JobnTop

Data Processing Agreement

Effective date: 7 May 2026

Purpose and Scope

This Data Processing Agreement ("DPA") describes how JobnTop processes personal data when operating the talent marketplace at jobntop.com. It supplements the Privacy Policy and Terms of Service and applies to all personal data processed through the Service.

Roles: Controller vs Processor

Where JobnTop is the Controller

JobnTop acts as a data controller for:

  • Candidate account and profile data — Name, email, headline, biography, nationality, location, phone, work experience, education, and skills.
  • Employer account data — Company information and contact details.
  • CV Builder data — CV versions and AI generation metadata.
  • Usage analytics — Aggregated and individual usage data for analytics and security.
  • Authentication and session data — Credentials and session tokens.

Where JobnTop is the Processor

When an Employer takes a Shortlist action, the Employer becomes a separate and independent data controller for their use of the disclosed Candidate contact data. Employers must comply with all applicable data protection laws in their use of Candidate contact details obtained through the Service.

Subject Matter and Duration of Processing

JobnTop processes personal data for as long as accounts are active and for a reasonable period thereafter, per the Privacy Policy Data Retention section.

Categories of Personal Data Processed

  • Identity data — Name, display name, professional headline.
  • Contact data — Email address, phone number.
  • Profile data — Biography, nationality, location, work experience, education, skills.
  • Generated content — AI-assisted CV versions and metadata.
  • Technical data — IP address, browser information, session tokens.
  • Behavioural data — Pages visited, search queries, click events, shortlist actions.
  • Employer data — Company name, description, industry, contact information.
  • Job listing data — Titles, descriptions, requirements submitted by employers.

Categories of Data Subjects

  • Candidates in Kuwait, the Gulf region, and internationally.
  • Employer representatives (HR managers, recruiters, hiring managers).
  • Unregistered visitors to the Service.

Subprocessors

Supabase, Inc. — Database hosting, authentication, file storage. US (primary) and EU (replication). SOC 2 Type II certified.

Vercel, Inc. — Web hosting, serverless functions, global edge delivery. GDPR-compliant DPA available.

OpenRouter, Inc. — AI inference for the CV Builder. Data not used to train models per agreement. US regions.

Polar.sh — Future payment processor and merchant of record. PCI DSS compliant for card data.

JobnTop will notify users of material subprocessor changes via a DPA update and legal_version advance.

Security Measures

  • Encryption — AES-256 at rest; TLS 1.2+ in transit.
  • Row-level security (RLS) — Users access only authorised data.
  • Audit logging — All administrative actions logged with actor, timestamp, and detail.
  • Least privilege — Minimum permissions for all systems and integrations.
  • Access review — Regular review of permissions and subprocessor certifications.
  • Incident response — Internal procedure for detecting, containing, and reporting breaches.

Data Subject Rights

JobnTop cooperates in responding to data subject rights requests within legal timelines. Employers are independently responsible for rights requests relating to data they hold as independent controllers.

Personal Data Breach Notification

In the event of a breach, JobnTop will notify affected users and supervisory authorities as required by law, including the nature of the breach, data categories affected, likely consequences, and remediation measures.

Audit Rights

Submit written requests to privacy@jobntop.com. We respond within 30 days.

International Data Transfers

Personal data may be transferred to the US and EU per the subprocessor arrangements. Contractual safeguards apply. Details at privacy@jobntop.com.

Return or Deletion at End of Processing

Upon account closure, JobnTop deletes or anonymises personal data per the Privacy Policy retention schedules. Residual data in backups is overwritten within the backup rotation cycle.

Liability and Indemnity

JobnTop's liability is limited per the Terms of Service. Employers who misuse Candidate data obtained through the Service bear sole responsibility for that processing.

Governing Law

This DPA is governed by the laws of the State of Kuwait. Disputes are subject to the exclusive jurisdiction of Kuwaiti courts.

Contact

Email: privacy@jobntop.com

JobnTop — Kuwait

We use cookies

We use essential cookies to run JobnTop, plus optional analytics and marketing cookies you can control. Learn more