GradSignal

Privacy Policy

Last updated: May 2026

1. Who We Are

GradSignal is operated by Mishkat Mazumder ("we", "us", "our"), the data controller for personal data collected through this website. We are committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact: enquiries@gradsignal.co.uk

2. Data We Collect

We may collect and process the following personal data:

  • Account data: name and email address when you register
  • Authentication data: password (stored as a bcrypt hash - we never see your plain-text password) or OAuth tokens if you sign in via Google
  • Usage data: jobs you view, save, or apply to; pages visited; features used
  • Payment data: subscription status and billing history (payment card details are processed and stored by Stripe - we do not store card numbers)
  • Communications: emails you send us and any support correspondence

3. How We Use Your Data

To provide the Service (legal basis: contract performance)

  • Creating and managing your account
  • Displaying jobs you have saved or viewed
  • Processing subscription payments and managing your subscription
  • Providing access to premium interview preparation content

To communicate with you (legal basis: contract performance and legitimate interests)

  • Sending job alert emails based on your preferences
  • Sending transactional emails (payment receipts, subscription confirmations)
  • Responding to support requests

To improve the Service (legal basis: legitimate interests)

  • Understanding which jobs and content are most useful to users
  • Diagnosing technical issues

4. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal data. We share data only with the following trusted third-party processors, each of whom is bound by data processing agreements:

  • Stripe - payment processing (may process data in the US under Standard Contractual Clauses)
  • Resend - transactional email delivery (may process data in the US under Standard Contractual Clauses)
  • Vercel - website hosting and serverless functions (may process data in the US under Standard Contractual Clauses)
  • Neon - PostgreSQL database hosting (may process data in the US under Standard Contractual Clauses)

We may also disclose your data if required to do so by law or in response to valid legal process.

5. International Data Transfers

Some of our third-party processors operate outside the UK. Where personal data is transferred to countries not recognised as providing an adequate level of data protection, we ensure appropriate safeguards are in place - specifically, Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

6. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter to comply with our legal obligations. When you delete your account via Settings, your personal data is permanently deleted within 30 days. Anonymised and aggregated usage statistics (which cannot identify you) may be retained indefinitely for service improvement purposes.

7. Cookies

We use strictly necessary cookies for authentication and secure session management. These cookies are essential for the Service to function and do not require your consent. We do not currently use advertising, tracking, or analytics cookies. For full details, see our Cookie Policy.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate or incomplete data
  • Erasure: request deletion of your data (you can also do this directly via Settings > Delete Account)
  • Restriction: ask us to restrict processing of your data in certain circumstances
  • Portability: receive your data in a structured, commonly used, machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, email us at enquiries@gradsignal.co.uk. We will respond within one month.

9. Right to Complain to the ICO

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113. We would appreciate the opportunity to address your concern before you contact the ICO, so please contact us first.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The current version is always available at gradsignal.co.uk/privacy.

11. Contact

For any privacy-related questions or to exercise your rights, contact us at enquiries@gradsignal.co.uk.