Legal

Privacy Policy

Effective date: [DATE]

InterviewCaddy ("we," "us," "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights.

By using the Service, you agree to the practices described here.

1. Information We Collect

1.1 Information you provide

  • Account information: name, email address, password (hashed)
  • Profile information: resume content you upload, job descriptions, role and seniority preferences
  • Audio data: audio captured during mock interviews and Live Assist sessions, processed in real time to transcribe questions and answers
  • Payment information: handled directly by our payment processor (Stripe). We do not store full credit card numbers.
  • Support communications: emails and messages you send to support

1.2 Information we collect automatically

  • Usage data: features used, session counts, time spent in the application
  • Device information: operating system, application version, hardware identifiers (used for anti-abuse and licensing)
  • Performance data: error reports, latency measurements
  • IP address: collected when you access our website or use the application

1.3 Information we do NOT collect

  • Video feeds from your camera (the Service does not require camera access)
  • The interviewer's video, screen content, or shared materials beyond audio
  • Content from other applications running on your device
  • Your browsing history outside the Service

2. How We Use Your Information

We use your information to:

  • Provide and improve the Service
  • Process payments and manage your subscription
  • Generate AI-powered interview prompts and feedback specific to your resume and target role
  • Send you service-related communications (account updates, security alerts, billing notices)
  • Monitor and prevent abuse, fraud, and security incidents
  • Comply with legal obligations
  • With your explicit consent, send marketing communications (you can unsubscribe at any time)

3. AI Processing

Your resume, job descriptions, and session audio are processed by AI models to provide the Service's core features. Specifically:

  • Audio is transcribed in real time by our speech-to-text provider
  • Transcripts and your resume are sent to AI language model providers to generate prompts and feedback
  • AI providers process this data according to their own terms; they do not use it to train their models when accessed through our enterprise integrations

3.1 We do NOT use your data to train AI models

Your resume, job descriptions, session audio, and transcripts are NOT used to train any AI model — ours or our providers'.

3.2 Third-party AI providers

We use the following providers, each subject to their own privacy commitments:

  • Anthropic, OpenAI, Google (large language models)
  • Deepgram (speech-to-text, text-to-speech)

These providers have data processing agreements with us that prohibit training on our customers' data.

4. Data Storage and Security

4.1 Storage

  • Account and profile data is stored on encrypted servers managed by Supabase
  • Audio is processed in transit and is not retained as raw audio after transcription
  • Transcripts of practice sessions are stored for your reference and may be deleted by you at any time
  • Live Assist session content is not retained beyond the session unless you explicitly save it

4.2 Encryption

All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted at the infrastructure layer. Authentication uses industry-standard session management.

We do not currently use application-level encryption for content such as resumes and session transcripts. Our staff with authorized database access can read this content for support, debugging, or operations purposes. All such access is logged and limited to documented needs.

4.3 Access controls

Access to user data within our organization is limited to authorized personnel who need it for support, debugging, or operations. All access is logged.

4.4 Security incidents

In the event of a security breach affecting your data, we will notify you within 72 hours of discovery, in accordance with applicable law.

5. Sharing of Information

We do NOT sell your personal information.

We share information only in the following circumstances:

  • With your consent: when you explicitly authorize sharing
  • With service providers: to operate the Service (e.g., Stripe for payments, Supabase for hosting, AI providers for model inference)
  • For legal compliance: when required by law, court order, or to protect rights, safety, or property
  • In a business transfer: in the event of a merger, acquisition, or sale of assets, with notice to you

6. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your information ("right to be forgotten")
  • Export your information in a portable format
  • Object to or restrict certain processing
  • Withdraw consent for marketing communications

To exercise these rights, email privacy@interviewcaddy.com or use the account settings in the application.

We will respond to requests within 30 days, or as required by applicable law.

6.1 Account deletion

You can delete your account at any time from within the application. Upon deletion:

  • Your profile, resume, transcripts, and session data are permanently removed within 30 days
  • Some data may be retained longer if required by law (e.g., financial records for tax purposes)
  • Anonymized usage statistics may remain in aggregate analytics

7. International Users

InterviewCaddy is operated from Canada. By using the Service, you consent to the transfer and processing of your information in Canada and other countries where our service providers operate, including the United States.

We comply with applicable data protection laws including GDPR (for EU users), PIPEDA (Canada), and CCPA (California).

8. Children

The Service is not intended for users under 18. We do not knowingly collect information from children under 18. If you believe we have collected such information, contact us immediately.

9. Cookies and Tracking

Our website uses minimal cookies for:

  • Session authentication
  • Anonymized analytics (page views, conversion tracking)

We do NOT use:

  • Third-party advertising cookies
  • Cross-site tracking
  • Fingerprinting techniques

You can disable cookies in your browser settings; some features may not work properly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email at least 30 days before they take effect.

11. Contact

For privacy questions or to exercise your rights:

Data Protection Officer (for GDPR inquiries): privacy@interviewcaddy.com