Privacy Policy

VeilPrep ("we," "our," or "us") is committed to protecting the privacy of our users ("you" or "your"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the VeilPrep desktop application and related services (collectively, the "Service"). By using VeilPrep, you consent to the practices described in this policy.

VeilPrep is a desktop application that transcribes interviews in real time and generates AI-powered answers. We have designed our architecture to minimize data collection and prioritize your privacy. Please read this policy carefully to understand how we handle your information.

1. Information We Collect

a) Account Information

When you create a VeilPrep account, we collect the following information through Supabase Auth:

• Email address and full name, provided during registration or obtained via Google Sign-In (OAuth).
• OAuth profile data from Google, including your display name, email, and profile identifier, used solely for authentication purposes.
• Payment information is processed exclusively by Stripe, which is PCI DSS Level 1 compliant. We do not store your credit card number, CVV, or full payment details on our servers. We retain only a Stripe customer identifier and credit balance.

b) Usage Data

To manage your account and credit balance, we track the following usage data:

• Credit balance (available interview credits remaining)
• Credit transaction history (purchase dates, amounts, credit pack purchased)
• Interview session records (start time, duration, credit consumed)

These records are transactional data only. We do not log the content of your transcriptions or AI interactions alongside usage data.

c) Audio & Transcription Data

• Microphone audio: Your voice is captured locally on your device and streamed in real time to Deepgram's servers via a secure WebSocket connection for transcription. The raw audio is never saved to disk, uploaded to VeilPrep servers, or retained after the streaming session ends.
• System audio: Audio from your system output (used for speaker separation and interviewer transcription) is streamed to Deepgram in the same manner. It is processed in real time and NOT stored by VeilPrep.
• Transcripts: Transcribed text is displayed within the application interface during your session. When an interview round ends, the transcript and an AI-generated summary report are stored in your Supabase account so you can review them later. Transcripts are associated with your account and protected by Row-Level Security (only you can access them). You may delete transcripts at any time by deleting the associated round or application.

d) AI Interaction Data

• Interview questions: Detected interview questions are sent to Anthropic's Claude API to generate suggested answers. These prompts are transmitted over encrypted connections and discarded after the response is received.
• Resume text and job descriptions: If you provide a resume or job description for contextual AI assistance, this text is included in the API request to Anthropic. It is used solely to improve answer relevance and is not stored by VeilPrep after the session.
• Screen captures: When you use the coding analysis feature, screen captures are processed locally and sent to the AI provider for analysis. They are not retained by VeilPrep after the response is generated.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide core functionality: Deliver real-time transcription, speaker diarization, and AI-powered answer generation as part of the VeilPrep Service.
• Manage credits and billing: Process one-time credit purchases through Stripe, track your credit balance, and maintain transaction records.
• Enforce session limits: Deduct credits when interview sessions are started and enforce the 90-minute per-session limit.
• Improve the product: Analyze aggregated, anonymized usage analytics (such as total minutes transcribed across all users, or feature adoption rates) to guide product development. We never analyze individual user content, transcripts, or AI interactions for product improvement.
• Communicate with you: Send account-related notifications including purchase confirmations, payment receipts, credit balance alerts, and material changes to our policies.
• Ensure security: Detect and prevent fraudulent activity, abuse, or unauthorized access to the Service.

3. Third-Party Services

VeilPrep relies on the following third-party services to deliver its functionality. Each service receives only the minimum data necessary for its specific purpose:

We encourage you to review the privacy policies of these third-party services to understand how they process your data. We select partners that maintain strong data protection practices and do not use your data for purposes beyond the services they provide to us.

4. Data Retention

We retain different categories of data for different periods, always guided by the principle of data minimization:

• Audio data: NOT stored. Audio is streamed in real time and discarded immediately after processing. No recordings are created or retained.
• Transcripts: Stored in your Supabase account after each interview round, associated with your user ID. Transcripts are retained for as long as you keep the associated round or application. Deleting a round or application permanently removes its transcript and report.
• Account data: Retained for as long as your account remains active. Upon account deletion, your personal information (email, name, authentication records) will be permanently deleted within 30 days.
• Credit and transaction records: Credit purchase and usage records are retained for up to 2 years for billing reconciliation, dispute resolution, and compliance with financial record-keeping requirements.
• AI interaction data: NOT stored. Prompts and responses are ephemeral and exist only during the active request-response cycle.

