Privacy Policy

Last updated: April 14, 2026

1. Information We Collect

When you use InterviewChamp.AI, we collect:

Account information: Name, email address, and password (hashed) when you sign up, or profile data from Google if you use Google Sign-In.
Resume data: Resumes you upload are parsed for text content to provide AI-powered answers during interviews. Files are stored securely on our servers.
Interview session data: Transcripts, AI-generated answers, and session metadata are stored to provide scorecard analysis and session history.
Usage data: Pages visited, features used, and session duration for improving the product.

2. How We Use Your Information

To provide real-time AI answers tailored to your resume and target role.
To generate post-interview scorecards and performance analysis.
To tailor your resume to specific job descriptions.
To save your preferences, session history, and documents.
To improve InterviewChamp's features and user experience.

3. Data Sharing & Subprocessors

We do not sell your personal data. We share data only with the subprocessors listed below. Which subprocessor receives your data depends on which AI model you pick in the app — you are always in control of the selection.

AI providers: OpenAI, Anthropic, Google (Gemini), Groq (Llama), and Perplexity (Sonar). Your interview context, resume, and questions are sent to whichever model you select in the session wizard. Each provider processes data per its own privacy policy.
Transcription: AssemblyAI may be used as a real-time speech-to-text provider when enabled. Audio is streamed for transcription but not retained by us. Local Whisper is used as an offline alternative when available.
Payments: Stripe processes all subscription and billing data. We never see or store your full card number.
Infrastructure: Railway (hosting), Neon (database), Cloudflare (DNS/CDN) process data as part of service delivery.
Analytics: Google Analytics 4 collects anonymous usage data to improve the product. We automatically honor the browser Do Not Track signal — if your browser sends DNT, analytics do not load.

4. Data Security

We protect your data with:

Passwords hashed with bcrypt (never stored in plain text).
JWT tokens with short expiration for session management.
HTTPS encryption for all data in transit.
PostgreSQL database with access controls.

5. Your Rights

You have the right to:

Access — view and export all data we hold about you. Profile → Account → Download My Data returns a full JSON export.
Rectification — edit your profile, name, email, and target role at any time from the Profile page.
Erasure — delete your account permanently. Profile → Account → Danger Zone → Delete Account removes all your data.
Object to processing — opt out of analytics via the Cookie preferences link in our footer or by enabling Do Not Track in your browser.
Portability — the data export in JSON is machine-readable and portable to other services.

We respond to all rights requests within 45 days. For California residents, see also our Do Not Sell or Share My Personal Information notice.

6. Data Retention

We retain your data only as long as needed to provide the service. Our standard retention periods:

Session transcripts and AI answers: retained until you delete the session, or 90 days after the session ends if you don't explicitly save it.
Uploaded resumes and documents: retained until you delete them from the Resume or Documents pages.
Account profile, preferences, and billing history: retained for the life of your account.
Server and application logs: retained for 30 days for debugging and security auditing, then automatically purged.
Stripe billing records: retained for 7 years as required by applicable financial and tax regulations. Stripe is the custodian of this data; we do not store full card numbers.
Deleted account grace period: when you delete your account, we hard-delete all associated data within 30 days. Backups containing the data are overwritten on a rolling 30-day cycle.

7. International Data Transfers

InterviewChamp is based in the United States. Our subprocessors (listed in Section 3) process data in the United States and the European Union. For users in the European Economic Area, United Kingdom, or Switzerland, personal data transferred outside your region is protected by Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) in place with each subprocessor. These clauses are the mechanism approved by the European Commission (EU 2021/914) and the UK Information Commissioner's Office for international transfers.

8. Audio & Transcription

InterviewChamp uses real-time speech-to-text (AssemblyAI Universal-Streaming, with local Whisper as an offline fallback) to transcribe audio. Audio is streamed for transcription but not retained by us after the transcript is produced. Only the resulting text transcripts are saved as part of your session data and are subject to the retention periods in Section 6.

9. Cookies & Local Storage

We use the browser's localStorage (not cookies) to store your authentication tokens, session preferences, and feature toggles. Google Analytics 4 (if you consented via the cookie banner) uses its own cookies to measure anonymous usage; you can revoke this at any time via the Cookie preferences link in our footer. We do not use third-party advertising or cross-site tracking cookies.

10. Data Protection Officer

InterviewChamp is not currently required under GDPR Article 37 to appoint a Data Protection Officer because our organization does not meet the size and processing-volume thresholds that trigger this requirement. Privacy inquiries, rights requests, and regulatory correspondence should be directed to [email protected]. If our organization grows to a size where a DPO is required, we will update this policy accordingly.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or in-app notification. The "Last updated" date at the top of this page always reflects the most recent revision.

12. Contact

For questions about this privacy policy or to exercise your rights, contact us at [email protected]. For California-specific requests, see also our Do Not Sell or Share notice.