Database & Data Storage Policy - UK

Updated: April 2026

For AariyaTech UK Limited - Job Search Optimiser (JSO) Platform
Company No: 16772492 (England & Wales) | ICO Registration No: ZC104212

1. PURPOSE

This Database Policy defines how application data is stored, accessed, and protected at the database and infrastructure level. It supports the implementation of AariyaTech UK Limited's Data Protection Policy and ensures compliance with UK data residency and data protection requirements. Job Search Optimiser (JSO) is a platform created and operated by AariyaTech UK Limited.

2. SCOPE

This policy applies to all production databases and storage systems used by the Job Search Optimiser to store user, application, document, and transactional data.

3. DATA CLASSIFICATION

The database and storage systems may contain the following categories of data:

  • Personal data (e.g., name, email address, phone number)
  • Authentication data and secure tokens from SSO providers (Google, GitHub, LinkedIn, Bitbucket)
  • Career and employment-related information
  • Uploaded documents (e.g., resumes/CVs) and project repositories
  • Profile images
  • Appointment and consultation records
  • Payment and transaction metadata (Stripe/Razorpay)
  • Calendar API data
  • CV analysis data (processed via Google Gemini)

All such data is classified as confidential and is handled in strict accordance with the UK GDPR and the Data Protection Act 2018.

4. STORAGE ARCHITECTURE

Job Search Optimiser data is securely stored across three distinct cloud environments, each serving specific purposes:

Location 1: Amazon S3 (AWS London Region - UK)

Purpose: User profile and document storage

Data Stored: CVs, uploaded documents, and profile images

Availability: AWS managed redundancy (99.99% availability guarantee)

Location 2: Supabase (EU West Region)

Purpose: Primary application and relational user data storage

Data Stored: Personal data, career information, appointment records, payment metadata, and SSO authentication states

Location 3: Google Cloud (UK Region)

Purpose: API and AI analysis data processing

Data Stored: Calendar API data and temporary Gemini CV analysis processing data

5. DATA RESIDENCY

Data residency for Job Search Optimiser is managed to ensure legal compliance:

  • Data stored in Amazon S3 is hosted in the UK-based AWS London region.
  • Data stored in Google Cloud is hosted in the UK region.
  • Data stored in Supabase is hosted in the EU West region (recognised as an adequate and secure jurisdiction for data transfers under UK GDPR).
  • Cross-region replication is disabled for AWS S3, ensuring localised data remains within the UK environment. Production data is not replicated outside its designated, compliant regions.
6. ACCESS CONTROL

Access to production data is controlled through the following measures:

  • Access is restricted to authenticated and authorised personnel only.
  • Database-level access controls, including strict Row Level Security (RLS) on Supabase, are enforced to ensure users can only access data that explicitly belongs to them.
  • Administrative access is limited to approved technical personnel and follows the principle of least privilege.
7. ENCRYPTION & DATA SECURITY

Encryption in Transit

All data is transmitted securely using encrypted connections (TLS/HTTPS).

Encryption at Rest

Data stored in Amazon S3 buckets is encrypted at rest using server-side encryption with Amazon S3 managed keys (SSE-S3). Furthermore, data hosted on Supabase and Google Cloud is automatically encrypted at rest utilising AES-256 encryption standards.

8. DATA AVAILABILITY & BACKUPS

Data durability and availability are provided through the native enterprise mechanisms of each storage provider (AWS, Supabase, Google Cloud). At present, we rely on the continuous native durability, redundancy, and point-in-time recovery mechanisms provided by these cloud services rather than maintaining external, duplicative application-level backups.

9. THIRD-PARTY ACCESS

No third-party services directly access production data stored in our databases. All access to stored data is managed internally through authorised JSO application APIs. Payment processing partners (Stripe and Razorpay) receive only the transaction metadata necessary for payment processing, as defined in our Privacy Policy.

10. MONITORING & AUDITING

Database and storage access activities are logged and monitored to support security, operational oversight, and compliance requirements. Audit-relevant metadata (such as record creation and modification timestamps) is maintained where applicable.

11. DATA RETENTION & DELETION

Personal data is retained only for as long as necessary to provide the service and meet legal or operational requirements. Users may request deletion of their personal data in accordance with UK GDPR Article 17 (Right to Erasure).

12. AUTO DATA DELETION POLICY

Job Search Optimiser implements a strict automatic data deletion policy to protect user privacy and minimise our digital footprint.

Automatic Deletion (Default):

To protect user privacy, inactive accounts and associated CV data are automatically deleted after 45 days of inactivity, or immediately upon an account deletion request, unless the user has explicitly agreed to extended data storage.

Extended Data Storage (Up to 12 Months):

Users may explicitly opt-in to extended data storage. This allows users to retain access to their career data, re-activate their account, or export their data at any time within a 12-month period without data loss.

End of Life:

After the respective retention period (45 days or 12 months), all data is permanently destroyed from our production databases and cannot be recovered.

Account Deletion Request

You may submit a formal request to delete your account and associated data. Our team will review and process your request according to the data retention policy.

Submit Request
13. SECURITY INCIDENTS & BREACHES

In the event of a security incident or data breach involving database or storage systems, the incident will be handled in immediate accordance with AariyaTech UK Limited's incident response procedures and ICO reporting guidelines.

14. COMPLIANCE

This policy operates in conjunction with AariyaTech UK Limited's Privacy Policy and supports compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

15. CONTACT US

For questions about our database and data storage practices, or to report a security concern, please contact our Data Protection Officer:

privacy@jobsearchoptimiser.com
+44 7384025531

AariyaTech UK Limited
Company No: 16772492
ICO Registration No: ZC104212
Registered in England & Wales
Sussex Innovation Center, Science Park Square, Brighton BN1 9SB

Data Policy