Privacy Policy
Effective date: March 29, 2026
This Privacy Policy explains how InterviewCraft collects, uses, and protects your personal data. We are committed to being transparent about our practices.
1. Data We Collect
Account data: Your email address and a bcrypt-hashed password. We never store your plain-text password.
Session transcripts: The text of your spoken answers during interview sessions. Audio is processed in real-time by our speech-to-text provider and is never stored on our servers or to disk.
Skill data: Scores, trends, and history generated from your sessions. This is the core of what makes InterviewCraft useful.
Resume data: If you upload a resume, we store the extracted text and a structured profile (role, skills, experience summary). The original file is not retained.
API keys (BYOK): If you provide your own API keys, they are encrypted at rest with symmetric encryption before being stored. They are only decrypted in memory for the duration of your active session, then discarded. They are never logged or visible to InterviewCraft staff.
Usage logs: Token counts, latency, and cost data per API call for billing transparency. These logs do not contain your answers or transcripts — only session IDs and metrics.
2. How We Use Your Data
- To provide and improve the Service (scoring, skill tracking, drill plans)
- To send weekly email digests if you opt in via Settings
- To display your API usage and cost in your dashboard
- To detect and prevent abuse of the free session allocation
We do not:
- Sell your data to any third party
- Use your transcripts or answers to train AI models without explicit opt-in consent
- Share your data with advertisers
- Use your data for purposes other than operating the Service
3. Third-Party Processors
To operate the Service, we send your data to the following processors:
| Provider | Purpose | Data sent |
|---|---|---|
| Anthropic (Claude) | AI voice interviewer, scoring, feedback | Transcript text, session context |
| Deepgram | Speech-to-text transcription | Real-time audio stream (not stored) |
| ElevenLabs | Text-to-speech (AI voice) | Interviewer response text |
| Fly.io / Vercel | Hosting and infrastructure | Encrypted data at rest |
If you use BYOK, your API calls go directly to the provider using your own key — InterviewCraft is not a party to those calls.
4. Data Retention
- Session transcripts and skill data: retained until you delete your account
- Word-level timestamps: automatically deleted after 14 days
- Email digest logs: not retained (fire-and-forget)
- API usage logs: retained for 90 days for billing transparency, then deleted
5. Your Rights (GDPR & CCPA)
Depending on your location, you may have the following rights:
- Access: Request a copy of all data we hold about you
- Rectification: Correct inaccurate data
- Erasure (Right to be Forgotten): Delete your account and all associated data via Settings → Delete Account
- Portability: Export your session history and skill data
- Objection: Opt out of any non-essential data processing
To exercise any of these rights, use the in-app controls in Settings, or email privacy@interviewcraft.ai. We will respond within 30 days.
6. Security
- All data in transit is encrypted via TLS 1.2+
- Passwords are hashed with bcrypt (never stored in plain text)
- BYOK API keys are encrypted at rest with AES-256
- Audio never touches our servers — processed in real-time, then discarded
- Database access is restricted to application services only
7. Cookies
InterviewCraft stores your access token in memory only (never in localStorage or sessionStorage). A session cookie (refresh_token) is set as httpOnly and SameSite=Lax — JavaScript cannot read it. We do not use tracking cookies or third-party analytics scripts.
8. Children's Privacy
The Service is not directed to children under 16. If you believe a child under 16 has created an account, contact us at privacy@interviewcraft.ai and we will delete the account promptly.
9. Changes to This Policy
We will notify you by email or in-app notice at least 14 days before material changes to this policy take effect.
10. Contact
Data controller: InterviewCraft
Email: privacy@interviewcraft.ai