Legal

Privacy Policy

Last updated: 6 June 2026

1. Introduction

PrepAlly("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect when you use PrepAlly, how we use it, and your rights in relation to it.

2. Data We Collect

2.1 Account Data

Your name, email address, and Google account identifier when you sign in via Google OAuth. We also store onboarding preferences such as your target roles and practice focus areas.

2.2 Resume Data

The content of resumes you upload (PDF, DOCX, or TXT), including parsed fields such as name, contact details, skills, experience, education, certifications, projects, and suggested job titles. The raw file and the parsed structured data are both stored.

2.3 Job Description Data

When you paste a job posting URL or enter job details manually, we store the parsed company name, job title, description text, key skills, responsibilities, qualifications, years of experience, and the source URL (if provided).

2.4 Interview Session Data

  • Audio transcripts- complete conversation history (your spoken answers and the AI interviewer's questions) transcribed in real time.
  • Posture & presence scores - during live sessions, webcam frames are analysed by AI vision for posture, eye contact, and facial confidence. Only the numeric scores and brief text observations are stored; raw video frames are never saved.
  • Session metadata - interviewer persona, job role, difficulty level, timestamps, and session status.

2.5 AI Feedback & Analysis

  • Feedback reports - overall score, dimension scores (communication, confidence, structure, technical depth, domain vocabulary, posture), strengths, improvement areas, tone analysis, filler word detection, and a mock hiring decision letter.
  • Resume analysis - structure, content, and formatting scores with AI-generated insights and ideal job application suggestions.
  • Dynamic personas - AI-generated interviewer personas tailored to a job description, cached for up to 30 days.
  • Performance cards - AI-generated summary images with your score, decision badge, and a motivational quote.

2.6 Billing Data

If you subscribe to a paid plan, we store your Dodo Payments customer identifier and subscription status. We do not store payment card numbers or bank details - all payment processing is handled entirely by Dodo Payments.

2.7 In-App Feedback

Optional post-interview ratings (1-5 stars) and free-text comments you choose to submit.

2.8 Diagnostic Logs

Session-level diagnostic logs (transcript, token usage, error events) are stored for debugging and service quality purposes.

3. How We Use Your Data

  • To provide, operate, and improve the PrepAlly service.
  • To generate personalised interview questions from your resume and job descriptions.
  • To produce AI feedback reports, resume analyses, and practice recommendations.
  • To generate dynamic interviewer personas tailored to job descriptions.
  • To analyse posture and presence during live interview sessions.
  • To manage your subscription and billing via Dodo Payments.
  • To send you service-related communications (e.g. session results).
  • To monitor service health and debug issues via diagnostic logs.
  • To comply with legal obligations.

4. Data Sharing & Third Parties

We do not sell your personal data. We share data only with the following service providers, solely for the purpose of delivering PrepAlly:

  • Google Cloud (Gemini API, Cloud Storage, Cloud Run) - for AI processing (resume parsing, feedback generation, posture analysis, persona generation, performance card creation) and file storage. Gemini API single-use requests are not logged by Google.
  • Dodo Payments - for subscription billing, payment processing, and customer management. Dodo Payments handles all payment card data directly.
  • Law enforcement or regulators where required by applicable law.

5. Data Storage & Retention

  • PostgreSQL - all structured data (accounts, resumes, sessions, transcripts, feedback, posture scores, dynamic personas, analyses). Retained while your account is active.
  • Google Cloud Storage - raw resume files, interviewer avatar images, performance card images, and session diagnostic logs.
  • Dynamic personas - cached for 30 days and then eligible for regeneration.
  • Company research cache - shared research summaries cached for 30 days.
  • Deleted resumes are soft-deleted (marked as removed) and the raw file remains in storage until a periodic cleanup process removes it.

6. Your Rights

Depending on your location you may have the right to access, correct, port, or delete your personal data, and to object to or restrict certain processing. When you delete your account, all associated PostgreSQL data (resumes, sessions, transcripts, feedback) is permanently removed. To exercise these rights or request removal of any remaining stored files, contact us at the address below.

7. Data Security

All data is transmitted over TLS (HTTPS / WSS). Authentication uses secure HTTP-only session cookies. Passwords are never stored in plaintext. Access to production infrastructure is restricted to authorised personnel.

8. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the service after changes constitutes acceptance of the revised policy.

10. Contact

For any privacy-related questions, email us at privacy@www.prepally.app.