Privacy Policy
Last Updated: June 11, 2026
1. Introduction
1.1 GradSearch ("we", "us", "our") is committed to protecting the privacy and security of your personal data.
1.2 This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the GradSearch or the Atlas platform jointly or severally ("Platform").
1.3 This Privacy Policy should be read in conjunction with our Terms and Conditions and any definitions contained in this Privacy Policy which are not defined herein are as defined in the Terms and Conditions.
1.4 By using the Platform, you consent to the practices described in this Privacy Policy.
1.5 We reserve the right to amend this Privacy Policy subject to the following: (a) where the amendment is material (including, without limitation, changes to the categories of personal data processed, the purposes for which it is processed, the recipients of personal data, or your rights as a data subject), we shall give Users not less than thirty (30) days’ prior notice (by email to the registered email address or by prominent notice on the Platform); and (b) where the amendment is non-material (including typographical corrections, clarifications and immaterial operational changes), it may take effect on posting. Your continued use of the Platform following the effective date of any amendment constitutes acceptance of the modified Privacy Policy.
1.6 Residents of certain jurisdictions may have additional rights under local law. If you located in the United States, the GradSearch US Privacy Addendum applies in addition to this Privacy Policy. In the event of any conflict between the Privacy Policy and the US Privacy Addendum, the US Privacy Addendum will govern for US users.
2. Legal Basis
2.1 We process personal data in accordance with:
• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data;
• Implementing regulations and guidelines issued by the UAE Data Bureau;
• Other applicable UAE federal and emirate-level laws and regulations.
2.2 Our lawful bases for processing personal data include:
• Your consent;
• Performance of a contract with you;
• Compliance with legal obligations;
• Our legitimate interests in operating and improving the Platform.
3. Data Controller
3.1 GradSearch is the data controller responsible for your personal data collected through the Platform.
3.2 Our contact details are:
• Company Name: GradSearch L.L.C.- FZ
• Registered Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
• Contact Email: support@gradsearch.com
4. Personal data we collect
4.1 Information You Provide Directly
When you register for and use the Platform, we collect the following personal data:
For all Users:
• Full name;
• Email address;
• Phone number;
• Date of birth;
• Location, region, and city;
• Nationality;
• Password (encrypted);
• Profile photograph (optional);
• Educational background and qualifications;
• Professional experience and skills;
• Account preferences and settings.
For Emirati Citizens:
• Emirates ID (EID);
• Emirates ID number.
For Candidates:
• Education details and certifications;
• Career objectives and interests;
• CV/resume content;
• Application materials;
• Job preferences.
For Mentors:
• Professional expertise and specializations;
• Availability schedule;
• Pricing information (if applicable);
• Payment account details;
• Verification documents.
For Employers:
• Company name and registration details;
• Authorized representative information;
• Job posting details;
• Company profile information;
• Verification documents;
• Subscription and payment information.
For Universities:
• Institution details;
• Authorized representative information;
• Verification documents;
• Partnership agreement details.
4.2 Information collected automatically
When you use the Platform, we automatically collect:
• IP address;
• Location;
• Device information (type, operating system, browser);
• Log data (access times, pages viewed, actions taken);
• Cookies and similar tracking technologies;
• Usage patterns and behavior on the Platform.
4.3 Information from third parties
We receive information from third-party services including:
• Payment transaction data, payment method details;
• Data processed through automated workflows;
• Data processed as part of the provision of Analytics;
• Social media platforms: If you connect your social media accounts (profile information as permitted by the platform).
• Third-party data sources accessed by the Platform in connection with its candidate sourcing, matching, enrichment and related recruitment functionality, comprising publicly available, commercially available or otherwise lawfully accessible information such as professional history, education, location, qualifications and other profile data. The nature, type, identity and number of such third-party data sources may change from time to time as GradSearch develops the Platform, adds new functionality, or adds, replaces or removes providers;
• Data sources licensed to GradSearch for the purpose of providing recruitment, candidate sourcing and matching services.
