Privacy Policy

McKent Ltd ("McKent", "we", "our", "us") operates the job marketplace at mckent.net and related mobile applications. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over your data.

We are committed to processing personal data in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR) where applicable, the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL), and relevant data protection legislation in India.

By creating an account or using our services, you acknowledge that you have read and understood this Privacy Policy.

We collect personal data in the following categories:

Account & Identity Data: Name, email address, password (hashed), profile photo, date of birth, and account type (employer or candidate).

Professional Data (Candidates): Work history, education, skills, certifications, resume files, LinkedIn URL, and portfolio links uploaded or parsed from resumes.

Professional Data (Employers): Company name, company size, industry, job descriptions, and billing contact details.

Usage Data: Pages visited, features used, search queries, job applications submitted, and interaction with AI features. Collected via server logs and analytics.

Device & Technical Data: IP address, browser type and version, operating system, screen resolution, and cookie identifiers.

Communications: Messages sent through the in-app messaging system between candidates and employers, and support communications sent to us.

Location Data: City and country inferred from IP address, and location preferences entered by users for job search.

AI-Processed Data: Parsed resume content, ATS scores, AI-generated recommendations, and match scores. These are derived from data you provide.

We process your data on the following legal bases:

Contract Performance: Processing necessary to fulfil our service contract with you — account management, job matching, application submission, and messaging.

Legitimate Interests: Improving our platform, detecting fraud, maintaining security, and understanding how our service is used. We balance these interests against your privacy rights.

Consent: Where required, such as for optional analytics cookies, marketing emails, or sharing anonymised data for research purposes. You may withdraw consent at any time.

Legal Obligation: Retaining transaction records and responding to lawful requests from public authorities.

We use personal data to:

• Create and maintain your account and verify your identity • Match candidates to relevant job postings using AI algorithms • Display candidate profiles to employers for relevant roles • Enable in-app messaging between employers and candidates • Generate ATS scores, resume improvement suggestions, and AI career coaching • Send transactional emails (account confirmation, application updates, new messages) • Send service announcements and important policy changes • With your consent, send promotional emails about new features or relevant jobs • Detect and prevent fraud, spam, and abuse • Analyse usage patterns to improve the platform • Comply with legal obligations and enforce our Terms of Service

We do not sell your personal data. We share data only in the following circumstances:

Employers: When you apply for a job or your profile is visible to recruiters, your professional data (name, headline, skills, experience, resume) is shared with the relevant employer.

Candidates: Employers who post jobs can see applications including your uploaded resume and profile. They may see your name and contact details when you apply.

Service Providers: We engage third-party service providers to operate the platform — including cloud infrastructure (Supabase/PostgreSQL), email delivery, payment processing, and AI model providers. All processors are bound by data processing agreements and may not use your data for any other purpose.

Legal Requirements: We may disclose personal data if required by law, court order, or to protect the rights and safety of McKent, its users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users in advance.

Aggregate & Anonymised Data: We may share aggregated, non-identifiable statistics about platform usage with partners, investors, or in public reports.

McKent operates across the US, UAE, and India. Your data may be processed in servers located in any of these regions or in cloud regions operated by our infrastructure providers.

When transferring personal data from the European Economic Area (EEA) or UK to third countries, we rely on Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. Data transferred to UAE-based servers is handled in accordance with PDPL requirements.

We retain personal data for as long as your account is active or as needed to provide our services.

If you delete your account, we will delete or anonymise your personal data within 30 days, except:

• Data we are required to retain by law (e.g., billing records for 7 years) • Data needed to resolve disputes or enforce agreements • Anonymised/aggregated data that cannot reasonably identify you

Resumes and application data associated with an employer's hiring record may be retained by that employer in accordance with their own retention policies, which is outside our control once shared.

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption in transit (TLS 1.2+) and at rest • Row-Level Security (RLS) policies at the database level ensuring users can only access their own data • Hashed passwords using industry-standard algorithms • Role-based access controls for internal systems • Regular security reviews and penetration testing

No system is completely secure. If we become aware of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by law.

We use cookies and similar technologies to:

• Maintain your session and keep you logged in (strictly necessary) • Remember your preferences and settings (functional) • Analyse usage patterns to improve the platform (analytics — with consent)

You can control cookies through your browser settings. Disabling strictly necessary cookies may affect platform functionality.

Depending on your location, you have the following rights regarding your personal data:

Right of Access: Request a copy of the personal data we hold about you. Right of Rectification: Ask us to correct inaccurate or incomplete data. Right to Erasure: Request deletion of your data ("right to be forgotten"), subject to our legal retention obligations. Right to Restrict Processing: Ask us to stop actively processing your data in certain circumstances. Right to Data Portability: Receive your data in a machine-readable format. Right to Object: Object to processing based on legitimate interests or for direct marketing. Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. Right to Lodge a Complaint: If you are in the EEA/UK, you may lodge a complaint with your local data protection authority.

To exercise any right, email privacy@mckent.net. We will respond within 30 days.

McKent is not directed to children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verifiable parental consent, we will delete it promptly. Contact us at privacy@mckent.net if you believe we have inadvertently collected data about a minor.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address on your account) and by displaying a notice on the platform at least 14 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

For privacy-related questions, data subject requests, or to report a concern, contact us at:

Email: privacy@mckent.net Postal: McKent Ltd, Privacy Team, [Registered Address]

For general support, visit our Contact page or email support@mckent.net.