
- • 24/7 security monitoring
- • Immediate breach containment procedures
- • Regulatory notification (within 72 hours)
- • User notification for high-risk breaches
- • Forensic investigation capabilities
- • Post-incident security improvements
🔒 Your Security Role
Help us protect your account by:
- • Using strong, unique passwords
- • Enabling two-factor authentication
- • Keeping your browser and apps updated
- • Logging out of shared devices
- • Reporting suspicious activity immediately
- • Being cautious with phishing emails
10. International Data Transfers
To provide our global services, we may transfer your personal data across borders. We ensure all transfers comply with applicable data protection laws through appropriate safeguards:
🌍 Transfer Mechanisms
EU/UK Adequacy Decisions:
- • Transfers to countries with adequate protection
- • Includes: Switzerland, Canada, Japan, South Korea
- • No additional safeguards required
Standard Contractual Clauses (SCCs):
- • EU Commission approved contracts
- • Used for US and other third-country transfers
- • Includes additional protective measures
📊 Our Data Flow Map
| Service Provider | Data Location | Transfer Basis | Data Categories |
|---|---|---|---|
| Supabase (Primary) | EU (Ireland) | EU Processing | All user data, profiles, applications |
| Supabase (Backup) | US (Virginia) | SCCs + Addendum | Encrypted backup data |
| PayPal | Global (Various) | SCCs | Payment data, billing information |
| Resend | EU & US | SCCs | Email addresses, message content |
| Vercel CDN | Global Edge | Legitimate Interest | Performance logs, cached content |
🛡️ Additional Safeguards
Technical Measures:
- • End-to-end encryption during transfer
- • Pseudonymization where possible
- • Data minimization for cross-border transfers
- • Regular security assessments of transfer methods
Legal Protections:
- • Data processing agreements with all processors
- • Regular compliance audits
- • Government access transparency reports
- • Legal challenge mechanisms for data requests
12. Email Communications and Tracking
We send various types of emails to communicate with you. This section explains what emails you'll receive, how we track engagement, and how to control your preferences.
📧 Transactional Emails
Essential service communications (cannot opt out)
- • Account verification and password resets
- • Application confirmations and status updates
- • Payment receipts and billing notifications
- • Security alerts and account changes
- • Support ticket updates
📬 Marketing Emails
Promotional content (consent required - can opt out)
- • Job recommendations and career opportunities
- • Platform updates and new features
- • Industry insights and career tips
- • Educational content and webinars
- • Special offers and promotions
🔔 Notification Emails
Activity-based alerts (can customize frequency)
- • New job matches and recommendations
- • Application status changes
- • Messages from employers
- • Assessment reminders
- • Weekly activity summaries
📊 Email Analytics
We track email engagement for service improvement
- • Delivery Status: Sent, delivered, bounced
- • Open Tracking: Email open rates and timestamps
- • Click Tracking: Link clicks and destinations
- • Unsubscribe Events: Opt-out tracking
- • Spam Reports: Complaint monitoring
🔍 Email Tracking Details
What We Track:
- • Email opens (using 1x1 pixel images)
- • Link clicks (through redirected URLs)
- • Time spent reading emails (estimated)
- • Device and email client information
- • Geographic location (country/region level)
Why We Track:
- • Improve email content and timing
- • Measure campaign effectiveness
- • Personalize future communications
- • Ensure deliverability and compliance
- • Detect and prevent email abuse
🛡️ Privacy Controls:
- • Disable Tracking: Block images in your email client
- • Unsubscribe: Use links in email footers
- • Preferences: Manage email preferences
- • Data Deletion: Request removal of email analytics data
📮 Email Service Providers
Resend (Transactional)
- • Account-related and notification emails
- • DKIM, SPF, and DMARC authentication
- • EU and US data processing
- • Webhook-based delivery tracking
Brevo (Marketing)
- • Newsletter and promotional campaigns
- • Advanced segmentation and automation
- • GDPR-compliant consent management
- • Detailed analytics and reporting
13. Children's Privacy
