We take your privacy seriously at Tyrogen. This Privacy Policy explains how we collect, use, store and share your personal data when you use our platform, including when you create a candidate or recruiter account, build a CV, view or apply for roles, complete assessments, or use any other Tyrogen services.

Who we are

Tyrogen Limited (company number: 16884876) is the controller of your personal data. In this policy, “Tyrogen”, “we”, “us” or “our” refers to Tyrogen Limited.

What information we collect

The personal data we collect depends on how you use Tyrogen. We may collect:

• Account and profile information – name, contact details (email address, telephone number), location (e.g. city or region), login details, account settings and preferences.
• Third-party sign-in information (Google / LinkedIn) – if you choose to sign in using Google or LinkedIn, we receive basic account information from the relevant provider (such as your name, email address and profile identifier) to create and authenticate your Tyrogen account. We do not store Google/LinkedIn access tokens or refresh tokens.
• CV and career information – education history, qualifications, skills, work experience, certifications, professional summaries and any other information you choose to include in your CV or profile.
• Uploaded documents and derived information – documents you upload (for example, CVs) and information extracted from those documents (for example, parsed text and structured fields) to help populate and improve your profile.
• Application and assessment information – jobs you view or apply for, messages you exchange with employers, assessment attempts and results, feedback associated with applications or assessments.
• Proctoring / invigilation data (where enabled) – where an assessment is proctored or invigilated, we may collect data required to administer and secure the assessment, which may include webcam video, microphone audio, and screen-sharing content (and related technical and session metadata). We may also collect identity verification outputs where checks are required.
• Recruiter / employer information – company details, role descriptions, requirements and criteria for roles, and contact details of hiring managers or recruiters.
• Payment and billing information – limited billing details when you or your organisation purchase paid services (for example, subscription details, billing contact details, and transaction information processed via our payment providers). Depending on the payment method, our payment providers may collect and process payment details such as card information, billing address, bank details, and fraud-prevention information. We do not store full payment card numbers on our own systems.
• Usage and technical data – IP address, device and browser type, pages viewed, links clicked, search queries, approximate location, and other usage data generated when you use Tyrogen (including via cookies and similar technologies).
• Communications – enquiries you send to us, feedback you provide, and your communication preferences (for example, whether you receive job alerts or marketing).

How we use your information

We use your personal data to provide and improve Tyrogen’s services, including to:

• Create and manage your Tyrogen account and profile.
• Authenticate you when you sign in using Google or LinkedIn.
• Help you build and maintain your CV and career profile.
• Parse uploaded documents (for example CVs) to extract text and structured information that helps populate your Tyrogen profile.
• Match you with relevant roles and surface suitable candidates for recruiters.
• Enable you to apply for roles, communicate with employers and track applications.
• Deliver and improve assessments, scoring and personalised recommendations.
• Deliver proctored / invigilated assessments (where applicable), including verifying identity, monitoring integrity, detecting suspicious behaviour, and investigating potential misconduct.
• Provide paid features and subscriptions, and manage billing and payments.
• Send you service-related communications (for example, account notifications or updates).
• Send you optional communications (for example, job alerts, product updates or marketing) where you have given your consent or where we are otherwise permitted by law.
• Maintain the security and integrity of our platform and investigate misuse or fraud.
• Analyse usage to maintain, protect and improve our services and user experience.
• Comply with our legal obligations and respond to valid legal requests from authorities.

Legal bases for processing

Under UK data protection law, we must have a lawful basis to process your personal data. Depending on the context, we rely on:

• Contract – where processing is necessary to provide our services, for example creating and maintaining your account, enabling job applications and delivering assessments.
• Consent – for example, where you choose to receive marketing communications, where we place certain non-essential cookies, or where you voluntarily upload additional information (such as a photo or video).
• Legitimate interests – for example, to improve and secure our platform, to better understand how our services are used, or to provide you with relevant job suggestions, provided these interests are not overridden by your rights.
• Legal obligation – where we must retain or share certain information to comply with the law (for example, tax or accounting requirements).

Cookies and similar technologies

We use cookies and similar technologies to make Tyrogen work, to understand how our services are used, and to improve your experience. Cookies are small text files stored on your device when you visit our website.

Tyrogen may use analytics tools to understand how our services are used and to improve performance and usability. For example, our mobile applications may use Google Firebase services (including Firebase Analytics) to measure aggregated usage and app performance. We do not use analytics for advertising, ad personalisation, or selling personal data.

Our website may implement Google Analytics (GA4) in the future to help us understand website usage (for example, pages visited and general traffic patterns). If and when we enable GA4, we will update this policy and (where required) provide appropriate choices regarding non-essential cookies.

We use, for example:

• Essential cookies – required for the site to function (for example, to keep you logged in and to remember your preferences).
• Analytics cookies – used only if enabled to understand how visitors use Tyrogen and to help us improve performance and usability.
• Functional cookies – to remember your settings and make your experience more convenient.
• Advertising or social media cookies – in some cases, to help us measure the effectiveness of campaigns or show more relevant content.

You can control cookies through your browser settings. If you choose to block certain cookies, some features of Tyrogen may not function properly.

