Privacy Policy
Last updated: April 7, 2026 Β· Effective date: 1 January 2025
Contents
1. Who We Are
Korsyl ("Korsyl", "we", "us", "our") operates the Korsyl Search Engine at https://korsyl.com. We are the data controller for personal data processed through this service.
For all privacy enquiries please contact us at [email protected].
2. What We Collect
We collect data in two ways β information you provide directly, and data generated automatically when you use the service.
2.1 Information you provide
| Data | When collected | Required? |
|---|---|---|
| First & last name | Registration | Yes |
| Username | Registration | Yes |
| Date of birth | Registration | Yes β used for age verification |
| Korsyl email address (auto-generated) | Registration | Yes β forms your identity |
| Recovery email address | Registration / Settings | Optional |
| Password (bcrypt hash β never plaintext) | Registration | Yes |
| Profile avatar image | Settings | Optional |
| Job application message | Job applications | Optional |
| Employer details (name, location, website, reg. number) | Employer registration | Required to become an employer |
| Files uploaded to Korsyl Drive | Drive usage | Optional |
2.2 Data generated automatically
| Data | Purpose |
|---|---|
| Search queries | Search history, results improvement |
| IP address (with searches) | Safety & spam prevention |
| Session cookie (essential) | Keeps you signed in |
| Timestamps (login, registration, etc.) | Account security |
We do not use advertising trackers, sell your data, or share it with third-party marketers.
3. How We Use Your Data
- Providing the service β authenticating your account, delivering search results, managing job listings and applications.
- Safety & moderation β detecting spam, protecting child accounts, reviewing employer applications.
- Parental controls β allowing parents to create and monitor child accounts within a Family plan.
- Communication β sending password-reset emails to your recovery email (if provided).
- Analytics β aggregated, anonymised data to understand how the search engine is used (only if you have not opted out of search logging).
- Legal compliance β retaining records as required by applicable law.
4. Legal Basis for Processing
| Processing activity | Legal basis (UK GDPR Art. 6) |
|---|---|
| Creating and managing your account | Contract performance (Art. 6(1)(b)) |
| Search logging / analytics | Consent (Art. 6(1)(a)) β you may opt out at any time in Settings β Privacy |
| Age verification & child protection | Legal obligation (Art. 6(1)(c)) + Vital interests (Art. 6(1)(d)) |
| Security monitoring | Legitimate interests (Art. 6(1)(f)) |
| Responding to legal requests | Legal obligation (Art. 6(1)(c)) |
7. Data Retention
- Account data β retained while your account is active. Deleted when you request account deletion (see Your Rights).
- Search logs β retained for up to 12 months, then automatically purged. You can clear your history at any time in Settings β History.
- Drive files β deleted immediately when you permanently delete them from the Trash.
- Job applications & messages β retained for up to 24 months after the associated listing is closed.
- Employer proof documents β retained for up to 3 years for compliance purposes, then securely deleted.
8. Your Rights
Under UK GDPR you have the following rights. To exercise them, visit Settings β Privacy or contact [email protected].
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Correct inaccurate data via Settings at any time.
Right to Erasure
Delete your account and all associated data from Settings β Privacy β Delete Account.
Right to Portability
Download your data as JSON from Settings β Privacy β Export My Data.
Right to Object
Opt out of search logging at any time in Settings β Privacy.
Right to Restriction
Request we restrict processing of your data while a complaint is resolved. Contact us at [email protected].
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.
9. Children & Family Accounts
Korsyl accounts require users to be 18 or older. Children under 18 may only use Korsyl through a parent-managed Family Account, where a parent or guardian:
- Creates and manages the child's account from their Settings page.
- Can view and clear the child's search history.
- Is responsible for ensuring the child uses the service safely.
Child accounts are automatically upgraded to adult accounts when the account holder turns 18 at their next login.
We do not knowingly collect data directly from children under 18 without parental consent.
10. Security
We take appropriate technical and organisational measures to protect your data:
- Passwords are hashed with bcrypt (cost 12) β never stored in plaintext.
- All database queries use parameterised statements to prevent SQL injection.
- Session cookies are set with HttpOnly and SameSite=Lax flags.
- CSRF tokens protect all form submissions.
- Uploaded files are stored under unpredictable names and served through authenticated endpoints.
No method of transmission or storage is 100% secure. If you discover a security issue, please disclose it responsibly to [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will display a notice on the Korsyl homepage. Continued use of Korsyl after changes constitutes acceptance of the updated policy.
12. Contact Us
Data Controller: Korsyl Search Engine
Privacy enquiries: [email protected]
Security disclosures: [email protected]