Database & Data Storage Policy - UK

Updated: January 24, 2026

For AariyaTech UK Limited - Job Search Optimiser Platform
Company No: 16772492 (England & Wales)

1. PURPOSE

This Database Policy defines how application data is stored, accessed, and protected at the database and infrastructure level. It supports the implementation of AariyaTech UK Limited's Data Protection Policy and ensures compliance with UK data residency and data protection requirements.

Job Search Optimiser (JSO) is a platform created and operated by AariyaTech UK Limited (Company No: 16772492), registered in England & Wales.

2. SCOPE

This policy applies to all production databases and storage systems used by the Job Search Optimiser to store user, application, document, and transactional data.

3. DATA CLASSIFICATION

The database and storage systems may contain the following categories of data:

  • Personal data (e.g. name, email address, phone number)
  • Career and employment-related information
  • Uploaded documents (e.g. resumes/CVs)
  • Profile images
  • Appointment and consultation records
  • Payment and transaction metadata
  • Calendar API data
  • CV analysis data (Gemini)

All such data is classified as confidential and is handled in accordance with UK GDPR and the Data Protection Act 2018.

4. STORAGE ARCHITECTURE

Job Search Optimiser data is stored across three distinct locations, each serving specific purposes:

Location 1: Amazon S3 (AWS London Region - UK)

Purpose: User profile and document storage

Data Stored:

  • CVs and uploaded documents
  • Profile images

Region: AWS London Region (UK-based)

Availability: AWS managed redundancy (99.99% availability guarantee)

Location 2: Supabase (EU West Region)

Purpose: Primary application and user data storage

Data Stored:

  • Personal data (name, email, phone number)
  • Career and employment-related information
  • Appointment and consultation records
  • Payment and transaction metadata
  • All other application data not stored in AWS S3 or Google Cloud

Region: EU West Region

Location 3: Google Cloud (UK Region)

Purpose: API and AI analysis data storage

Data Stored:

  • Calendar API data
  • Gemini CV analysis data

Region: Google Cloud UK Region

5. DATA RESIDENCY

Data residency for Job Search Optimiser is managed as follows:

  • Data stored in Amazon S3 is hosted in the UK-based AWS London region
  • Data stored in Google Cloud is hosted in the UK region
  • Data stored in Supabase is hosted in the EU West region
  • Cross-region replication is disabled for AWS S3, ensuring data remains within the UK environment
  • Production data is not replicated or stored outside its designated region
6. ACCESS CONTROL

Access to production data is controlled through the following measures:

  • Access to production data is restricted to authenticated and authorised users only
  • Database-level access controls, including Row Level Security (RLS), are enforced to ensure users can only access data that belongs to them
  • Administrative access is limited to approved personnel and follows the principle of least privilege
7. ENCRYPTION & DATA SECURITY

Encryption in Transit

Data is transmitted securely using encrypted connections (TLS).

Encryption at Rest

Data stored in Amazon S3 buckets is encrypted at rest using server-side encryption with Amazon S3 managed keys (SSE-S3), which is enabled by default.

8. DATA AVAILABILITY & BACKUPS

Data durability and availability are provided through the native mechanisms of each storage provider:

  • Amazon S3 provides built-in redundancy and high availability guarantees
  • Supabase provides data redundancy and availability mechanisms
  • Google Cloud provides data redundancy and availability mechanisms

At present, no additional application-level backups are maintained beyond the native durability and availability mechanisms provided by each storage service.

9. THIRD-PARTY ACCESS
  • No third-party services directly access production data stored in Amazon S3 buckets, Supabase, or Google Cloud.
  • All access to stored data is managed internally through authorised application services.
  • Payment processing partners (Stripe and Razorpay) receive only transaction metadata necessary for payment processing, as defined in AariyaTech UK Limited's Data Protection Policy.
10. MONITORING & AUDITING
  • Database and storage access activities are logged and monitored to support security, operational oversight, and compliance requirements.
  • Audit-relevant metadata (such as record creation and modification timestamps) is maintained where applicable.
11. DATA RETENTION & DELETION
  • Personal data is retained only for as long as necessary to provide the service and meet legal or operational requirements.
  • Users may request deletion of their personal data in accordance with GDPR Article 17 (Right to Erasure).
  • Data retention and deletion practices are aligned with AariyaTech UK Limited's Data Protection Policy.
12. AUTO DATA DELETION POLICY

Job Search Optimiser implements an automatic data deletion policy to protect user privacy and ensure data is not retained longer than necessary.

Automatic Data Deletion

User data is automatically deleted after 45 days following account deletion or user request, unless the user has agreed to extended data storage.

Extended Data Storage (12 Months)

Users who agree to the terms and conditions may opt for extended data storage of up to 12 months. This option allows users to:

  • Retain access to their career data and profile information for up to 12 months
  • Re-activate their account within the 12-month period without data loss
  • Download or export their data at any time before automatic deletion

Data Deletion Timeline

  • Default: 45 days automatic deletion after account closure or deletion request
  • With Agreement: Up to 12 months retention if user opts for extended storage
  • After Retention Period: All data is permanently deleted and cannot be recovered

User Control

Users retain full control over their data deletion preferences:

  • Users can request immediate deletion of their data at any time
  • Users can change their data retention preference from 45 days to 12 months, or vice versa
  • Users will receive notification before automatic deletion occurs
Account Deletion Request

You may submit a formal request to delete your account and associated data. Our team will review and process your request according to the data retention policy.

Submit Request
13. SECURITY INCIDENTS & BREACHES

In the event of a security incident or data breach involving database or storage systems, the incident will be handled in accordance with AariyaTech UK Limited's Data Protection Policy and internal incident response procedures.

14. COMPLIANCE

This policy operates in conjunction with AariyaTech UK Limited's Data Protection Policy and supports compliance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
15. CONTACT US

For questions about our database and data storage practices, or to exercise your data rights, please contact us:

AariyaTech UK Limited

Job Search Optimiser

Sussex Innovation Center

Science Park Square

Brighton BN1 9SB

United Kingdom

hello@jobsearchoptimiser.com