Privacy Policy
Last Updated: November 26, 2025
1. Introduction
1.1 GradSearch ("we", "us", "our") is committed to protecting the privacy and security of your personal data.
1.2 This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the GradSearch platform ("Platform").
1.3 This Privacy Policy should be read in conjunction with our Terms and Conditions and any definitions contained in this Privacy Policy which are not defined herein are as defined in the Terms and Conditions.
1.4 By using the Platform, you consent to the practices described in this Privacy Policy.
1.5 We reserve the right to amend this Privacy Policy at any time without prior notice. Your continued use of the Platform following any amendments constitutes acceptance of the modified Privacy Policy.
1.6 Residents of certain jurisdictions may have additional rights under local law. If you located in the United States, the GradSearch US Privacy Addendum applies in addition to this Privacy Policy. In the event of any conflict between the Privacy Policy and the US Privacy Addendum, the US Privacy Addendum will govern for US users.
2. Legal Basis
2.1 We process personal data in accordance with:
• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data;
• Implementing regulations and guidelines issued by the UAE Data Bureau;
• Other applicable UAE federal and emirate-level laws and regulations.
2.2 Our lawful bases for processing personal data include:
• Your consent;
• Performance of a contract with you;
• Compliance with legal obligations;
• Our legitimate interests in operating and improving the Platform.
3.Data Controller
3.1 GradSearch is the data controller responsible for your personal data collected through the Platform.
3.2 Our contact details are:
• Company Name: GradSearch L.L.C.- FZ
• Registered Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
• Contact Email: support@gradsearch.com
4. Personal data we collect
4.1 Information You Provide Directly
When you register for and use the Platform, we collect the following personal data:
For all Users:
• Full name;
• Email address;
• Phone number;
• Date of birth;
• Location, region, and city;
• Nationality;
• Password (encrypted);
• Profile photograph (optional);
• Educational background and qualifications;
• Professional experience and skills;
• Account preferences and settings.
For Emirati Citizens:
• Emirates ID (EID);
• Emirates ID number.
For Candidates:
• Education details and certifications;
• Career objectives and interests;
• CV/resume content;
• Application materials;
• Job preferences.
For Mentors:
• Professional expertise and specializations;
• Availability schedule;
• Pricing information (if applicable);
• Payment account details;
• Verification documents.
For Employers:
• Company name and registration details;
• Authorized representative information;
• Job posting details;
• Company profile information;
• Verification documents;
• Subscription and payment information.
For Universities:
• Institution details;
• Authorized representative information;
• Verification documents;
• Partnership agreement details.
4.2 Information collected automatically
When you use the Platform, we automatically collect:
• IP address;
• Location;
• Device information (type, operating system, browser);
• Log data (access times, pages viewed, actions taken);
• Cookies and similar tracking technologies;
• Usage patterns and behavior on the Platform.
4.3 Information from third parties
We receive information from third-party services including:
• Payment transaction data, payment method details;
• Data processed through automated workflows;
• Data processed as part of the provision of Analytics;
• Social media platforms: If you connect your social media accounts (profile information as permitted by the platform).
4.4 Communications Data
We collect and store:
• Messages sent through the Platform's messaging system;
• Communications with GradSearch support;
• Feedback and survey responses.
4.5 Information from Single Sign-On (SSO) Providers
4.5.1 If you choose to register or log in using a Single Sign-On service (such as Google, Apple, LinkedIn, Microsoft, or other third-party authentication providers), we collect information from your SSO provider account, including:
• Name;
• Email address;
• Profile picture;
• User ID from the SSO provider;
• Any other information you authorize the SSO provider to share with us.
4.5.2 The specific information we receive depends on:
• Your privacy settings with the SSO provider;
• The permissions you grant during the SSO authentication process;
• The data policies of the SSO provider.
4.5.3 We use this information to:
• Create and manage your GradSearch account;
• Authenticate your identity;
• Pre-populate your profile information;
• Communicate with you.
