Privacy Policy

Last updated: 25 April 2026

1. Who we are

Public Sector Sponsorship ("we", "us", "our") operates the website publicsectorsponsorship.co.uk (the "Service"), which helps users find UK government, NHS, and public sector jobs that offer Skilled Worker visa sponsorship and assists with related application materials. We are the data controller for personal data processed through the Service.

We are independent and not affiliated with the UK Government, NHS, Civil Service, or any local authority.

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, email address, password (hashed), phone number (optional), country of residence, current visa status, and whether you need sponsorship.
  • Career profile data: work experience, qualifications, certificates, registrations (e.g. NMC, GMC), personal statement content, target roles, bands, specialties, preferred locations, and salary expectations.
  • Application activity: jobs you save, jobs you mark as applied, notes, and AI-generated documents (CVs, cover letters, supporting statements).
  • Billing data: subscription tier, billing status, and Stripe customer/subscription identifiers. Card details are processed by Stripe and never stored on our servers.
  • Technical data: IP address, browser type, device information, and usage logs collected automatically when you use the Service.

3. How we use your data

We process your personal data to:

  • Provide and operate the Service (account, search, saved jobs, applications).
  • Generate tailored application documents using AI based on your profile and the job you select.
  • Process payments and manage subscriptions through Stripe.
  • Send transactional emails (account verification, password reset, billing).
  • Improve the Service, debug issues, and prevent abuse.
  • Comply with legal obligations.

4. Legal bases (UK GDPR)

  • Contract: to provide the Service you have signed up for.
  • Legitimate interests: to secure, improve, and analyse the Service.
  • Consent: where required (e.g. optional marketing emails). You can withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, and other statutory duties.

5. AI processing

When you generate a document, we send your selected profile information and the relevant job advert to a third-party AI provider (e.g. Google or OpenAI via the Lovable AI Gateway) to produce the output. We do not use your data to train third-party models, and providers are contractually restricted from doing so under their enterprise terms. Generated documents are stored in your account so you can access and edit them.

6. Sharing your data

We share data only with trusted processors who help us run the Service:

  • Supabase (Lovable Cloud) — database, authentication, file storage.
  • Stripe — payment processing and subscription management.
  • AI providers (Google, OpenAI) — document generation.
  • Email providers — transactional email delivery.
  • Hosting / CDN providers — to deliver the Service.

We do not sell your personal data. We may disclose data if required by law or to protect our legal rights.

7. International transfers

Some of our processors are based outside the UK/EEA. Where data is transferred internationally, we rely on UK-approved safeguards such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or adequacy decisions.

8. Data retention

  • Account and profile data: kept while your account is active.
  • Saved jobs, applications, and generated documents: kept while your account is active or until you delete them.
  • Billing records: retained for at least 6 years to comply with UK tax law.
  • On account deletion, personal data is deleted or anonymised within 30 days, except where we must retain it for legal reasons.

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time.
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

You can exercise most rights directly from your account settings (export, delete) or by contacting us.

10. Security

We use industry-standard security measures including TLS encryption in transit, encryption at rest, hashed passwords, row-level security on the database, and access controls. No system is 100% secure; please use a strong, unique password and notify us of any suspected unauthorised access.

11. Cookies

We use a small number of cookies, grouped into the following categories:

Strictly necessary cookies

Required for the Service to function. These keep you signed in, maintain your session, protect against cross-site request forgery, and remember your cookie preferences. They cannot be disabled.

Analytics cookies

Privacy-friendly, aggregated analytics that help us understand how the Service is used (e.g. which pages are visited). These do not identify individual users and we do not share this data with advertising networks.

Functional cookies

Remember preferences such as theme, dismissed banners, and recent searches to improve your experience. Disabling these will not break the Service but some preferences will reset between visits.

We do not use advertising or third-party tracking cookies.

12. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or via a notice on the Service. The "Last updated" date at the top indicates the latest revision.

14. Contact

For privacy questions or to exercise your rights, contact us via the contact page.