4.4 Communications Data
We collect and store:
• Messages sent through the Platform's messaging system;
• Communications with GradSearch support;
• Feedback and survey responses.
4.5 Information from Single Sign-On (SSO) Providers
4.5.1 If you choose to register or log in using a Single Sign-On service (such as Google, Apple, LinkedIn, Microsoft, or other third-party authentication providers), we collect information from your SSO provider account, including:
• Name;
• Email address;
• Profile picture;
• User ID from the SSO provider;
• Any other information you authorize the SSO provider to share with us.
4.5.2 The specific information we receive depends on:
• Your privacy settings with the SSO provider;
• The permissions you grant during the SSO authentication process;
• The data policies of the SSO provider.
4.5.3 We use this information to:
• Create and manage your GradSearch account;
• Authenticate your identity;
• Pre-populate your profile information;
• Communicate with you.
4.5.4 By using SSO login, you authorize us to access and use this information in accordance with this Privacy Policy.
4.5.5 We do not receive or store your SSO provider password. Authentication is handled entirely by the third-party SSO provider.
4.5.6 Sign in with Apple Specific Provisions:
• Apple may provide a private relay email address that forwards to your actual email;
• You may choose to hide your email address from GradSearch;
• If you hide your email, we will only have access to the relay email address;
• This may limit certain Platform functionality that requires direct email communication.
5. How we use your personal data
5.1 We use your personal data for the following purposes:
Service Delivery:
• Creating and managing your account;
• Facilitating mentorship connections;
• Processing job applications and AI-driven talent sourcing via the Platform;
• Providing access to the Events Center;
• Enabling messaging between Users;
• Processing payments and subscriptions;
• Providing customer support; and
• To improve service offerings and offer more services.
Platform Operations:
• Authenticating Users and preventing fraud;
• Monitoring Platform performance and security;
• Conducting data analytics to improve Services;
• Generating Compatibility Scores for Employers;
• Maintaining records and resolving disputes.
Communications:
• Sending transactional emails (confirmations, receipts, notifications);
• Providing Service updates and announcements;
• Sending marketing communications (with your consent);
• Responding to your inquiries.
Legal and Compliance:
• Complying with UAE laws and regulations;
• Responding to legal requests and preventing harm;
• Enforcing our Terms and Conditions;
• Protecting our rights and property.
Research and Development:
• Analyzing usage trends and User behavior;
• Developing new features and services;
• Improving matching algorithms and Compatibility Scores.
6. Legal basis for processing
We process your personal data based on the following legal grounds:
6.1 Consent: When you provide explicit consent for specific processing activities (e.g., marketing communications, optional data collection).
6.2 Contract Performance: Processing necessary to provide services you have requested or to enter into a contract with you.
6.3 Legal Obligation: Processing required to comply with UAE laws, regulations, or legal processes.
6.4 Legitimate Interests: Processing necessary for our legitimate business interests, such as:
• Fraud prevention and security;
• Improving our Services;
• Internal analytics;
provided such processing does not override your rights under UAE Law.
7. Data sharing and disclosure
7.1 We may share your personal data with:
Other Users (including but not limited to circumstances where):
• Candidates can view Mentor profiles, availability, and qualifications;
• Mentors can view Candidate profiles for scheduled sessions;
• Employers can view Candidate profiles and application materials;
• Universities can view Candidate, Mentor and Employer profiles;
• Users can communicate through the Platform messaging system;
Third-party service providers including but not limited to:
• Payment processing;
• Workflow automation and data integration;
• Cloud hosting providers;
• Analytics services;
• Customer support platforms;
• Email service providers.
Business partners such as:
• Universities (under partnership agreements);
• Employers (for recruitment purposes);
• Event organizers featured in the events center on the Platform.
Legal and Regulatory Authorities:
• When required by UAE law or regulation;
• In response to valid legal processes (court orders, subpoenas);
• To protect the rights, property, or safety of GradSearch, Users, or the public;
• In connection with the investigation of fraud, security breaches, or illegal activity.