4.5.4 By using SSO login, you authorize us to access and use this information in accordance with this Privacy Policy.
4.5.5 We do not receive or store your SSO provider password. Authentication is handled entirely by the third-party SSO provider.
4.5.6 Sign in with Apple Specific Provisions:
• Apple may provide a private relay email address that forwards to your actual email;
• You may choose to hide your email address from GradSearch;
• If you hide your email, we will only have access to the relay email address;
• This may limit certain Platform functionality that requires direct email communication.
5. How we use your personal data
5.1 We use your personal data for the following purposes:
Service Delivery:
• Creating and managing your account;
• Facilitating mentorship connections;
• Processing job applications and talent sourcing;
• Providing access to the Events Center;
• Enabling messaging between Users;
• Processing payments and subscriptions;
• Providing customer support; and
• To improve service offerings and offer more services.
Platform Operations:
• Authenticating Users and preventing fraud;
• Monitoring Platform performance and security;
• Conducting data analytics to improve Services;
• Generating Compatibility Scores for Employers;
• Maintaining records and resolving disputes.
Communications:
• Sending transactional emails (confirmations, receipts, notifications);
• Providing Service updates and announcements;
• Sending marketing communications (with your consent);
• Responding to your inquiries.
Legal and Compliance:
• Complying with UAE laws and regulations;
• Responding to legal requests and preventing harm;
• Enforcing our Terms and Conditions;
• Protecting our rights and property.
Research and Development:
• Analyzing usage trends and User behavior;
• Developing new features and services;
• Improving matching algorithms and Compatibility Scores.
6. Legal basis for processing
We process your personal data based on the following legal grounds:
6.1 Consent: When you provide explicit consent for specific processing activities (e.g., marketing communications, optional data collection).
6.2 Contract Performance: Processing necessary to provide services you have requested or to enter into a contract with you.
6.3 Legal Obligation: Processing required to comply with UAE laws, regulations, or legal processes.
6.4 Legitimate Interests: Processing necessary for our legitimate business interests, such as:
• Fraud prevention and security;
• Improving our Services;
• Internal analytics;
provided such processing does not override your rights under UAE Law.
7. Data sharing and disclosure
7.1 We may share your personal data with:
Other Users (including but not limited to circumstances where):
• Candidates can view Mentor profiles, availability, and qualifications;
• Mentors can view Candidate profiles for scheduled sessions;
• Employers can view Candidate profiles and application materials;
• Universities can view Candidate, Mentor and Employer profiles;
• Users can communicate through the Platform messaging system;
Third-party service providers including but not limited to:
• Payment processing;
• Workflow automation and data integration;
• Cloud hosting providers;
• Analytics services;
• Customer support platforms;
• Email service providers.
Business partners such as:
• Universities (under partnership agreements);
• Employers (for recruitment purposes);
• Event organizers featured in the events center on the Platform.
Legal and Regulatory Authorities:
• When required by UAE law or regulation;
• In response to valid legal processes (court orders, subpoenas);
• To protect the rights, property, or safety of GradSearch, Users, or the public;
• In connection with the investigation of fraud, security breaches, or illegal activity.
Business Transfers:
• In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the acquiring entity.
8. International data transfer
8.1 Some service providers (such as cloud hosting or analytics services) may process data outside the UAE.
8.2 When data is transferred internationally, we make reasonable attempts to ensure appropriate safeguards are in place, including:
• Standard contractual clauses;
• Adequacy decisions by UAE authorities where relevant;
• Other legally compliant transfer mechanisms.
8.4 By using the Platform, you consent to such international transfers as necessary to provide Services.
9. Data retention
9.1 General Retention Principles
We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy and as required by UAE law.
9.2 Specific Retention Periods
Active User Accounts:
• Data is retained for the duration of your active use of the Platform.
Inactive Accounts:
• If your account remains inactive for 24 consecutive months, we may delete or anonymize your personal data unless:
• We have a legal obligation to retain it;
• It is necessary for ongoing disputes or claims;
• You request continued retention.
Financial and Transaction Records:
• Payment and transaction data is retained for a minimum of 5 years from the date of the transaction to comply with UAE financial and tax regulations.
