Policies
Privacy Policy
This Privacy Policy explains how Future Tech Jobs ("we," "us," or "our") collects, uses, and protects your personal information. We comply with the UK GDPR, the EU GDPR, and the Privacy and Electronic Communications Regulations (PECR).
1. Who we are
Future Tech Jobs is operated by Productivv Technologies Limited, registered in England & Wales. Registered address: F, Van Diemans Lane, Chelmsford, England, CM2 9QJ. We act as the data controller for the personal information described below across every site in the Future Tech Jobs network (listed in section 2).
For any privacy questions or to exercise your data rights, contact [email protected].
2. Sites covered by this policy
This single Privacy Policy applies to every specialist tech job board operated by Productivv Technologies Limited under the Future Tech Jobs umbrella. One account works across all of them, and your data rights, the lawful bases below, retention periods, and processor list are identical regardless of which site you signed up via.
- Artificial Intelligence Jobs — artificialintelligencejobs.co.uk
- Biotechnology Jobs — biotechnologyjobs.co.uk
- Blockchain Jobs — blockchainjobs.uk
- Cloud Computing Jobs — cloudcomputingjobs.co.uk
- Cyber Security Jobs — cybersecurityjobs.tech
- Data Engineering Jobs — dataengineeringjobs.co.uk
- Data Science Jobs — datascience-jobs.co.uk
- Drone Jobs — uavjobs.co.uk
- Edge Computing Jobs — edgecomputingjobs.co.uk
- Machine Learning Jobs — machinelearningjobs.co.uk
- Materials Science Jobs — materialssciencejobs.co.uk
- Medical Technology Jobs — medicaltechnologyjobs.co.uk
- Quantum Computing Jobs — quantumcomputingjobs.co.uk
- Robotics Jobs — roboticsjobs.co.uk
- Semiconductor Jobs — semiconductorjobs.co.uk
- UK Space Jobs — ukspacejobs.co.uk
Whichever site you arrived from, the same protections, processors, and retention rules apply. Tenant-specific URLs for this policy 301-redirect to this canonical page so the wording is identical everywhere.
3. We do not sell your data
We do not sell your personal information, share it with data brokers, or use it for cross-site advertising targeting. Your data is processed by us and a small number of operational service providers (listed in section 7) strictly to deliver the service you signed up for.
4. Information we collect
4.1 Information you provide
- Name, email address, password (hashed — optional once you have a passkey or LinkedIn connected)
- CV / resume file and cover letter content
- Phone number (optional, when supplied on an application)
- Job preferences: career stage, role types, salary, location, availability, visa status, working patterns, change drivers
- Email subscription preferences (per tenant job-alert lists)
- Content of messages you send us via contact forms
4.2 Information collected automatically
- IP address (stored as a one-way hash, not the full address)
- Browser and device type, operating system
- Pages you view, searches you run, and jobs you apply to
- UTM campaign parameters (when you arrive from a marketing link)
- Analytics cookies (only if you have accepted — see section 8)
4.3 Sign-in and account-security information
To support passwordless sign-in, two-factor authentication, and "remember this device" we keep:
- Passkey (WebAuthn) credentials — per-device public keys plus the alias you set when you registered them. Public-key cryptography only; the corresponding private key never leaves your device.
- Two-factor authentication secrets and recovery codes — your TOTP shared secret and one-time recovery codes, both encrypted at rest.
- Magic-link tokens — short-lived (about 15 minutes), single-use, and hashed before storage. Used to authenticate the recipient of a sign-in email.
- Trusted-device records — when you tick "trust this device" during 2FA, we store a hashed device token alongside your user agent, IP address, last-used timestamp, and expiry. The IP and user agent are kept readable so you can recognise the device when reviewing or revoking it from your profile.
- Active session records — for each device signed in to your account, we store your IP address, user agent, the time of last activity, and the encoded session state, so you can review and revoke sessions from your profile.
- LinkedIn OAuth identifiers — if you sign in with LinkedIn we store the provider name, your LinkedIn member id, and the email LinkedIn returns. We do not retain LinkedIn access tokens.
5. Why we process it and our legal basis
| Purpose | Data | Lawful basis (UK GDPR Art. 6) |
|---|---|---|
| Provide and run your account, process applications, match you to jobs | Name, email, password, CV, job preferences, applications | Performance of a contract (Art. 6(1)(b)) |
| Send you service emails (account verification, sign-in links, password resets, job alerts you subscribed to) | Email, subscription preferences | Performance of a contract (Art. 6(1)(b)) |
| Security, abuse prevention, fraud detection | Hashed IP, auth events, request logs | Legitimate interest (Art. 6(1)(f)) |
| First-party service analytics: measuring traffic, improving the product, reporting application and view counts to job posters, and a log of events tied to your account (searches, page views, applications, CV uploads, alerts) to understand how our service is used | Aggregate counts; UTM parameters; hashed IP; event log linked to your user id | Legitimate interest (Art. 6(1)(f)) — balanced against your rights. You can object at any time via [email protected]. |
| Third-party analytics (Google Analytics, Microsoft Clarity, Mixpanel, Leadfeeder) | Device identifiers, pageviews, events, interactions | Consent (Art. 6(1)(a)) — only if you accept cookies |
| Respond to legal obligations, disputes, or regulator requests | As required | Legal obligation (Art. 6(1)(c)) |
6. How long we keep it
- Active accounts: for as long as the account is active.