We currently do not display a cookie consent banner. Where local law requires consent for non-essential cookies or similar technologies, we aim to implement appropriate consent controls before enabling such technologies.

Who we share your data with

We only share your personal data where necessary and permitted by law. This may include:

• Employers and recruiters – when you apply for a role, when you make your profile searchable, or otherwise choose to share your details with potential employers on Tyrogen.
• Service providers – trusted third parties who help us run our platform and services, such as hosting providers, analytics providers, email and communication tools, payment processors and other IT suppliers. These parties may only process your data on our instructions and under appropriate contractual safeguards.
• Payment providers – when you purchase paid services, payments may be processed by our payment providers (which may include Worldpay, Stripe and PayPal) and by the payment method networks you choose to use (for example Apple Pay, Google Pay, and card networks such as American Express). These providers process payment details to complete the transaction and may carry out fraud prevention and security checks.
• Firebase / Google services – Tyrogen uses Google Firebase services for certain functionality such as push notifications (Firebase Cloud Messaging) and (in our mobile applications) usage analytics (Firebase Analytics). Firebase may process device information and identifiers (such as push notification tokens) and usage events to deliver notifications and provide analytics.
• Cloud infrastructure (AWS) – Tyrogen is hosted on Amazon Web Services (AWS), including AWS EC2 in the London region (eu-west-2). AWS processes personal data on our behalf to provide hosting, storage, networking and security.
• Invigilation / real-time communications provider (Agora) – where proctoring or invigilation is enabled, we may use Agora (https://www.agora.io/) to provide real-time audio, video and/or screen sharing functionality. Agora may process certain personal data as our processor to deliver these features.
• Identity verification (TrustID) – where identity verification is required, we may use TrustID to help confirm your identity and reduce fraud. TrustID may process personal data as our processor (or as a separate controller, depending on the specific service and workflow).
• AI providers (including ChatGPT) – some Tyrogen features may use Large Language Models (LLMs) such as ChatGPT to assist with generating or summarising content, or analysing inputs. Where used, we aim to minimise the data shared and apply appropriate safeguards.
• Document parsing and AI providers (LlamaIndex / LlamaParse) – if you upload documents for parsing, we may use LlamaIndex’s LlamaParse service to extract information from those documents. LlamaParse may leverage third-party Large Language Model (LLM) and/or Large Vision Model (LVM) providers (for example OpenAI, Anthropic, Google Gemini, or Azure-hosted models) to perform the parsing.
• Group companies or business partners – where necessary for the provision of services or for internal reporting.
• Authorities, regulators or legal parties – where required to comply with legal obligations, court orders or to protect our rights or the rights of others.

International transfers

Some of our service providers may be located outside the United Kingdom or the European Economic Area. Where your personal data is transferred internationally, we take steps to ensure an appropriate level of protection, for example by using standard contractual clauses approved by the European Commission or other safeguards recognised under data protection law.

This may include transfers related to cloud hosting and document parsing / AI processing, where providers (or their sub-processors) operate globally.

Proctored / invigilated assessments

Some assessments may be delivered in a proctored or invigilated format to help protect the integrity of results. If an assessment requires invigilation, you may be asked to grant access to your webcam, microphone and screen sharing.

If you do not grant the required permissions, you may not be able to take a proctored assessment. Where required, we may also ask you to complete identity verification checks (for example using TrustID).

We will use this information to administer the assessment, monitor for potential misconduct, and investigate integrity concerns. We will retain and share any invigilation-related data only as necessary for these purposes and as described in this policy.

How long we keep your data

We keep your personal data only for as long as necessary for the purposes described in this policy, or as required by law. This usually means:

• For as long as you have an active Tyrogen account.
• For a period after your account becomes inactive, to enable easy reactivation, handle queries and comply with our legal obligations.

When we no longer need your data, we will either delete it or anonymise it so that it can no longer be used to identify you.

How we protect your data

We use technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration. These measures include access controls, encryption in appropriate places, secure development practices and regular monitoring of our systems. While no system is completely secure, we work continuously to keep your information safe.

Your rights

Under data protection law, you have rights in relation to your personal data. Subject to certain conditions, you may have the right to:

• Access a copy of the personal data we hold about you.
• Request that we correct incomplete or inaccurate information.
• Request that we delete certain personal data.
• Object to or restrict certain processing activities.
• Withdraw consent where we rely on consent (for example, for marketing).
• Request that we transfer your data to another provider (data portability), where applicable.

To exercise any of these rights, please contact us using the details below. We may need to verify your identity before responding.

Marketing communications

Where you have consented, we may send you job alerts, newsletters or other marketing communications. You can stop receiving these at any time by using the unsubscribe link in the message or by updating your preferences. We will still send you service messages that are necessary for the operation of your account.

Contact and complaints

If you have any questions, comments or concerns about this Privacy Policy or how we handle your personal data, you can contact us at:

• Email: admin@tyrogen.org

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you are not satisfied with how we handle your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first where possible.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements or how we process personal data. We will post the updated version on this page and, where appropriate, notify you by email or via the platform.

This policy was last updated on 19 January 2026.

Today is 25 January 2026.