Business Transfers:
• In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity.
8. International data transfer
8.1 Some service providers (such as cloud hosting or analytics services) may process data outside the UAE.
8.2 When data is transferred internationally, we make reasonable attempts to ensure appropriate safeguards are in place, including:
• Standard contractual clauses;
• Adequacy decisions by UAE authorities where relevant;
• Other legally compliant transfer mechanisms.
8.4 By using the Platform, you consent to such international transfers as necessary to provide Services.
8.5 The Platform is operated from the United Arab Emirates and is intended principally for use in connection with employment and recruitment activity within the UAE. The Platform is accessible from outside the UAE; where you access the Platform from, or your personal data is processed in connection with, another jurisdiction, additional data protection or employment laws of that jurisdiction may apply to such processing. Nothing in this Privacy Policy is intended to displace any non-waivable rights you may have under the laws of your jurisdiction of residence.
9. Data retention
9.1 General Retention Principles
We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy and as required by UAE law.
9.2 Specific Retention Periods
Active User Accounts:
• Data is retained for the duration of your active use of the Platform.
Inactive Accounts:
• If your account remains inactive for 24 consecutive months, we may delete or anonymize your personal data unless:
• We have a legal obligation to retain it;
• It is necessary for ongoing disputes or claims;
• You request continued retention.
Financial and Transaction Records:
• Payment and transaction data is retained for a minimum of 5 years from the date of the transaction to comply with UAE financial and tax regulations.
Communications and Messages:
• Platform messages may be retained for 12 months from the date sent unless required for dispute resolution or legal purposes.
Employer Job Postings:
• Job posting data may be retained for 3 years after the posting expires or is removed.
Mentorship Session Records:
• Records of Mentorship Meetings (bookings, payments) may be retained for 3 years following the session date.
Legal and Compliance Records:
• Data retained for legal, regulatory, or compliance purposes may be retained for 10 years.
Marketing Data:
• If you consent to marketing communications, your data may be retained until you withdraw consent
SSO Authentication Data:
• SSO provider user IDs and authentication tokens are retained for the duration of your active account;
• Upon account deletion, SSO connections are immediately severed;
• Authentication logs may be retained for security purposes for 12 months.
Atlas / Agentic AI Service Data:
• Employer Search queries are retained for up to 12 months from submission, and are hashed or otherwise pseudonymised within 30 days of submission;
• Sourced Candidate records (including profile data ingested from third-party data sources) are retained for up to 24 months from the date of last refresh, after which they are refreshed, anonymised or deleted; Sourced Candidate records (including profile data ingested from third-party data sources) are retained, where applicable, for up to 24 months from the date of last refresh, unless a shorter period is required by applicable law, a Candidate suppression or removal request, GradSearch’s internal retention practices, or the terms applicable to the relevant third-party data source, after which they are refreshed, anonymised, suppressed or deleted;
• Compatibility Scores and Predictive Criteria (including the Nafis Eligibility Indicator) generated about a Candidate are retained for up to 12 months from generation, unless suppressed, replaced or withdrawn earlier under clause 17 or clause 20;
• Large language model interaction traces (including prompts and AI-generated outputs) are retained for up to 60 days for the purposes of debugging, abuse prevention and quality assurance, after which they are deleted;
• Audit logs (including records of access, exports and material configuration changes) are retained for up to 7 years to support compliance, dispute resolution and regulatory enquiries;
• Suppression and exclusion lists (recording Candidates who have requested removal or suppression) are retained for as long as necessary to give effect to the relevant request; and
• Auto-apply / Candidate Autopilot submission history (where the relevant feature is enabled) is retained for up to 24 months from submission.