Age Restriction Policy
SkillThrive is designed for professional use and is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
🔞 Age Verification
- • Users must confirm they are 16 or older during registration
- • Age verification is part of account creation process
- • Educational use requires parental/guardian consent
- • School accounts must comply with student privacy laws
🛡️ If We Discover Underage Users
- • Immediate suspension of account access
- • Deletion of all personal information
- • Notification to parents/guardians if identifiable
- • Review of registration and verification processes
👨👩👧👦 Parental Rights and Notifications
If you believe your child under 16 has created an account or provided personal information to us, please contact us immediately at:
Email: support@skillthrive.io
Subject Line: "Underage User - Immediate Action Required"
Include: Child's name, suspected username/email, and your relationship to the child
14. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
📊 Categories of Personal Information We Collect
| Category | Examples | Collected? | Shared? |
|---|---|---|---|
| Identifiers | Name, email, phone, username | ✓ Yes | Service providers only |
| Protected Classifications | Age, gender (optional) | ✓ Yes | No |
| Commercial Information | Purchase history, subscriptions | ✓ Yes | Payment processors only |
| Internet Activity | Browsing history, searches | ✓ Yes | Analytics providers only |
| Geolocation Data | Country, region, city | ✓ Yes | Service providers only |
| Professional Information | Work experience, skills | ✓ Yes | Employers (with consent) |
| Education Information | Schools, degrees, certifications | ✓ Yes | Employers (with consent) |
| Inferences | Preferences, aptitudes, abilities | ✓ Yes | No |
🔍 Your CCPA Rights
- • Right to Know: Request details about data collection
- • Right to Delete: Request deletion of personal information
- • Right to Correct: Fix inaccurate personal information
- • Right to Opt-Out: Opt out of selling/sharing for ads
- • Right to Limit: Limit use of sensitive information
- • Non-Discrimination: Equal service regardless of privacy choices
📋 How to Exercise Rights
- • Online Form: Submit CCPA Request
- • Email: support@skillthrive.io
- • Authorized Agent: Provide written authorization
- • Verification: Identity verification required
- • Response Time: 45 days (extendable to 90)
💰 Sale and Sharing Disclosure
We DO NOT sell personal information for money
SkillThrive has never sold personal information for monetary consideration and has no plans to do so.
Limited data sharing for business purposes:
- • Analytics providers (Google Analytics)
- • Payment processors (PayPal)
- • Email service providers (Resend, Brevo)
- • Hosting and infrastructure providers
15. Policy Changes and Updates
📅 How We Handle Updates
Minor Changes:
- • Clarifications and formatting updates
- • Contact information changes
- • Link updates and corrections
- • Effective immediately upon posting
Material Changes:
- • New data collection practices
- • Changes to sharing or use of data
- • 30 days advance notice via email
- • Prominent notice on our website
🔔 Notification Methods
Email Notifications
- • Sent to all registered users
- • 30 days before effective date
- • Plain language summary
- • Links to full updated policy
Platform Notices
- • Banner on website and app
- • Dashboard notifications
- • Pop-up alerts for major changes
- • Version history available
Social Media
- • Announcements on social channels
- • Blog posts explaining changes
- • FAQ updates
- • Community forum discussions
📋 Version History and Archive
16. Contact Information and Complaints
📧 Privacy Inquiries
General Privacy Questions:
Data Protection Officer:
Data Subject Requests:
🏢 Company Contact
Mailing Address:
Asterix Technologies LLP
167-169 Great Portland Street, 5th Floor
London W1W 5PF, United Kingdom
Support:
⚖️ Regulatory Complaints
If you're not satisfied with our response to your privacy concerns, you have the right to file a complaint with the relevant data protection authority:
EU Residents
Your national data protection authority
Find your authority
UK Residents
Information Commissioner's Office (ICO)
ico.org.uk
CA Residents
California Attorney General
oag.ca.gov
Questions About Your Privacy?
We're here to help. Contact our privacy team for any questions about how we handle your personal data.