Communications and Messages:
• Platform messages may be retained for 12 months from the date sent unless required for dispute resolution or legal purposes.
Employer Job Postings:
• Job posting data may be retained for 3 years after the posting expires or is removed.
Mentorship Session Records:
• Records of Mentorship Meetings (bookings, payments) may be retained for 3 years following the session date.
Legal and Compliance Records:
• Data retained for legal, regulatory, or compliance purposes may be retained for 10 years.
Marketing Data:
• If you consent to marketing communications, your data may be retained until you withdraw consent
SSO Authentication Data:
• SSO provider user IDs and authentication tokens are retained for the duration of your active account;
• Upon account deletion, SSO connections are immediately severed;
• Authentication logs may be retained for security purposes for 12 months.
9.3 Data deletion
9.3.1 Upon expiration of the retention period, we will securely delete or anonymize your personal data.
9.3.2 Some data may be retained in anonymized or aggregated form for analytical purposes indefinitely.
9.3.3 Backup copies may persist for a reasonable period after deletion but will not be accessible for normal operations.
10. Your rights
Under UAE data protection law, you have the following rights regarding your personal data:
10.1 Right of Access
You have the right to request confirmation of whether we process your personal data and to access such data.
10.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data by emailing the email address in clause 3.2 above.
10.3 Right to Deletion
You have the right to request deletion of your personal data in certain circumstances:
• The data is no longer necessary for the purposes for which it was collected;
• You withdraw consent (where consent was the legal basis);
• You object to processing based on legitimate interests;
• The processing is unlawful;
• Deletion is required to comply with a legal obligation.
This right is subject to our legal obligations to retain certain data (e.g., financial records, dispute resolution), and in the event that you invoke your right to deletion, you understand that GradSearch may immediately withdraw access to the Platform from you.
10.4 Right to Restrict Processing
You have the right to request restriction of processing your personal data in certain circumstances:
• You contest the accuracy of the data;
• We no longer need the data but you require it for legal claims;
• You have objected to processing and verification is pending.
10.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
10.6 Right to Object
You have the right to object to processing based on legitimate interests, including profiling and direct marketing.
10.7 Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.
10.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the UAE Data Bureau or other competent supervisory authority if you believe your data protection rights have been violated.
10.9 Exercising Your Rights
10.9.1 To exercise any of these rights, please contact us at support@gradsearch.com with:
• Your full name and registered email address;
• Specific right(s) you wish to exercise;
• Any relevant details or documentation.
10.9.2 We will respond to your request within 30 days or as otherwise required by UAE law.
10.9.3 We may require verification of your identity before processing requests.
10.9.4 In some cases, we may refuse requests that are manifestly unfounded, excessive, or would compromise others' rights and freedoms.
11. Data Security
11.1 Security Measures
We implement appropriate technical and organizational measures to protect your personal data against:
• Unauthorized access, use, or disclosure;
• Accidental loss or destruction;
• Alteration or damage;
• Unlawful processing.
11.2 Specific Security Practices
Our security measures include:
• Encryption of data in transit (SSL/TLS);
• Encryption of sensitive data at rest;
• Access controls and authentication mechanisms;
• Regular security assessments and updates;
• Employee training on data protection;
• Incident response procedures;
• Secure data backup systems.
11.3 Payment Security
11.3.1 Payment information is processed through a third-party service provider, which maintains industry-standard compliance and security measures.
11.3.2 We do not directly store complete payment card details on our systems.
11.4 User Responsibilities
11.4.1 You are responsible for maintaining the confidentiality of your account credentials.
11.4.2 You must notify us immediately of any unauthorized access to your account.
11.4.3 You should use strong passwords and enable any available security features.
11.5 No Absolute Security
11.5.1 While we strive to protect your personal data, no method of transmission or storage is 100% secure.
11.5.2 We cannot guarantee absolute security of your data.
11.5.3 You acknowledge and accept the inherent security risks of internet-based services.
12. Data breach notification
12.1 In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
• Notify the UAE Data Bureau without undue delay and, where feasible, within 72 hours of becoming aware of the breach;
• Notify affected Users without undue delay if the breach poses a high risk.