For the avoidance of doubt, and in respect of the categories of data described above:
(a) “Sourced Candidate records” refers to Candidate profile data that GradSearch may ingest from third-party data sources into the Platform’s searchable sourcing index, where such an index is implemented. The retention period of 24 months stated above applies to such records only where they are held in that index, unless a shorter period is required by applicable law, a Candidate suppression or removal request, GradSearch’s internal retention practices, or the terms applicable to the relevant third-party data source, after which they are refreshed, anonymised, suppressed or deleted in accordance with the Platform’s retention practices;
(b) cached, enriched or augmented data generated or held by the Platform as part of the operation of the Agentic AI Service is retained only for the period reasonably necessary to fulfil the relevant operational purpose, and is subject to the same refresh, anonymisation and deletion arrangements;
(c) where an Employer has explicitly saved a Candidate to the Employer’s own pipeline, list, project or workspace within the Platform (an “Employer-saved Record”), the retention of that Employer-saved Record is governed by the Employer’s own retention policy and the Employer’s lawful basis for processing, subject to the deletion-cascade obligations under the Terms of Service and to any Candidate-initiated suppression request made under clause 10.6 of this Privacy Policy; and
(d) “Audit logs” as referred to above means records of metadata about access, exports, configuration changes and similar events (such as user identifier, timestamp, action type and resource accessed), and does not include the underlying personal data of any Candidate.
9.3 Data deletion
9.3.1 Upon expiration of the retention period, we will securely delete or anonymize your personal data.
9.3.2 Some data may be retained in anonymized or aggregated form for analytical purposes indefinitely.
9.3.3 Backup copies may persist for a reasonable period after deletion but will not be accessible for normal operations.
10. Your rights
Under UAE data protection law, you have the following rights regarding your personal data:
10.1 Right of Access
You have the right to request confirmation of whether we process your personal data and to access such data.
10.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data by emailing the email address in clause 3.2 above.
10.3 Right to Deletion
You have the right to request deletion of your personal data in certain circumstances:
• The data is no longer necessary for the purposes for which it was collected;
• You withdraw consent (where consent was the legal basis);
• You object to processing based on legitimate interests;
• The processing is unlawful;
• Deletion is required to comply with a legal obligation.
This right is subject to our legal obligations to retain certain data (e.g., financial records, dispute resolution), and in the event that you invoke your right to deletion, you understand that GradSearch may immediately withdraw access to the Platform from you.
10.4 Right to Restrict Processing
You have the right to request restriction of processing your personal data in certain circumstances:
• You contest the accuracy of the data;
• We no longer need the data but you require it for legal claims;
• You have objected to processing and verification is pending.
10.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
10.6 Right to Object
You have the right to object to processing based on legitimate interests, including profiling and direct marketing. Without limiting the foregoing, where you have been identified as a Candidate through the Agentic AI Service (including the Atlas service), you may request the removal or suppression of your Candidate record from the Platform’s sourced candidate index, and the suppression of any Predictive Criteria or Inferred Attributes generated about you, by writing to the contact address in clause 3.2 or by following the “Candidate Removal” pathway made available on the Platform from time to time. We shall give effect to a valid request without undue delay and shall confirm to you the action taken.
10.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.
10.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the UAE Data Bureau or other competent supervisory authority if you believe your data protection rights have been violated.
10.9 Exercising Your Rights
10.9.1 To exercise any of these rights, please contact us at support@gradsearch.com with:
• Your full name and registered email address;
• Specific right(s) you wish to exercise;
• Any relevant details or documentation.
10.9.2 We will respond to your request within 30 days or as otherwise required by UAE law.
10.9.3 We may require verification of your identity before processing requests.
10.9.4 In some cases, we may refuse requests that are manifestly unfounded, excessive, or would compromise others' rights and freedoms.
11. Data Security
11.1 Security Measures
We implement appropriate technical and organizational measures to protect your personal data against:
• Unauthorized access, use, or disclosure;
• Accidental loss or destruction;
• Alteration or damage;
• Unlawful processing.
11.2 Specific Security Practices
Our security measures include:
• Encryption of data in transit (SSL/TLS);
• Encryption of sensitive data at rest;
• Access controls and authentication mechanisms;
• Regular security assessments and updates;
• Employee training on data protection;
• Incident response procedures;
• Secure data backup systems.
