Privacy Policy
Effective Date: 8 June 2026 | Version 1.1 | UAE Federal Decree-Law No. 45 of 2021 (PDPL)
This Privacy Policy explains how The Motor Guild collects, uses, stores, and protects your personal data. It applies to all users of The Motor Guild platform (www.themotorguild.com and related subdomains), including Members, Recruiters, Consultants, and visitors. By registering or continuing to use The Motor Guild, you acknowledge that you have read and understood this policy.
Who We Are
The Motor Guild (referred to as "TMG", "we", "us", or "our") is a closed, invitation-based professional network for the GCC automotive industry. TMG operates as a platform connecting automotive professionals with recruiters, clients, and consulting opportunities across the Gulf Cooperation Council region.
| Platform name | The Motor Guild |
| Website | www.themotorguild.com |
| Data Controller | The Motor Guild |
| Privacy contact | privacy@themotorguild.com |
| Primary jurisdiction | United Arab Emirates |
| Applicable law | UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) |
Data We Collect
We collect the following categories of personal data, depending on how you use the platform:
| Category | Examples | Purpose |
|---|---|---|
| Identity & Profile | Full name, photo, job title, current employer, GCC location, LinkedIn URL, sector tags, availability status | Platform membership, recruiter and consulting search, AI matching |
| Authentication | Email address, password (hashed), OAuth tokens (LinkedIn OIDC sign-in) | Account creation, login, identity verification |
| Professional History | Previous roles, companies, date ranges, skills, career descriptions (provided voluntarily) | Profile completeness, AI match analysis, recruiter search |
| AI-Processed Data | CV/resume text (uploaded or pasted), job descriptions, consulting enquiry transcripts | AI match scoring, narrative generation, consulting brief creation |
| Communications | Messages sent on the platform between members, recruiters, and consultants | In-platform messaging, support |
| Usage & Analytics | Pages visited, features used, session duration, device type, browser, IP address | Platform performance, bug fixing, product improvement |
| Payment Data | Transaction amounts, billing currency (AED), payment status | Processing consulting fees and Mystery Shopping product payments via PayTabs |
| Enquiry Data | Consulting enquiry content from the AI chatbot, contact details submitted via enquiry forms | Routing enquiries to consultants, service delivery |
We do not collect your full payment card number, CVV, or bank account details. Payment card data is handled exclusively by PayTabs under PCI-DSS compliance. TMG only receives transaction confirmation and status.
How We Use Your Data
We process your personal data for the following purposes. Under the UAE PDPL, we rely on one or more of the following legal bases: (a) performance of a contract with you, (b) your consent, (c) our legitimate interests, or (d) compliance with a legal obligation.
3.1 Platform Membership & Profile
- •Creating and maintaining your member account and profile
- •Displaying your profile to other verified TMG members based on your visibility settings
- •Enabling platform features: directory, community discussions, member search
- •Sending account notifications, updates, and platform communications
3.2 Recruitment Services
- •Matching candidate profiles to recruiter job postings using AI analysis
- •Generating AI match scores, narrative strengths and gaps, and interview questions based on your profile and uploaded CV
- •Enabling recruiters to manage application pipelines, view profiles, and communicate with candidates
- •Notifying recruiters when a candidate they have saved changes their availability status
3.3 Consulting Services
- •Processing consulting enquiries submitted via the TMG chatbot or enquiry forms
- •Matching enquiries to available TMG consultants by sector, expertise, and availability
- •Facilitating project briefing, proposal creation, and engagement management
- •Sending engagement confirmations and calendar booking links to clients
3.4 Payment Processing
- •Processing payments for consulting engagements and the Mystery Shopping audit product (AED 299) via PayTabs
- •Maintaining transaction records for accounting and legal compliance
3.5 AI-Powered Features
- •Running AI match analysis on CVs and job descriptions to produce match scores, labels, strengths, gaps, and interview questions
- •Processing consulting enquiry transcripts to extract structured project briefs
- •We do not use your personal data to train AI models. AI outputs are used solely for service delivery within the platform.
3.6 Platform Safety & Improvement
- •Detecting and preventing fraud, abuse, and unauthorised access
- •Monitoring platform performance and diagnosing technical issues
- •Conducting internal analytics to improve features and user experience
- •Complying with applicable laws and regulatory requirements
AI-Powered Processing — Your Rights
The Motor Guild uses AI models (including those provided by OpenAI) to analyse CVs, job descriptions, and consulting enquiry content. This processing produces match scores, narratives, and recommended interview questions.
