Privacy Policy

1. Introduction

At GetTheInterview.ai, your privacy and data security are our top priorities. This Privacy Policy explains what personal data we collect, how we use it, the legal basis for processing, your rights, and how to exercise them. It applies to all users of our Service, with additional rights for residents of the European Economic Area (EEA), United Kingdom, and other jurisdictions with applicable privacy laws.

2. Information We Collect

We collect the following categories of personal data:

Account & Identity Data

• First and last name
• Email address (your account email and a dedicated application inbox at @thouselaas.resend.app)
• Phone number and country code
• Profile picture (if signing in with Google)
• Password (stored as a one-way hash — we never store your plain-text password)

Employment & Preference Data

• Desired job roles
• Location (city, state, country), including whether you are in the European Economic Area
• Work authorization status
• Relocation and remote work preferences
• Employment type preference
• Salary expectations and start date
• LinkedIn, GitHub, and portfolio URLs
• Job search query identifiers (used internally to match your profile to job listings)

Resume & Application Data

• Resume files you upload (PDF format, stored for up to 90 days)
• AI-tailored resume versions generated for individual applications
• Cover letters drafted for applications
• Job application records: company name, role, URL, status, match score, form responses, and timestamps

Email Communications

• Incoming emails received at your application inbox, including sender, subject, body, and attachments
• Email classification metadata (e.g., whether an email is an interview request or rejection)

Technical & Usage Data

• IP address (collected during sign-in and account actions; anonymized for EEA users)
• Account activity logs (actions such as sign-in, sign-out, profile updates — used for security auditing)
• Session cookies (essential only; no advertising or tracking cookies)

Payment & Subscription Data

• Subscription plan, status, and billing cycle (managed by Stripe)
• We do not store credit card or payment instrument details — these are handled exclusively by Stripe

We do not collect legally protected sensitive attributes such as race, ethnicity, gender identity, veteran status, or disability status.

3. Legal Basis for Processing (GDPR)

For users in the EEA and UK, we process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the job application automation service you signed up for.
• Consent (Art. 6(1)(a)): Auto-applying on your behalf, storing and AI-processing your resume, receiving and storing employer emails, and sharing your profile with employers. You may withdraw consent at any time from your account settings.
• Legitimate interests (Art. 6(1)(f)): Security logging, fraud prevention, and service improvement, where these interests are not overridden by your rights.
• Legal obligation (Art. 6(1)(c)): Retaining anonymized transaction records where required by law.

4. How We Use Your Information

We use your information to:

• Use AI tools (Google Gemini) to tailor your resume and draft cover letters and application responses for individual job postings
• Auto-fill and submit job applications on your behalf
• Receive, classify, and forward employer emails to your primary inbox
• Match your profile to relevant job listings
• Maintain account access, security, and session management
• Process subscription payments via Stripe
• Send transactional emails (verification, notifications) via Resend

We do not sell your data to third parties.

5. Third-Party Service Providers & Data Transfers

We share personal data with the following third-party processors to operate our Service. Some of these processors are located in the United States. Where data is transferred outside the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework.

We do not share your data with employers beyond what is included in job applications submitted on your behalf. We do not share your data for marketing or advertising purposes.

6. AI Processing of Personal Data

With your consent, we use Google Gemini (an AI service) to process your resume content and job descriptions to generate tailored resumes and cover letters. This processing involves sending relevant portions of your personal data to Google's API. No automated decisions with legal or similarly significant effects are made solely by AI — you review tailored applications before they are submitted.

7. Data Security

We use industry‑standard security measures, including:

• Encrypted databases and HTTPS/TLS for all communications
• One-way password hashing (bcrypt)
• HTTPOnly, Secure, SameSite session cookies
• Webhook signature verification for all inbound third-party events
• Access controls preventing unauthorized access

Despite these protections, no online service can guarantee absolute security.

8. Your Rights

Depending on your region, you have the following rights:

• Right of Access (Art. 15): Download a copy of all personal data we hold about you via Settings → Download My Data.
• Right to Rectification (Art. 16): Update your profile information at any time from your dashboard.
• Right to Erasure (Art. 17): Delete your account and all associated personal data via Settings → Delete Account.
• Right to Data Portability (Art. 20): Export your data in JSON format via Settings → Download My Data.
• Right to Withdraw Consent (Art. 7(3)): Revoke individual consents (e.g., auto-apply, email storage) at any time from Settings → Privacy & Consent without affecting the legality of prior processing.
• Right to Object / Restrict Processing (Art. 21/18): Contact us to object to or restrict specific processing activities.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your national data protection authority.

To exercise rights not available self-service, contact [email protected]. We will respond within 30 days.

9. Account Deletion & Data Erasure

When you delete your account:

• Your profile, resume files, job applications, and stored emails are permanently deleted
• Your Stripe payment profile is deleted from Stripe's systems
• Activity logs are anonymized (personal identifiers removed; action types retained for security auditing)
• Deletion is irreversible — we recommend downloading your data first

10. Data Retention

• Resume files: automatically deleted after 90 days from upload
• Account data: retained while your account is active; deleted immediately upon account deletion request
• Anonymized activity logs: retained for up to 12 months for fraud prevention and security
• Anonymized transaction records: retained as required by applicable financial regulations

11. Cookies and Tracking

We use only essential session cookies to maintain your authenticated session. These cookies are HTTPOnly, Secure, and SameSite=Lax. We do not use advertising, analytics, or third-party tracking cookies. No cookie consent is required beyond acknowledging this policy.

12. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or a prominent notice on our website. The "last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

14. Contact & Data Controller

GetTheInterview.ai is the data controller for personal data processed under this policy.
For privacy inquiries, data requests, or to exercise your rights:
Email: [email protected]