11.3 Payment Security
11.3.1 Payment information is processed through a third-party service provider, which maintains industry-standard compliance and security measures.
11.3.2 We do not directly store complete payment card details on our systems.
11.4 User Responsibilities
11.4.1 You are responsible for maintaining the confidentiality of your account credentials.
11.4.2 You must notify us immediately of any unauthorized access to your account.
11.4.3 You should use strong passwords and enable any available security features.
11.5 No Absolute Security
11.5.1 While we strive to protect your personal data, no method of transmission or storage is 100% secure.
11.5.2 We cannot guarantee absolute security of your data.
11.5.3 You acknowledge and accept the inherent security risks of internet-based services.
12. Data breach notification
12.1 In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
• Notify the UAE Data Bureau without undue delay and, where feasible, within 72 hours of becoming aware of the breach;
• Notify affected Users without undue delay if the breach poses a high risk.
12.2 Breach notifications to Users will include:
• Nature of the breach;
• Likely consequences;
• Measures taken or proposed to address the breach;
• Contact point for further information.
13. Cookies and tracking technologies
13.1 What Are Cookies
Cookies are small text files stored on your device when you visit the Platform. We also use similar tracking technologies such as web beacons and pixels.
13.2 Types of Cookies We Use
Essential Cookies:
• Required for Platform functionality;
• Enable core features like authentication and security;
• Cannot be disabled without affecting Platform operation.
Performance Cookies:
• Collect information about Platform usage;
• Help us analyze and improve performance;
• Include analytics tools.
Functionality Cookies:
• Remember your preferences and settings;
• Enhance user experience;
• Store language and region preferences.
Marketing Cookies:
• Track your activity for advertising purposes;
• May be set by third-party advertising partners;
• Used only with your consent.
13.3 Third-Party Cookies
Third-party service providers (analytics, advertising) may set cookies when you use the Platform. These are governed by the respective third parties' privacy policies.
13.4 Managing Cookies
13.4.1 You can control cookies through your browser settings.
13.4.2 Blocking essential cookies may impair Platform functionality.
13.4.3 You can opt out of marketing cookies through our cookie consent tool or browser settings.
13.5 Do Not Track
Our Platform does not currently respond to "Do Not Track" signals from browsers.
14. Children's privacy
14.1 The Platform is not intended for individuals under the age of majority in the jurisdiction that they are located in when using the Platform ("Minor").
14.2 We do not knowingly collect personal data from Minors.
14.3 If we become aware that we have collected data from a Minor without parental consent or the consent of a guardian, we will take steps to delete such information.
14.4 If you believe we have inadvertently collected data from a 'Minor, please contact us immediately.
15. Marketing communications
15.1 With your consent, we may send you marketing communications about:
• New features and Services;
• Events and opportunities;
• Platform updates and news;
• Special offers and promotions.
15.2 You can opt out of marketing communications at any time by:
• Clicking the "unsubscribe" link in emails;
• Adjusting your account preferences;
• Contacting us directly.
15.3 Opting out of marketing does not affect transactional or service-related communications.
16. Messaging and monitoring
16.1 The Platform includes messaging functionality for communication between Users.
16.2 We reserve the right to monitor, review, and store all messages sent through the Platform for purposes including:
• Quality assurance and Service improvement;
• Safety and security of Users;
• Compliance with Terms and applicable law;
• Fraud detection and prevention;
• Dispute resolution;
• Response to legal requests.
