PRIVACY POLICY

BASIC CONCEPTS

1. Introduction and Scope

1.1. Welcome to Cyberia LLC FZ ("Cyberia," "we," "us," or "our"). We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://cyberia-tech.com/, including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the "Sites"), and when you subscribe to and use our online software applications and services (collectively, the "Services").

1.2. Cyberia LLC FZ, a company registered in the United Arab Emirates under license number 2202593.01 with its registered office at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E., is the Data Controller responsible for your personal data collected through the Sites and Services, except where otherwise noted.

1.3. This Policy is prepared in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and other data protection laws, where applicable.

1.4. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Sites or use our Services.

1.5. Use of Artificial Intelligence (AI): Several of our Services leverage artificial intelligence and machine learning models to enhance functionality. This includes features like resume parsing, candidate ranking, job description analysis, content generation (e.g., resumes, cover letters), and providing career or vacancy recommendations. We process data using these AI models within our secure environment to deliver these features as described in this Policy. We strive to ensure fairness and accuracy in our AI tools, often incorporating human oversight where appropriate. More details on AI use within specific services are provided in Section 5.

NO AI feature constitutes fully automated decision-making with significant or legal effects (e.g., automatically rejecting a candidate without any human review based solely on AI score). AI is used primarily for support (ranking, recommendations, parsing) with human oversight.

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person ('Data Subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject: The individual to whom the Personal Data relates (referred to as "you" or "your"). This includes visitors to our Sites and registered users of our Services.
Data Controller: The natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For this Policy, Cyberia LLC FZ is the Data Controller for most data covered here. Cyberia acts as a Processor for the content users upload into services like CV Parser/ATS, like third-party resumes. The user uploading the data is the Controller for that data.
Data Processor: A natural or legal person which processes Personal Data on behalf of the Controller (e.g., hosting provider, payment processor).
Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Services: The online software applications provided by Cyberia on a subscription basis, including but not limited to CV Parser (Booster CV), Applicants Tracking System (ATS), B2C Suite (Career Lab) and Consultant Marketplace (Team Builder).
Sites: Collectively refers to our main website at https://cyberia-labs.com and interconnected web pages, including the following, which provide access to our Services:
Reference to "Sites" shall also include the domain https://boostercv.com/, which serves as the landing page for our resume generation and editing services, powered by the CV Parser (Booster CV) service.
Cookies: Small text files placed on your device when you visit websites.

3. Personal Data We Collect

We may collect Personal Data about you in a variety of ways, depending on how you interact with our Site and Services:

Data you provide directly:
- Account Registration: Name, email address, company name (if applicable), password, contact information.
- Subscription & Payment: Billing information (address, name), though payment card details are typically processed directly by our payment processor (Stripe) and not stored by us.
- Using the Services: Content uploaded/generated within the specific Service (e.g., CVs in CV Parser/Widget; information for resume/cover letter generation in B2C Suite, career goals, interview inputs).
- Communications: Information you provide when contacting support or giving feedback (email address, name, query details).
- Website Forms: Information submitted via contact forms or other interactive features (name, email, message content).
Data collected automatically:
- Log and Usage Data: IP address, browser type, operating system, referring URLs, pages viewed, time spent on pages, links clicked, device information.
- Cookies and Similar Technologies: Data collected via cookies for functionality, analytics, and potentially marketing. See Section 10 (Cookies and Analytics) for details.
Data that we process on your behalf as a processor:
- Service Usage Data: This includes any content you upload into our services concerning other data subjects. Specific examples are candidate data within our Applicant Tracking System (ATS), such as resumes, application details, and internal notes. As the data controller, you are responsible for ensuring there is an appropriate legal basis for processing all personal data you provide to us.