5. Data Security

We implement robust security measures to protect your data in transit and at rest:

• Encryption in transit: All API communication between VeilPrep and our third-party services uses TLS 1.2 or higher encryption. Audio streams are transmitted over secure WebSocket connections (WSS).
• Minimal attack surface: By design, VeilPrep does not store audio, transcripts, or AI interaction data on its servers. This architecture dramatically reduces the potential impact of any security incident.
• Database security: Our Supabase database employs Row-Level Security (RLS) policies, ensuring that users can only access their own account data. Database access requires authenticated API keys.
• Application security: We release regular security updates for the VeilPrep application and promptly address reported vulnerabilities. Our Electron application follows security best practices including context isolation and restricted permissions.
• Access controls: Internal access to production systems is restricted to authorized personnel, protected by multi-factor authentication and audit logging.

While no method of electronic transmission or storage is completely secure, we strive to use commercially reasonable measures to protect your personal information. If you discover a security vulnerability, please report it responsibly to security@veilprep.com.

6. Your Rights

a) GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access: Request a copy of the personal data we hold about you.
• Right to erasure: Request deletion of your personal data ("right to be forgotten"). We will comply within 30 days, subject to legal retention obligations.
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to rectification: Request correction of inaccurate or incomplete personal data.
• Right to restrict processing: Request that we limit how we use your data in certain circumstances.
• Right to object: Object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Our legal bases for processing your data include: performance of a contract (providing the Service), legitimate interests (product improvement through aggregated analytics), and consent (where applicable). For GDPR inquiries, you may contact our Data Protection Officer at privacy@veilprep.com.

b) CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to deletion: Request that we delete your personal information, subject to certain exceptions.
• Right to opt-out: Opt out of the sale of your personal information. We do NOT sell your personal data to any third party, and we have never done so.
• Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing or quality of service.

Exercising Your Rights

To exercise any of the rights described above, please email us at privacy@veilprep.com with the subject line "Data Rights Request." We will verify your identity and respond to your request within 30 days. If we need additional time (up to 60 days total), we will notify you of the extension and the reason.

7. Cookies & Tracking

VeilPrep is a desktop application and does not use browser cookies in its primary functionality. Specifically:

• Desktop application: VeilPrep does not place cookies on your system. Authentication tokens are stored securely in the application's local storage.
• Landing page (veilprep.com): Our website uses minimal, privacy-respecting analytics to understand page traffic and visitor patterns. We do not employ third-party tracking scripts, advertising pixels, or cross-site tracking technologies.
• No behavioral tracking: We do not build behavioral profiles of our users, track browsing activity across websites, or use fingerprinting techniques.

8. Children's Privacy

VeilPrep is designed for professional use by adults preparing for job interviews. The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA).

If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe a child under 13 has provided us with personal data, please contact us at privacy@veilprep.com so we can promptly address the situation.

9. International Data Transfers

VeilPrep's third-party service providers (Deepgram, Anthropic, Supabase, and Stripe) operate infrastructure primarily located in the United States. As a result, your data may be transferred to and processed in the United States, regardless of your location.

For users in the European Union or European Economic Area, these transfers are conducted under appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): We ensure that our service providers maintain EU-approved Standard Contractual Clauses for international data transfers.
• Adequacy decisions: Where applicable, we rely on adequacy decisions issued by the European Commission.
• Supplementary measures: We implement additional technical and organizational safeguards (such as encryption) to ensure your data receives an adequate level of protection.

By using VeilPrep, you acknowledge that your data may be processed in jurisdictions with different data protection laws than your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes:

• Material changes: We will notify you via the email address associated with your account at least 14 days before the changes take effect. Material changes include new categories of data collection, new third-party data sharing, or changes to your rights.
• "Last Updated" date: The date at the top of this policy will be revised to reflect the most recent modification.
• Continued use: Your continued use of VeilPrep after being notified of changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with any changes, you may discontinue use of the Service and request account deletion.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

• Privacy inquiries & data rights: privacy@veilprep.com
• General support: support@veilprep.com
• Security vulnerabilities: security@veilprep.com

We aim to respond to all inquiries within 5 business days. For formal data rights requests under GDPR or CCPA, we will respond within 30 calendar days as required by law.