16.3 By using the messaging feature, you expressly consent to such monitoring.
16.4 Messages may be reviewed by automated systems and, when necessary, by GradSearch personnel.
16.5 We do not monitor or review messages sent outside the Platform through third-party applications.
17. Automated decision-making and profiling
17.1 We use automated processing for certain functions including:
• Matching Candidates with suitable Mentors;
• Generating Candidate and Employer Compatibility Scores;
• Fraud detection and risk assessment;
• Content recommendations;
• Sourcing, screening, scoring and ranking of Candidates against Employer-defined search criteria using the Platform’s AI-driven recruitment functionality;
• Generation of indicative and probabilistic classification about Candidates (“Predictive Criteria”), including but not limited to indicators of likely eligibility for Emiratisation / Nafis-related hiring (the “Nafis Eligibility Indicator”); and
17.2 Compatibility Scores, outputs of the AI-driven sourcing functionality, and any Predictive Criteria (including the Nafis Eligibility Indicator) are generated through automated processing. They are indicative and probabilistic in nature, are not guaranteed to be accurate, and must be used as guidance only and not as the sole basis for any decision affecting a Candidate. Where any such output relates to an attribute that has not been independently verified by the Candidate (for example, a Nafis Eligibility Indicator that has not been confirmed by submission of an Emirates ID), the output represents an estimate only and not a statement of fact.
17.3 Automated decisions that produce legal effects or similarly significant effects will be subject to human review or you will have the right to contest the decision.
17.4 You have the right to request human intervention in automated decisions that significantly affect you.
17.5 You have the right to be informed of meaningful information about the logic involved in any automated processing applied to your personal data, including the broad categories of input data used, the purpose of the processing, and the indicative nature of any output. You may request such information by contacting us at the address in clause 3.2. For the avoidance of doubt, this right applies to automated processing carried out through the Platform generally, including (by way of example only) the generation of Compatibility Scores, Predictive Criteria, Inferred Attributes and the Nafis Eligibility Indicator, and the ranking of Candidates by the Agentic AI Service. For the further avoidance of doubt, this right does not require GradSearch to disclose any proprietary algorithm, specific weighting, model architecture, source code, training data, statistical parameter, trade secret or other confidential or commercially sensitive information underlying the Platform’s automated processing.
17.6 You have the right to object to, request restriction of, or request review of any Predictive Criteria (including the Nafis Eligibility Indicator) generated about you. On receipt of a valid request, we will either suppress the relevant indicator from outputs delivered to Employers, replace it with an “unverified” status, or take such other reasonable steps as may be appropriate.
17.7 Employers and other Users receiving outputs of automated processing are required, by the Terms of Service and these terms, to (a) treat Compatibility Scores and Predictive Criteria as guidance only, (b) independently verify any attribute that they intend to rely on as a basis for a hiring or other employment-related decision, and (c) not use such outputs as the sole or determinative factor in any such decision.
18. Third-party links and services
18.1 The Platform may contain links to third-party websites, applications, or services.
18.2 This Privacy Policy does not apply to third-party sites or services.
18.3 We are not responsible for the privacy practices of third parties.
18.4 We encourage you to review the privacy policies of any third-party services you access through the Platform.
18.5 If you use SSO to access the Platform, your use of the SSO provider's services is governed by that provider's terms of service and privacy policy, not this Privacy Policy.
18.6 We are not responsible for the privacy practices of SSO providers including:
• Google (Sign in with Google);
• Apple (Sign in with Apple);
• LinkedIn;
• Microsoft;
• Other third-party authentication services.
18.7 You should review the privacy policies and terms of service of any SSO provider you choose to use.
18.8 The connection between your GradSearch account and your SSO provider account can typically be managed through:
• Your account settings on the Platform;
• Your privacy settings with the SSO provider.
18.9 Disconnecting an SSO provider may require you to set a password for your GradSearch account to maintain access.
19. Data processing through third parties
19.1 We use third-party service providers to operate, secure, maintain and provide the Platform and the Services. These providers may include payment processors, cloud hosting and storage providers, analytics and monitoring providers, customer support providers, email and communications providers, workflow automation and data integration providers, and AI, search, research, web-retrieval, enrichment, data-processing and infrastructure providers.
19.2 Data processed through such third-party services may include:
• User registration information
• Transaction data
• Communications data
• Event registrations
19.3 Third parties process data in accordance with their privacy policies and data processing agreements with GradSearch.
