This Privacy Policy describes how InterBoostAI ("we," "us," or "our") collects, uses, stores, and protects personal information when you access or use our AI-powered interview preparation platform (the "Service"). This policy applies to all users worldwide.
1. Introduction & Scope
InterBoostAI is a SaaS platform that uses artificial intelligence to help users practice and improve their interview skills. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with this policy, do not access or use the Service.
2. Information We Collect
We collect the following categories of data:
2.1 Account Information
- Email address (via Clerk authentication)
- Full name (optional)
- User ID (generated by Clerk)
- Authentication data (login timestamps, session tokens)
2.2 Documents & Interview Data
- Uploaded CV/resume (PDF)
- Uploaded cover letter (optional)
- Job posting URLs or manually entered job descriptions
- Parsed text from uploaded files
- User interview answers (text or voice-transcribed)
- AI-generated questions, feedback, reports, and scores
2.3 Payment Information (via Stripe)
- Stripe customer ID
- Subscription ID
- Billing details and payment history (stored by Stripe)
2.4 Technical & Usage Data
- IP address
- Browser type and version
- Device and operating system
- Cookies and session identifiers
- Usage analytics (session counts, feature usage, last login)
3. How We Use Your Information
We use collected data to:
- Provide and operate the Service
- Generate interview questions, feedback, and performance analytics
- Process payments and manage subscriptions
- Improve and optimize platform performance
- Communicate service updates and support information
- Ensure security, fraud prevention, and legal compliance
3.1 Legal Bases (GDPR)
We process data under the following legal bases:
- Contractual necessity – to provide the Service
- Consent – for optional data processing (e.g., analytics cookies)
- Legitimate interest – service improvement, security
- Legal obligation – regulatory compliance
4. How We Share Your Information
Your data is shared only with essential third-party service providers:
4.1 Authentication
Clerk – email, user ID, login timestamps
4.2 Database & Storage
Supabase – stores all user-generated and AI-generated content
4.3 AI Processing
OpenAI – CV text, job descriptions, answers, voice transcriptions
Anthropic Claude – company research and job insights
Note: Per OpenAI & Anthropic API policies, submitted data is not used for model training.
4.4 Payment Processing
Stripe – payment information and subscription management
4.5 Job Posting Scraping
Cheerio & Mozilla Readability – access job posting URLs from our server
We do not sell personal data.
5. International Data Transfers
Your data may be transferred internationally, including to the United States, where our infrastructure and third-party providers operate.
We rely on:
- Standard Contractual Clauses (SCCs)
- Data processing agreements
- Industry-standard security protocols
6. Data Retention
- Account data: retained until you delete your account
- Interview session data: retained indefinitely unless deleted by user
- PDF files: retained until session or account deletion
- Analytics data: anonymized and retained for service improvement
- Deleted data: fully removed within 30 days of a deletion request
7. User Rights
Depending on your region (GDPR, CCPA), you may have the right to:
- Access your data
- Correct inaccurate data
- Delete your data (right to be forgotten)
- Export your data
- Opt-out of marketing or analytics
- Withdraw consent
To exercise rights: support@interboostai.com
We will respond within 30 days.
8. Cookies & Tracking Technologies
Essential Cookies (required):
- Authentication session cookies
- Security/CSRF tokens
Analytics Cookies (optional):
- Usage and performance tracking
Third-party cookies:
- Clerk authentication
- Stripe payments
You may withdraw cookie consent at any time.
9. Security Measures
We use modern security standards, including:
- TLS/HTTPS encryption
- Encrypted database and file storage
- Clerk secure authentication
- PCI-DSS compliance through Stripe
- Role-based access control
- Rate limiting for abuse prevention
Data Breach Notification
If a breach affects your data, we will notify you within 72 hours.
10. Children's Privacy
The Service is intended for users 18 years and older. We do not knowingly collect data from minors.
11. Changes to This Policy
We may update this Privacy Policy over time. Material changes will be sent via email.