When a recruiter submits a job description and a candidate's CV is available, our AI generates: (1) a match score (0–100), (2) a match label (Strong / Partial / Weak), (3) a narrative of strengths and gaps, and (4) suggested interview questions. This output is presented to the recruiter to assist their decision — it does not automatically accept or reject any candidate.
Our AI does not make final hiring or engagement decisions on its own. All AI outputs are advisory. A human (the recruiter or TMG admin) reviews AI analysis before any action is taken. We do not use your personal data to train AI models or share it with AI providers for training purposes.
Under the UAE PDPL, you have the right to request human review of any automated decision that significantly affects you. To exercise this right, contact us at privacy@themotorguild.com.
Cookies & Analytics
The Motor Guild uses cookies and similar technologies to operate the platform and understand how it is used.
| Cookie Type | Examples | Purpose |
|---|---|---|
| Essential (required) | Session token, auth cookie | Necessary for login and platform security. Cannot be disabled. |
| Functional | Language preference, UI state | Remembers your settings across sessions. Can be disabled. |
| Analytics | Page view data via Supabase telemetry | Helps us understand which features are used. Anonymised where possible. |
You can manage cookie preferences through your browser settings. Disabling essential cookies will prevent you from logging in to the platform.
Who We Share Your Data With
We do not sell your personal data. We share data only with trusted service providers under data processing agreements, and only to the extent necessary to deliver the platform:
| Provider | Role | Data Shared | Location |
|---|---|---|---|
| Supabase | Database & authentication infrastructure | All user profile and platform data | USA (SOC 2 certified) |
| OpenAI | AI match analysis & enquiry processing | CV text, job descriptions, enquiry transcripts (no names) | USA (DPA in place) |
| PayTabs | Payment processing | Transaction amount, currency, status — no card data | UAE / KSA (PCI-DSS) |
| Resend | Transactional email delivery | Email address, name, notification content | USA (DPA in place) |
| LinkedIn (OIDC) | Sign-in & profile import (with your consent) | Name, email, photo, headline — only on first sign-in | USA / Global |
| n8n (if used) | Workflow automation for AI Mystery Shop product | Audit target URLs, test results — no member personal data | Self-hosted / Cloud |
We may also disclose personal data where required by UAE law, court order, or regulatory authority, or where necessary to protect the rights, safety, or property of TMG, our members, or the public.
International Data Transfers
Some of our service providers are located outside the UAE. When we transfer personal data outside the UAE, we take steps to ensure compliance with the UAE PDPL, including:
- •Transferring only to countries or organisations that offer an adequate level of data protection
- •Relying on standard data processing agreements with providers such as Supabase, OpenAI, and Resend
- •Minimising the data transferred — for example, sending only anonymised CV content to AI processing services where full identity data is not required
If you have questions about the safeguards in place for international transfers, contact us at privacy@themotorguild.com.
How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes set out in this policy, or as required by applicable law:
| Data Category | Retention Period |
|---|---|
| Member profile & account data | Deleted within 30 days of a confirmed self-serve deletion request; anonymised thereafter. Legally-retained records (payments, invoices, audit logs) kept for 7 years per UAE law |
| CV and job description data (AI processing) | Up to 12 months after the relevant recruitment engagement closes, then deleted |
| Consulting enquiry transcripts and briefs | Up to 3 years for business record purposes |
| Payment transaction records | 7 years (UAE commercial law requirement) |
| Usage and analytics data | 13 months from collection, then aggregated or deleted |
| Messages and communications | Anonymised within 30 days of account deletion; retained for 1 year total where required by law |
| Cookies (session) | Deleted when you close your browser session |
| Cookies (functional / analytics) | Up to 13 months |
Your Rights Under the UAE PDPL
As a data subject under UAE Federal Decree-Law No. 45 of 2021, you have the following rights regarding your personal data:
| Your Right | What It Means |
|---|---|
| Right to Access | You can request a copy of the personal data we hold about you, including how it is being used and with whom it is shared. |
| Right to Rectification | If any of your personal data is inaccurate or incomplete, you can request that we correct or update it. |
| Right to Erasure | You can request deletion via Settings → Danger Zone. A 30-day grace period applies, during which you may cancel. After the grace period, personal data is anonymised and your authentication identity is disabled. Some records (payments, invoices, audit logs, community content) are retained in anonymised form for legal or regulatory reasons. |
| Right to Restriction | You can request that we limit how we use your data in certain circumstances — for example, while we verify a rectification request. |
| Right to Data Portability | You can request your personal data in a structured, machine-readable format to transfer to another service. |
| Right to Object | You can object to our processing of your data where we rely on legitimate interests as our legal basis. |
| Right to Human Review | Where a decision affecting you is made solely by automated means (such as AI match scoring), you can request that a human reviews the decision. |
| Right to Withdraw Consent | Where processing is based on consent (e.g., LinkedIn sign-in), you can withdraw consent at any time without affecting prior processing. |
Contact us at privacy@themotorguild.com. We will respond within 30 days of receiving your request. We may ask you to verify your identity before processing your request. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.