- Applications: retained with the associated job posting for 3 years after submission (so employers can review, and we can report on activity). Personal identifiers are stripped if you delete your account.
- CV / cover letters: deleted within 30 days of account deletion.
- Proof-of-erasure record (one-way HMAC of your email only, no plaintext): retained for up to 7 years to demonstrate we honoured an erasure request.
- Analytics events (first-party log): auto-pruned after 90 days.
- Server logs: auto-pruned after 30 days.
- Mailcoach subscription data: retained while you are subscribed; removed on unsubscribe or account deletion.
- Passkey (WebAuthn) credentials: until you remove the passkey from your profile.
- Two-factor secrets and recovery codes: until you disable 2FA on your account.
- Magic-link tokens: about 15 minutes; deleted on use or expiry.
- Trusted-device records: 30 days from the last sign-in that issued or refreshed them, or until you revoke the device from your profile.
- Active session records: rolling — extended on activity, deleted on sign-out (you can sign out everywhere from your profile) or after the configured idle timeout.
- LinkedIn OAuth identifiers: until you disconnect LinkedIn from your profile or delete your account.
7. Who we share it with (processors)
We share personal information only with operational service providers, each bound by a data-processing agreement:
- DigitalOcean (application hosting and database) — UK / EU data centres.
- Mailcoach (transactional and subscription email delivery) — EU.
- Stripe (payment processing for employer job postings) — US / EU; UK SCCs in place.
- Sentry (error reporting) — US; UK SCCs in place.
- Storyblok (content management for articles) — EU. No user personal data is sent.
- Google Analytics, Microsoft Clarity, Mixpanel, Leadfeeder — third-party analytics. Only loaded if you accept analytics cookies; US-based, UK SCCs in place.
- LinkedIn (Microsoft Ireland Operations Limited) — only if you choose "Sign in with LinkedIn". LinkedIn returns your email, name, and member id to us via OpenID Connect so we can create or match your account.
- Employers / recruiters — when you apply to a job, the employer receives your application details (name, email, CV, cover letter). This is a separate relationship; the employer becomes an independent controller of the application data.
- Law enforcement / regulators — when legally required to respond.
8. Cookies
We use a minimal set of essential cookies to keep the service running (session, CSRF, consent preference). Optional analytics cookies are loaded only if you click "Accept analytics cookies" on the banner, the post-login prompt, or the "Cookie preferences" controls. Full details are in our Cookie Policy. You can change your choice at any time from the cookie preferences button (bottom of every page) or from your profile.
9. International transfers
Where a processor is located outside the UK / EU (notably US-based analytics and error-reporting providers), transfers are covered by the UK International Data Transfer Agreement or the EU Standard Contractual Clauses plus a UK addendum.
10. Your rights
Under UK / EU GDPR you have the right to:
- Access a copy of the personal information we hold about you.
- Correct inaccurate information — most fields can be edited directly from your profile.
- Delete your account and have associated personal data erased — from your profile's "Delete account" section. Password users re-enter their password to confirm; passwordless users (passkey or LinkedIn only) type the word
DELETEto confirm. - Restrict or object to processing based on legitimate interest.
- Portability — request a copy of the information you've provided in a structured format. You can download it directly from your profile via "Download my data".
- Withdraw consent at any time for anything we rely on consent for (e.g. analytics cookies).
- Complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.
10.1 Account-security controls
You also have direct controls in your profile over the auth-system data described in section 4.3:
- Remove your password — once you have a passkey or LinkedIn connected, you can clear your password entirely and rely on passwordless sign-in.
- Manage active sessions — see every device currently signed in to your account, sign out of any single one, or "Sign out everywhere else" in one click.
- Manage trusted devices — when 2FA is enabled, see the list of browsers that can skip the 2FA challenge, revoke any individually, or remove all of them at once.
- Disconnect LinkedIn — remove the linked OAuth identifier from your account at any time.
To exercise any of these rights, email [email protected]. We will respond within one month.
11. Security
Data is encrypted in transit (TLS) and at rest. Passwords are stored as salted hashes (bcrypt). We apply the principle of least privilege to staff access and maintain audit logs. No system is 100% secure; we will notify affected users and the ICO within 72 hours of any material personal data breach, as required by law.
12. Children's Privacy
Our service is not intended for children under the age of 16, and we do not knowingly collect personal information from children.
13. Changes to this policy
We may update this Privacy Policy. Material changes will be communicated by email to registered users. The "Updated" date below reflects the latest revision.
Updated: 27th April 2026