19.4 By using the Platform, you consent to data processing through such third parties as necessary to provide services offered by GradSearch.
19.5 Use of large language models and limits on AI training. The Platform’s automated features rely on third-party large language model providers as sub-processors. GradSearch does not provide Candidate personal data, Employer Search queries, or other Customer Data containing personal data to any third-party large language model provider for the purpose of training that provider’s general or foundation models. This does not prevent GradSearch or its third-party AI, search, retrieval, enrichment, infrastructure or data-processing providers from processing usage data, telemetry, metadata, derived signals or operational information to provide, secure, maintain, analyse, test, improve or develop the Platform or the relevant third-party services, including where such data is aggregated, anonymised, de-identified or otherwise processed on a non-identifying basis, in accordance with applicable law, applicable third-party provider terms and any data processing arrangements in place with GradSearch. GradSearch may, for the purposes of operating, maintaining and improving the Platform (including improving search relevance, ranking, Compatibility Scoring and the accuracy of Predictive Criteria), use (a) aggregated, anonymised or pseudonymised data derived from Platform usage; (b) Customer feedback signals (such as relevance ratings, save and reject signals, and Search refinement patterns); and (c) other operational metadata that does not identify any individual Candidate, in connection with the training, fine-tuning or other improvement of the Platform’s own machine-learning models.
19.6 Sensitive personal data in CVs and profile content. CVs, profile content and other application materials uploaded to or sourced through the Platform may contain personal data falling within the categories of sensitive personal data under Article 15 of UAE Federal Decree-Law No. 45 of 2021 (including, by way of example, data revealing ethnic origin, religious belief, health or trade-union membership). Where the Platform processes such data, it does so on the basis of the lawful purposes of recruitment and employment-related processing recognised under UAE law, and subject to the safeguards described in this Privacy Policy. Where you do not wish particular categories of sensitive personal data to be processed, you should remove that content from the materials you upload to the Platform.
20. Emiratis and emirates id data
20.1 Emirati citizens are required to provide their Emirates ID and Emirates ID number for verification purposes.
20.2 Emirates ID data is:
• Encrypted during transmission and storage;
• Accessed only by authorized personnel;
• Used solely for identity verification and compliance purposes;
• Retained in accordance with UAE legal requirements (minimum 5 years).
20.3 We do not share Emirates ID data with third parties except:
• When required by UAE law or regulatory authorities;
• With secure service providers under strict confidentiality obligations.
Nafis Eligibility Indicators
20.4 The Platform may, to support Employers in meeting their Emiratisation obligations under UAE law, generate an indicator of the likelihood that a Candidate may be eligible to be counted towards an Employer’s Nafis quota (a “Nafis Eligibility Indicator”). The Nafis Eligibility Indicator is generated through automated processing based on signals available to the Platform and is, by its nature, indicative and probabilistic only.
20.5 The Nafis Eligibility Indicator is not a statement of fact, is not a verification of nationality, and may be inaccurate. It is distinct from, and must not be confused with, verified Emirati status established through submission of an Emirates ID under clauses 20.1 to 20.3. Where a Candidate’s Emirati nationality has not been verified through submission of an Emirates ID, the Nafis Eligibility Indicator is an estimate only.
20.6 Candidates have the right at any time to: (a) request information about whether a Nafis Eligibility Indicator has been generated about them and, if so, its current value; (b) verify their actual Emirati nationality by submitting their Emirates ID, in which case the indicator will be replaced with a verified status; (c) request that the Nafis Eligibility Indicator be suppressed from outputs delivered to Employers; or (d) object to the generation of the Nafis Eligibility Indicator about them. Requests under this clause should be sent to the contact address in clause 3.2.
20.7 Employers are required, by the Terms of Service and by these terms, not to rely on a Nafis Eligibility Indicator as the sole basis for any hiring or other employment-related decision, and to independently verify a Candidate’s Emirati nationality (typically by way of Emirates ID) before reliance on the indicator for the purpose of fulfilling any Emiratisation obligation.
