×
Home For Employers For Candidates Vacancies Contact

Legal

Privacy Policy

Last updated: 23 February 2026

City Solutions (AI) Ltd ("we", "us", "our") is committed to protecting your personal data. This policy explains what data we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.

Data Controller: City Solutions (AI) Ltd, registered in England & Wales.
Contact: privacy@citysolutions-ai.co.uk

1. Data We Collect

CategoryData collectedLawful basis
AccountEmail address, hashed password, roleContract performance
Candidate profileFull name, phone, current role, specialism, salary expectations, availability, LinkedIn URLContract performance / Legitimate interest
CV documentUploaded CV file (PDF/Word, stored privately in Cloudflare R2)Contract performance
Employer profileCompany name, contact name, phone, sectorContract performance
ApplicationsVacancy ID, cover message, application statusContract performance
MessagesMessage body, timestamps, read receiptsContract performance / Legitimate interest
Usage dataCloudflare Workers access logs (IP, timestamp, path) — retained 7 daysLegitimate interest (security)

2. How We Use Your Data

  • To match candidates with relevant AI roles and communicate progress
  • To allow employers to submit briefs and review shortlisted candidates
  • To send transactional notifications (application updates, messages, password resets)
  • To maintain platform security and prevent abuse

We do not sell your data to third parties or use it for advertising.

3. Data Storage & Transfers

All data is stored in Cloudflare's infrastructure. Database records are held in Cloudflare D1 (EU region). CV files are stored in Cloudflare R2 (EU region). Email is sent via Resend (US-based, covered by standard contractual clauses).

4. Data Retention

Data typeRetention period
Active candidate / employer accountsUntil account deleted
CV filesUntil replaced or account deleted
Applications & messages2 years from last activity
Password reset tokens1 hour (auto-expired)
Access logs7 days

5. Your Rights (UK GDPR)

You have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data via your portal profile
  • Erasure — delete your account and all associated data (see below)
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — request restriction of processing in certain circumstances

To exercise any right, email privacy@citysolutions-ai.co.uk. We will respond within 30 days.

6. Deleting Your Account

You may delete your account and all associated personal data at any time from your Candidate Portal (Settings → Delete Account). This permanently removes your profile, CV, applications, and messages from our systems. Some aggregate anonymised statistics may be retained.

Alternatively, email privacy@citysolutions-ai.co.uk and we will complete deletion within 30 days.

7. Cookies

We use a single httpOnly, SameSite=Strict session cookie (auth_token) to maintain your login session. This cookie is essential for the platform to function and cannot be disabled while logged in. We do not use tracking or advertising cookies.

8. Security

Passwords are hashed using PBKDF2-SHA256 (100,000 iterations) — they are never stored in plain text. All data is transmitted over HTTPS. CV files are stored in a private R2 bucket with no public URL; access is restricted to authenticated admin users only via time-limited signed requests.

9. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email. The date at the top of this page indicates the last revision.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).