5. Purposes, Legal Basis, and AI Usage for Processing Personal Data

We process your Personal Data for the following purposes, relying on the specified legal bases: Revised "Purposes and Legal Basis for Processing Personal Data" Table (Section 5 of Privacy Policy):

Purpose of Processing	Categories of Personal Data Processed	AI Usage Notes (Where Applicable)	Legal Basis	Typical Retention Period
1. Providing Access to and Operating the Site	IP address, browser type, device information, usage data, Cookies.	N/A	Legitimate Interest (to operate and secure our Site); Consent (for non-essential Cookies).	Session duration for some data; Logs typically retained for a limited security period (e.g., 30-90 days).
2. Account Creation and Management	Name, email address, password (hashed), company name (optional), contact details.	N/A	Performance of a Contract (to provide the account service requested); Legitimate Interest (account security).	As long as the account is active, plus a reasonable period afterward for administrative purposes or as required by law.
3. Providing the Services (e.g., CV Parser, ATS, B2C Suite/Career Lab, Consultant Marketplace, and any other software applications offered under subscription)	Account Data: Name, email, subscription details, company name (if applicable). User-Generated Content & Service-Specific Data: Resume/CV Data: Information typically found in resumes/CVs (e.g., name, contact details, work experience, education, skills, qualifications, photos, date of birth, citizenship) uploaded by you or generated within the services. Candidate & Recruitment Data (for ATS/Recruitment Tools): Information related to job applicants, job descriptions, interview notes, communication logs, candidate ratings/rankings, staffing requests. Career Development Data (for B2C Suite/Career Lab): Information related to resume/cover letter building, career goals, skill assessments, interview simulation inputs. Usage Data within Services: How you interact with specific features and functionalities.	AI is integral to many of our Services and is used for purposes such as: Parsing and extracting structured information from documents (e.g., resumes, job descriptions). Analyzing skills, experience, and job requirements. Generating content (e.g., resume sections, cover letters, job descriptions) based on user inputs and templates. Ranking, comparing, and matching candidates to job descriptions or vice-versa. Providing recommendations (e.g., similar candidates, career track suggestions, relevant vacancies). Assisting with profile anonymization or pseudonymization (where applicable). Powering AI-driven search functionalities.	Performance of a Contract: Processing is necessary to provide the specific subscribed Service as per your agreement with us (e.g., your subscription terms). Consent: For processing Personal Data you voluntarily upload, input, or generate within the Services (e.g., your resume details, your inputs for AI generation capabilities within the Service). Crucially, for Business Customers using services like ATS, consent (or another valid legal basis) must be obtained by the Business Customer from third-party individuals (e.g., job applicants) whose data is being processed. Legitimate Interest: For internal analysis features that support the user (e.g., efficient candidate ranking for a recruiter, improving search relevance for a job seeker). For features like recommendations or search functionalities within the scope of the subscribed service.	Content data is retained while your subscription is active and the data is needed for the Service. May be deleted upon subscription termination or after a defined inactivity period, subject to contract terms, user-initiated deletion, and backup cycles. Data necessary for legal or regulatory compliance may be retained longer.
4. Processing Subscription Payments	Name, billing address, subscription details. (Payment card details processed by Stripe or similar Payment Processor).	N/A	Performance of a Contract (to fulfill the subscription purchase).	Transaction data retained as required by financial and tax regulations.
5. Communicating with You (Support, Service Updates, Feedback)	Name, email address, communication history, query details.	N/A	Performance of a Contract (support related to your subscription); Legitimate Interest (responding to inquiries, providing essential service updates, gathering feedback).	For the duration necessary to resolve the query/provide support, plus a reasonable period for record-keeping and quality assurance.
6. Improving Site and Services (Analytics, Usage Analysis, AI Model Training)	Aggregated or anonymized usage data, Cookies (analytics), IP address (can be anonymized where feasible), feedback.	AI models may be trained or further improved using anonymized, de-identified, or aggregated data derived from service usage to enhance performance, accuracy, and features. Personal Data directly identifying individuals is not used for this purpose without separate explicit consent (if ever required for specific model training scenarios not covered by anonymization).	Legitimate Interest (to understand service usage, improve offerings, develop new features, ensure service stability and security); Consent (for non-essential analytics Cookies and any direct use of personal data for model training if not anonymized, though this is not the primary approach).	Anonymized/aggregated data may be kept indefinitely. Raw analytics data typically kept for a standard period (e.g., 14-38 months depending on the tool).
7. Marketing Communications (Optional, e.g., newsletters, promotions, information about new or related services)	Name, email address, interaction history with marketing communications (e.g., opens, clicks), service usage patterns (to identify relevant offerings).	N/A	Consent (obtained explicitly, e.g., via a separate subscription form for newsletters).	Until you withdraw consent (unsubscribe).
8. Legal and Regulatory Compliance	Any relevant data required by law, legal process, or requested by competent authorities.	N/A	Legal Obligation.	As required by the specific legal or regulatory obligation (e.g., data retention for financial records, responding to legal requests).
9. Security, Fraud Prevention, and Enforcement of Terms	IP address, login attempts, usage patterns, account information, communication records (if relevant to an investigation).	N/A	Legitimate Interest (to protect our Site, Services, data, and users; to investigate potential fraud or misuse; to enforce our contractual terms).	As long as necessary for security monitoring, investigation, and enforcement purposes, often aligned with log retention periods or the duration of any dispute or investigation.

