Privacy Policy

1. Who We Are

CodeSwiftr operates the Interview Simulator, an AI-powered mock interview platform for software engineers. Our privacy contact is privacy@codeswiftr.com.

This Privacy Policy explains what personal data we collect when you use CodeSwiftr, how we use it, and your rights regarding that data.

2. Scope

This policy applies to:

• Website visitors — anyone who visits codeswiftr.com or reads our blog.
• Registered users — anyone who creates an account on app.codeswiftr.com to practice interviews.
• Lead magnet subscribers — anyone who downloads a free resource and provides their email.

3. Data We Collect

3.1 Account Data

• Email address — collected at registration. Used for authentication, billing, and product updates.
• Name — optional, used for personalisation.
• Payment information — processed by Stripe. We receive only tokenised payment references; full card numbers are never stored on our servers.

3.2 Interview Session Data

• Interview transcripts — text records of your practice interview conversations with AI interviewers. Used to provide feedback and track improvement.
• Code submissions — code you write during coding interview practice. Evaluated by AI for correctness and quality.
• Session metadata — interview type, duration, difficulty level, and performance scores.

Interview transcripts and code submissions are tied to your account and are not shared with other users or third parties. You can delete your session history at any time from your account settings.

3.3 Lead Magnet Data

• Email address and name — collected when you download a free resource (guide, checklist).
• Download preference — which resource you requested. Used to send relevant follow-up content.

3.4 Usage and Technical Data

• Log data — IP address, browser type, pages visited, and timestamps. Retained for 90 days.
• Analytics — page views and feature usage via PostHog. Used to improve the product.

4. How We Use Your Data

• Providing the service — running interview simulations, generating AI feedback, tracking your progress.
• AI processing — your interview responses are sent to large language model (LLM) providers to generate interviewer questions and feedback. We use providers with data processing agreements that prohibit training on your data.
• Billing — subscription management and payment processing via Stripe.
• Communications — transactional emails (receipts, password resets) and, with your consent, product newsletters and resources.
• Product improvement — aggregate analytics to improve interview quality and user experience.

5. AI and Third-Party Processing

When you run a practice interview, your responses are processed by third-party AI providers (such as Anthropic, OpenAI, or similar) to generate interviewer dialogue and performance feedback. These providers:

• Process data under our data processing agreements.
• Do not use your interview data to train their models (per their API terms).
• Do not retain your data beyond the API request lifecycle.

AI-generated feedback is not professional career advice. It is a tool for practice and self-improvement.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland:

• Contractual necessity (Article 6(1)(b)) — account data and interview sessions to deliver the service.
• Legitimate interests (Article 6(1)(f)) — log data, analytics, and fraud prevention.
• Consent (Article 6(1)(a)) — marketing emails and lead magnet follow-ups. Withdraw at any time.
• Legal obligation (Article 6(1)(c)) — financial records retention.

7. California Privacy Rights (CCPA/CPRA)

California residents have the right to:

• Know — request disclosure of the personal information we collect.
• Delete — request deletion of your personal information.
• Correct — request correction of inaccurate data.
• Opt-Out of Sale/Sharing — we do not sell or share personal information for cross-context advertising.
• Non-Discrimination — exercising your rights will not affect your service.

Contact privacy@codeswiftr.com to exercise these rights. We respond within 45 days.

8. Data Sharing

We do not sell or rent your personal data. We share data only with:

• AI providers — to process interview sessions (see Section 5).
• Service providers — cloud hosting (Cloudflare), payment processing (Stripe), email delivery (Resend), and analytics (PostHog). All bound by data processing agreements.
• Legal requirements — if required by applicable law.
• Business transfers — in a merger or acquisition, with prior notice.

9. Data Retention

• Account data — retained while your account is active. Deleted within 30 days of closure.
• Interview sessions — retained while your account is active. Deletable at any time from settings.
• Lead magnet data — retained until you unsubscribe.
• Financial records — retained for 7 years per tax law.
• Log data — retained for 90 days.

10. Your Rights (GDPR)

EEA, UK, and Swiss users may:

• Access — receive a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion (actioned within 30 days).
• Restriction — limit processing in certain circumstances.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — at any time, without affecting prior processing.

Email privacy@codeswiftr.com to exercise these rights.

11. Security

We implement TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security reviews. Interview transcripts are encrypted at rest. API keys are hashed and never stored in plaintext.

12. International Data Transfers

Our infrastructure is hosted in the EU and United States. Transfers outside the EEA are protected by Standard Contractual Clauses (SCCs).

13. Cookies

We use strictly necessary cookies for session authentication. Analytics are handled by PostHog with privacy-friendly defaults (no cross-site tracking). You may manage cookies through your browser settings.

14. Changes to This Policy

We will notify registered users by email at least 14 days before material changes take effect.

15. Contact