20.8 The Nafis Eligibility Indicator is offered solely to support Employers operating in the UAE in meeting their Emiratisation obligations under UAE law and is not intended for use in connection with hiring decisions for positions located outside the UAE. Use of the Nafis Eligibility Indicator outside the UAE may be unlawful under applicable local laws and is at the sole risk of the User concerned.
21. University partnerships
21.1 Universities partnering with GradSearch under may share student data with us.
21.2 Such data sharing may be governed by separate data processing agreements between GradSearch and the University.
21.2 Students whose data is shared by Universities have the same rights under this Privacy Policy as directly registered Users.
21.3 Universities remain data controllers for their student data and are responsible for obtaining necessary consents.
22. Employer access to candidate data
22.1 Employers with active Subscriptions can access Candidate profiles and application materials.
22.2 Candidates consent to such access by creating a profile and applying for positions.
22.3 Employers are prohibited from:
• Using Candidate data for purposes outside recruitment through the Platform;
• Sharing Candidate data with unauthorized third parties;
• Retaining Candidate data beyond the recruitment process unless required by law;
• Relying on any Compatibility Score, Predictive Criterion or Nafis Eligibility Indicator as the sole or determinative basis for any hiring or other employment-related decision;
• Using any output of the Platform’s AI-driven functionality (including Atlas shortlists or rankings) in a manner that would be unlawful, including (without limitation) discriminatory, under the laws of the jurisdiction in which the relevant role is located; and
• Exporting or re-using any data accessed through the Platform for recruitment activity outside the United Arab Emirates without first satisfying themselves that such use is lawful in the relevant jurisdiction.
22.4 Employers who misuse Candidate data may have their accounts terminated and may face legal action.
22.5 Before relying on any unverified attribute about a Candidate that the Platform has generated through automated processing (including, in particular, the Nafis Eligibility Indicator), Employers shall independently verify that attribute with the Candidate, typically by requesting the relevant supporting documentation (for example, a copy of the Candidate’s Emirates ID for Emirati nationality).
23. Events center data
23.1 You may be given access to use of the Events Center. When you register for or attend events through the Events Center, we may collect any relevant data required for the functioning of the Event Center including but not limited to:
• Registration information;
• Attendance records;
• Feedback and survey responses;
• Networking interactions (if facilitated through the Platform).
23.2 Event data may be shared with:
• Event organizers and hosts;
• Sponsors (with your consent);
• Other attendees (for networking purposes, with your consent).
23.3 Third-party event organizers are responsible for their own data practices and must comply with applicable law.
24. Changes to this privacy policy
24.1 We reserve the right to modify this Privacy Policy subject to clause 1.5 above (which requires not less than thirty (30) days’ prior notice in the case of material amendments).
24.2 The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised.
24.3 Material changes may be communicated through:
• Email notification to registered Users;
• Prominent notice on the Platform;
• In-app notification.
24.4 Your continued use of the Platform after any changes constitutes acceptance of the modified Privacy Policy.
24.5 We encourage you to review this Privacy Policy periodically.
25. Contact us
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
GradSearch L.L.C.-FZ
Email: support@gradsearch.com
If you believe your data protection rights have been violated, you may lodge a complaint with:
UAE Data Bureau
Website: https://tdra.gov.ae/en/Pages/contact-us
Email: Info@tdra.gov.ae
You have the right to lodge a complaint with the supervisory authority without prejudice to any other administrative or judicial remedy.
27. Consent
By using the GradSearch Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy and consent to the collection, use, storage, and disclosure of your personal data as described herein.
If you do not agree with this Privacy Policy, you must not use the Platform
END OF PRIVACY POLICY
Acknowledgment
These Terms and Conditions and Privacy Policy have been prepared to comply with applicable UAE law, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
Users are advised to read these documents carefully and seek independent legal advice if necessary.
Document Version: 1.0
Effective Date: June 11, 2026
Jurisdiction: United Arab Emirates