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share your Personal Data in the following circumstances:

Service Providers (Data Processors): We share data with third-party vendors who perform services on our behalf, such as:
- Payment Processing: Stripe processes payments. They receive necessary billing information directly. (See Stripe's Privacy Policy).
- Hosting and Infrastructure: Our Services and data are hosted on servers provided by third parties. They process data under our instructions.
- Analytics Providers: E.g., Google Analytics [EI2.1][SL2.2](if used), subject to your consent for non-essential cookies.
- Communication Tools: E.g., Email service providers for sending service updates or marketing emails (with consent). These providers are contractually bound to protect your data and use it only for the purposes we specify.
Legal Requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Business Transfers: In the event of a merger, acquisition, sale of assets, or bankruptcy, your Personal Data may be transferred as part of the transaction, subject to the receiving party adhering to promises made in this Privacy Policy or notifying you of changes.
With Your Consent: We may share your information with other third parties when we have your explicit consent to do so.
Within Cyberia LLC FZ: Data may be accessed internally by authorized personnel on a need-to-know basis for providing Services, support, and administration.

6.1. Data Sharing Between Cyberia Services (Integration & User Choice)

Our Services are designed to work together, offering potential benefits through interconnection. For example, data can seamlessly flow from CV Parser can seamlessly flow into ATS upon your action.

We want to be clear: Your Personal Data is NOT shared between different Services if that sharing involves using it for a new purpose or making it accessible to different user groups (like sharing a B2C candidate's profile with recruiters using our ATS) unless you actively and explicitly choose to enable this.

Where such integration offers a clear benefit to you (for instance, increasing your visibility to potential employers or recruiters), we will present this option prominently within the relevant Service interface. This will be presented as a clear choice for you to opt-in (e.g., by ticking an unticked checkbox or activating a toggle). The request will clearly explain:

What specific data would be shared if you opt-in (e.g., "Your СV profile, including work experience and skills").
The specific purpose of the sharing (e.g., "To make your profile searchable by verified recruiters using Cyberia ATS, increasing your chances of being contacted for relevant job opportunities").
Who might access the data if you opt-in (e.g., "Recruiters who are subscribed users of Cyberia ATS").

Making this choice is entirely optional. You are never required to consent to this type of cross-service data sharing to use the core features of the Service you initially signed up for. You will have control to manage these sharing preferences and can withdraw your consent for such specific sharing at any time through your account settings or the relevant Service interface. Withdrawing consent will not affect the lawfulness of any sharing that occurred before you withdrew it.

7. International Data Transfers

7.1. Our Services may only be used upon entering into an agreement with us, including by accepting our offer. You acknowledge that for the Services to function properly — and for the agreement to be fulfilled — your Personal Data may be transferred to countries outside your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. Upon written request, we can provide a list of the relevant destination countries.

7.2. When the performance of a contract requires the transfer of your Personal Data abroad for processing, we ensure that such countries provide an adequate level of protection for your data. Where necessary, we implement appropriate safeguards, including binding contractual obligations, to uphold the security and confidentiality of your Personal Data.