12.2 Breach notifications to Users will include:
• Nature of the breach;
• Likely consequences;
• Measures taken or proposed to address the breach;
• Contact point for further information.
13.Cookies and tracking technologies
13.1 What Are Cookies
Cookies are small text files stored on your device when you visit the Platform. We also use similar tracking technologies such as web beacons and pixels.
13.2 Types of Cookies We Use
Essential Cookies:
• Required for Platform functionality;
• Enable core features like authentication and security;
• Cannot be disabled without affecting Platform operation.
Performance Cookies:
• Collect information about Platform usage;
• Help us analyze and improve performance;
• Include analytics tools.
Functionality Cookies:
• Remember your preferences and settings;
• Enhance user experience;
• Store language and region preferences.
Marketing Cookies:
• Track your activity for advertising purposes;
• May be set by third-party advertising partners;
• Used only with your consent.
13.3 Third-Party Cookies
Third-party service providers (analytics, advertising) may set cookies when you use the Platform. These are governed by the respective third parties' privacy policies.
13.4 Managing Cookies
13.4.1 You can control cookies through your browser settings.
13.4.2 Blocking essential cookies may impair Platform functionality.
13.4.3 You can opt out of marketing cookies through our cookie consent tool or browser settings.
13.5 Do Not Track
Our Platform does not currently respond to "Do Not Track" signals from browsers.
14. Children's privacy
14.1 The Platform is not intended for individuals under the age of majority in the jurisdiction that they are located in when using the Platform (“Minor”).
14.2 We do not knowingly collect personal data from Minors.
14.3 If we become aware that we have collected data from a Minor without parental consent or the consent of a guardian, we will take steps to delete such information.
14.4 If you believe we have inadvertently collected data from a ‘Minor, please contact us immediately.
15. Marketing communications
15.1 With your consent, we may send you marketing communications about:
• New features and Services;
• Events and opportunities;
• Platform updates and news;
• Special offers and promotions.
15.2 You can opt out of marketing communications at any time by:
• Clicking the "unsubscribe" link in emails;
• Adjusting your account preferences;
• Contacting us directly.
15.3 Opting out of marketing does not affect transactional or service-related communications.
16. Messaging and monitoring
16.1 The Platform includes messaging functionality for communication between Users.
16.2 We reserve the right to monitor, review, and store all messages sent through the Platform for purposes including:
• Quality assurance and Service improvement;
• Safety and security of Users;
• Compliance with Terms and applicable law;
• Fraud detection and prevention;
• Dispute resolution;
• Response to legal requests.
16.3 By using the messaging feature, you expressly consent to such monitoring.
16.4 Messages may be reviewed by automated systems and, when necessary, by GradSearch personnel.
16.5 We do not monitor or review messages sent outside the Platform through third-party applications.
17. Automated decision-making and profiling
17.1 We use automated processing for certain functions including:
• Matching Candidates with suitable Mentors;
• Generating Candidate and Employer Compatibility Scores;
• Fraud detection and risk assessment;
• Content recommendations.
17.2 Compatibility Scores are generated through automated processing but are not guaranteed to be accurate and should be used as guidance only.
17.3 Automated decisions that produce legal effects or similarly significant effects will be subject to human review or you will have the right to contest the decision.
17.4 You have the right to request human intervention in automated decisions that significantly affect you.
18. Third-party links and services
18.1 The Platform may contain links to third-party websites, applications, or services.
18.2 This Privacy Policy does not apply to third-party sites or services.
18.3 We are not responsible for the privacy practices of third parties.
18.4 We encourage you to review the privacy policies of any third-party services you access through the Platform.
18.5 If you use SSO to access the Platform, your use of the SSO provider's services is governed by that provider's terms of service and privacy policy, not this Privacy Policy.
18.6 We are not responsible for the privacy practices of SSO providers including:
• Google (Sign in with Google);
• Apple (Sign in with Apple);
• LinkedIn;
• Microsoft;
• Other third-party authentication services.