Self-Serve Account Deletion
You can initiate account deletion at any time from Settings → Danger Zone. The process is designed to give you full control while protecting the integrity of the platform and other members.
How it works
- •Click 'Request account deletion' in Settings → Danger Zone.
- •Review any active blockers (unpaid invoices, open jobs, active campaigns, pending engagements). Resolve these first.
- •Re-authenticate with your password or OAuth provider to verify identity.
- •Type DELETE exactly to confirm the irreversible request.
- •Your account enters a 30-day grace period immediately. You are signed out and your profile is hidden.
- •You may cancel the deletion at any time during the grace period via the cancellation link sent to your email.
- •At the end of the 30-day grace period, your personal data is automatically anonymised and your authentication identity is permanently disabled.
What gets deleted, anonymised, or retained
| Category | Treatment | Detail |
|---|---|---|
| Profile photo & avatar | Deleted | Permanently removed from storage. |
| Contact details (email, phone) | Deleted | Removed from profile and private records. |
| Social links & private fields | Deleted | LinkedIn URL, bio, and other personal fields erased. |
| Push subscriptions & device tokens | Deleted | All notification endpoints cleared. |
| Community posts & comments | Anonymised | Content remains visible but attributed to 'Former member'. |
| Messages & direct communications | Anonymised | Attributions updated to 'Former member'; retained for 1 year where required. |
| Payment & invoice records | Legally retained | Kept for 7 years per UAE tax/commercial law, linked to anonymised 'Former member' label. |
| Consulting engagement history | Legally retained | Contract records preserved for legal compliance, anonymised. |
| Platform audit logs | Legally retained | Security and access logs kept for 7 years with anonymised user identifier. |
Personal data is deleted or anonymised within 30 days of a confirmed deletion request. Legally-retained records are held for the periods required by UAE Federal Decree-Law No. 11 of 2023 (Tax Procedures) and other applicable regulations, after which they are securely destroyed.
Data Security
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures, including:
- •Encryption of data in transit using TLS (HTTPS) and at rest via Supabase's AES-256 encryption
- •Row-Level Security (RLS) policies in our database, ensuring members can only access their own data
- •Authentication via Supabase Auth with secure password hashing and optional OAuth (LinkedIn)
- •Access controls limiting platform administrator access to authorised personnel only
- •Regular security reviews of the platform and its third-party integrations
- •PCI-DSS compliant payment processing via PayTabs — card data never touches our servers
Despite these measures, no method of transmission over the internet is 100% secure. If you suspect a security breach affecting your data, contact us immediately at privacy@themotorguild.com.
Children's Privacy
The Motor Guild is a professional platform intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us at privacy@themotorguild.com and we will delete it promptly.
Links to Third-Party Platforms
Our platform may contain links to third-party websites or platforms, including LinkedIn. This Privacy Policy applies only to The Motor Guild platform. We are not responsible for the privacy practices of external websites. We encourage you to read the privacy policies of any third-party sites you visit.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- •Post the updated policy on the TMG platform with a new effective date
- •Notify registered members by email at least 14 days before significant changes take effect
- •Where required by law, seek your consent for material changes to how we process your data
Your continued use of the platform after the effective date of any updated policy constitutes acceptance of those changes. If you do not agree, please discontinue use and contact us to close your account.
Contact Us & Complaints
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
| Privacy enquiries | privacy@themotorguild.com |
| General contact | hello@themotorguild.com |
| Platform | www.themotorguild.com |
| Response time | We aim to respond to all privacy requests within 30 days |
If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with the UAE competent authority responsible for data protection — the UAE Telecommunications and Digital Government Regulatory Authority (TDRA), or the ADGM / DIFC regulators where applicable to your situation.
Effective: 8 June 2026 | Version 1.1 | UAE PDPL Compliant