8. Data Security

8.1. We implement appropriate technical and organizational security measures designed to protect the security of any Personal Data we process. These measures are aimed at preventing accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. These measures include, but are not limited to, data encryption where appropriate, access controls to our systems, secure network architectures, regular security assessments, and staff training on data protection.

8.2. However, please remember that despite our efforts, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Absolute security cannot be guaranteed. Transmission of personal information to and from our Site and Services is at your own risk. You should only access the services within a secure environment. You are also responsible for maintaining the security of your account credentials, including your password, and we urge you not to share your password with anyone.

9. Your Data Protection Rights

Depending on your location and applicable law, you may have the following rights regarding your Personal Data we hold:

Right of Access: You have the right to request copies of your Personal Data that we process.
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete.
Right to Erasure ('Right to be Forgotten'): You have the right to request that we erase your Personal Data, under certain conditions (for example, if the data is no longer necessary for the purpose for which it was collected, or if you withdraw consent and there is no other legal ground for processing).
Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Data, under certain conditions (for example, if you contest the accuracy of the data, or the processing is unlawful).
Right to Data Portability: You have the right to request that we transfer the Personal Data that you have provided to us to another organization, or directly to you, in a structured, commonly used, and machine-readable format, under certain conditions (specifically, where processing is based on consent or contract and is carried out by automated means).
Right to Object: You have the right to object to our processing of your Personal Data based on our legitimate interests, under certain conditions. You also have the absolute right to object to the processing of your Personal Data for direct marketing purposes.
Right to Withdraw Consent: Where our processing of your Personal Data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
Rights related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for entering into, or performance of, a contract between you and us, is authorized by Union or Member State law to which we are subject, or is based on your explicit consent.
Right to Lodge a Complaint: You have the right to lodge a complaint with a competent data protection supervisory authority (for example, the authority in your EU Member State of residence or place of work, or the UAE Data Office, where applicable) if you believe that our processing of your Personal Data infringes applicable data protection laws.

To exercise any of these rights, please contact us using the contact details provided in Section 13. We will consider and act upon any request in accordance with applicable data protection laws. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Cookies

10.1. We use Cookies and similar tracking technologies (like web beacons) to collect and use Personal Data about you, including to operate the Site, understand usage, and potentially serve interest-based advertising (with consent).

10.2. Types of Cookies we may use:

- Strictly Necessary Cookies: Essential for the Site and Services to function (e.g., authentication, security). Cannot be disabled.

- Performance/Analytics Cookies: Help us understand how visitors interact with our Site by collecting information anonymously (e.g., Google Analytics). Require consent.

- Functionality Cookies: Allow the Site to remember choices you make (e.g., language preferences). Require consent.

- Targeting/Marketing Cookies: Used to track visitors across websites to display relevant ads. Require consent.

10.3. Upon your first visit to the Site, you will be presented with a cookie consent banner. This banner allows you to accept or refuse the use of non-essential Cookies (i.e., Performance, Functionality, and Targeting Cookies). Strictly Necessary Cookies cannot be disabled, as they are essential for the Site's basic functionality.

11. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and as outlined in the table in Section 5. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and applicable legal requirements. Upon expiry of the applicable retention period, we will securely destroy or anonymize your Personal Data in accordance with our internal data retention policies and procedures.

12. Children's Privacy

Our Site and Services are not intended for use by children under the age of 18 (or the relevant age of majority in your jurisdiction). We do not knowingly collect Personal Data from children under this age. If we become aware that we have collected Personal Data from a child without verification of parental consent, we will take steps to delete that information promptly from our records. If you believe we might have any information from or about a child under the relevant age, please contact us using the details in Section 13.

13. Contact Us

If you have questions or comments about this Privacy Policy, wish to exercise your data protection rights, or have any concerns about our data practices, please contact us at:

Cyberia L.L.C-FZ
Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
Email: info@cyberia-tech.com

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We reserve the right to modify this Privacy Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our Site home page prior to the change becoming effective, and we will update the "Last Updated" date at the top of this Privacy Policy. Your continued use of the Site or Services after any changes constitutes your acceptance of the revised Policy.