18.7 You should review the privacy policies and terms of service of any SSO provider you choose to use.
18.8 The connection between your GradSearch account and your SSO provider account can typically be managed through:
• Your account settings on the Platform;
• Your privacy settings with the SSO provider.
18.9 Disconnecting an SSO provider may require you to set a password for your GradSearch account to maintain access.
19. Data processing through third parties
19.1 We use services provided by third parties (such as Zapier, Inc. and others) for workflow automation and data integration between the Platform and other services.
19.2 Data processed through such third-party services may include:
• User registration information
• Transaction data
• Communications data
• Event registrations
19.3 Third parties process data in accordance with their privacy policies and data processing agreements with GradSearch.
19.4 By using the Platform, you consent to data processing through such third parties as necessary to provide services offered by GradSearch.
20. Emiratis and emirates id data
20.1 Emirati citizens are required to provide their Emirates ID and Emirates ID number for verification purposes.
20.2 Emirates ID data is:
• Encrypted during transmission and storage;
• Accessed only by authorized personnel;
• Used solely for identity verification and compliance purposes;
• Retained in accordance with UAE legal requirements (minimum 5 years).
20.3 We do not share Emirates ID data with third parties except:
• When required by UAE law or regulatory authorities;
• With secure service providers under strict confidentiality obligations.
21. University partnerships
21.1 Universities partnering with GradSearch under may share student data with us.
21.2 Such data sharing may be governed by separate data processing agreements between GradSearch and the University.
21.2 Students whose data is shared by Universities have the same rights under this Privacy Policy as directly registered Users.
21.3 Universities remain data controllers for their student data and are responsible for obtaining necessary consents.
22. Employer access to candidate data
22.1 Employers with active Subscriptions can access Candidate profiles and application materials.
22.2 Candidates consent to such access by creating a profile and applying for positions.
22.3 Employers are prohibited from:
• Using Candidate data for purposes outside recruitment through the Platform;
• Sharing Candidate data with unauthorized third parties;
• Retaining Candidate data beyond the recruitment process unless required by law.
22.4 Employers who misuse Candidate data may have their accounts terminated and may face legal action.
23. Events center data
23.1 You may be given access to use of the Events Center. When you register for or attend events through the Events Center, we may collect any relevant data required for the functioning of the Event Center including but not limited to:
• Registration information;
• Attendance records;
• Feedback and survey responses;
• Networking interactions (if facilitated through the Platform).
23.2 Event data may be shared with:
• Event organizers and hosts;
• Sponsors (with your consent);
• Other attendees (for networking purposes, with your consent).
23.3 Third-party event organizers are responsible for their own data practices and must comply with applicable law.
24. Changes to this privacy policy
24.1 We reserve the right to modify this Privacy Policy at any time without prior notice.
24.2 The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised.
24.3 Material changes may be communicated through:
• Email notification to registered Users;
• Prominent notice on the Platform;
• In-app notification.
24.4 Your continued use of the Platform after any changes constitutes acceptance of the modified Privacy Policy.
24.5 We encourage you to review this Privacy Policy periodically.
25. Contact us
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
GradSearch L.L.C.-FZ
Email: support@gradsearch.com
26. Supervisory authority
If you believe your data protection rights have been violated, you may lodge a complaint with:
UAE Data Bureau
Website: https://tdra.gov.ae/en/Pages/contact-us
Email: Info@tdra.gov.ae
You have the right to lodge a complaint with the supervisory authority without prejudice to any other administrative or judicial remedy.
27. Consent
By using the GradSearch Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy and consent to the collection, use, storage, and disclosure of your personal data as described herein.
If you do not agree with this Privacy Policy, you must not use the Platform
END OF PRIVACY POLICY
Acknowlegment
These Terms and Conditions and Privacy Policy have been prepared to comply with applicable UAE law, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
Users are advised to read these documents carefully and seek independent legal advice if necessary.
Document Version: 1.0
Effective Date: October 7, 2025
Jurisdiction: United Arab Emirates
