Privacy Policy

Last updated: February 2026

1. Controller (Data Controller)

The controller responsible for processing personal data in connection with the Service is:

Alexander Vierdag (sole proprietor / Einzelunternehmen), operating under the business name "Interview Intelligence"
Am Mühlenbusch 56
42781 Haan
Germany
Email: contact@interviewintelligence.com

Further legal information is available in our Legal Notice (Impressum).

2. General Information

We take the protection of your personal data seriously. We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection laws.

This Privacy Policy explains:

  • what data we process,
  • for which purposes,
  • on which legal bases,
  • how long we store data,
  • with whom we share data,
  • and your rights as a data subject.

3. Categories of Data, Purposes, and Legal Bases

We process the following categories of personal data:

A) Website access / server log data

  • Data: IP address, date/time, requested page, referrer URL, device and browser information, and similar log data.
  • Purpose: operation of the website/app, security, fraud/abuse prevention, troubleshooting.
  • Legal basis: Art. 6(1)(f) GDPR (legitimate interests in secure and reliable operation).

B) Account registration and administration

  • Data: email address; password (stored only as a hash); authentication/session tokens; account settings.
  • Purpose: account creation, authentication, providing the Service, customer support.
  • Legal basis: Art. 6(1)(b) GDPR (performance of contract).

C) Use of the app (interview training features)

  • Data: text inputs (e.g., answers, notes), and (if you use mock interviews) audio/video content submitted by you for analysis; generated transcripts and feedback.
  • Purpose: providing mock interview functionality and AI-based feedback; displaying your results in the app.
  • Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Important note on recordings: We do not store your audio/video recordings on our servers. Where audio/video is used, it is processed for the purpose of generating transcripts/feedback and is transmitted to our AI service provider (OpenAI) for analysis (see Section 5.2).

D) Billing and payments

  • Data: subscription status, invoices/receipts, and payment-related information processed mainly by Stripe (e.g., payment method details, billing address).
  • Purpose: payment processing, fraud prevention, accounting and tax compliance.
  • Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(c) GDPR (legal obligations).

4. Hosting (Vercel)

We host the application with Vercel Inc. (USA). Vercel processes personal data on our behalf as a processor. We have concluded a data processing agreement (DPA) with Vercel.

Because Vercel is located in the USA, personal data may be transferred to a third country. Transfers are carried out using appropriate safeguards (see Section 7).

5. Service Providers / Recipients

We use the following third-party providers to operate the Service. Where required, we have concluded data processing agreements (DPAs).

5.1 Supabase (database and authentication)

We use Supabase for database hosting and authentication. Our Supabase project is hosted in Frankfurt, Germany.

  • Data processed: account data (email, hashed password), authentication data, application state, and data necessary to provide the Service.
  • Purpose: core app functionality and authentication.
  • Legal basis: Art. 6(1)(b) GDPR.

5.2 OpenAI (AI analysis)

We use the API of OpenAI, L.L.C. (USA) to analyze user inputs and generate feedback.

  • Data transmitted: your text inputs and, where applicable, the content necessary to generate transcripts/feedback (including audio/video content submitted for analysis and/or generated transcripts).
  • Purpose: providing AI-based analysis features.
  • Legal basis: Art. 6(1)(b) GDPR.

Data retention at OpenAI: According to OpenAI's documentation, by default certain API usage may generate abuse monitoring logs that can include customer content (e.g., prompts/outputs) and are retained for up to 30 days, unless longer retention is legally required. Depending on the configuration and availability for specific endpoints/customers, "zero data retention" options may be available. We configure the service to minimize data sharing where technically possible.

5.3 Stripe (payments)

Payments are processed via Stripe. The relevant Stripe entity depends on the transaction and may include Stripe Payments Europe, Ltd.

  • Data processed: payment method details and identifiers, billing address, transaction-related data.
  • Purpose: payment processing, fraud prevention, billing, accounting.
  • Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.

We do not store full credit card numbers on our servers. Please note that Stripe may act as a data processor and/or an independent controller depending on the processing activity.

6. Cookies

We use only technically necessary cookies (e.g., session/login cookies) required to operate the Service. If we introduce optional analytics or marketing cookies in the future, we will request consent where required.

7. International Data Transfers

Some providers are located outside the European Economic Area (EEA), in particular in the USA (e.g., Vercel, OpenAI, and potentially parts of Stripe's infrastructure).

Where personal data is transferred to third countries, we rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs) and additional measures where appropriate, as reflected in the providers' DPAs and compliance documentation.

8. Data Retention

We store personal data only as long as necessary for the purposes described above or as required by law.

Typical retention:

  • Account data: for the duration of the subscription; after termination, for a limited period necessary for support and legal compliance, unless deletion is requested and no legal obligations prevent deletion.
  • AI feedback / transcripts / results shown in the app: stored for as long as needed to provide the Service and to allow you to access your results; you may request deletion (subject to legal obligations).
  • Audio/video recordings: not stored on our servers.
  • Server logs: typically for a limited period (e.g., 30-90 days) for security and troubleshooting.
  • Billing and tax records: as required by applicable commercial and tax retention obligations.

9. Your Rights (GDPR)

You have the right to:

  • access (Art. 15 GDPR),
  • rectification (Art. 16 GDPR),
  • erasure (Art. 17 GDPR),
  • restriction of processing (Art. 18 GDPR),
  • data portability (Art. 20 GDPR),
  • object to processing based on legitimate interests (Art. 21 GDPR),
  • lodge a complaint with a supervisory authority (Art. 77 GDPR).

You may lodge a complaint with the supervisory authority responsible for your place of residence or work, or with the supervisory authority in North Rhine-Westphalia (NRW), Germany.

10. Data Security

We use appropriate technical and organizational measures to protect personal data, including SSL/TLS encryption in transit. However, no method of transmission over the internet is completely secure.

11. Contact

For privacy-related inquiries, please contact:

contact@interviewintelligence.com