Privacy Policy
Last updated: July 5, 2026
This Privacy Policy explains what personal data InterviewSOL (the “Service”) processes, why, who receives it, and what rights you have. It should be read together with our Terms of Service, available at /terms.
1. Controller and contact
The controller of your personal data is Pawlosz Industries - Paweł Karwat, registered address Zacisze 26 47-200 Kędzierzyn-Koźle, registration number (NIP) 7492114628 (the “Operator”, “we”).
For all privacy matters, contact us at pawelkarwat9@gmail.com.
2. Data we process
Depending on how you use the Service, we process:
- Account data — your Google account email address and profile identifier, provided through Google sign-in.
- Purchase and credit data — your credit balance and records of credit purchases. Payment card data is handled entirely by Stripe; we never receive or store your card details.
- Captured audio — audio from the browser tab or system audio you choose to share, or from your microphone when you use microphone capture (microphone capture may pick up your own voice and the voices of anyone nearby). Audio is processed in real time for transcription only; we do not store the audio itself.
- Session content — transcripts of captured speech (which may include interviewer questions and other participants' words), the questions sent to the AI and the AI-generated answers, and session titles and timestamps.
- Custom instructions — the personal context you optionally provide (e.g. your CV summary or preferences). These are stored only in your browser's localStorage and are transmitted to our servers per-request when generating an answer.
- Technical data — data strictly necessary to operate the Service, such as authentication cookies.
4. Audio of other people — your responsibility
Captured audio and the resulting transcripts may contain the voices, words, and other personal data of people other than you (for example interviewers or meeting participants).
You decide whether and what to capture. As set out in Section 4 of the Terms of Service, you are responsible for having a lawful basis — including any legally required consent or notice — to capture and process other participants' speech before using the capture features.
5. Purposes and legal bases (GDPR Art. 6)
We process personal data on the following legal bases:
- Performance of a contract (Art. 6(1)(b) GDPR) — operating your account, real-time transcription, generating AI answers, storing your sessions, and managing your credits and purchases.
- Legitimate interests (Art. 6(1)(f) GDPR) — securing the Service, preventing abuse and fraud, and revoking credits linked to refunded, disputed, or charged-back payments.
- Legal obligation (Art. 6(1)(c) GDPR) — keeping accounting and tax records of purchases.
- Consent (Art. 6(1)(a) GDPR) — where we ask for it for a specific purpose; you may withdraw consent at any time without affecting prior processing.
6. Recipients and processors
We use the following service providers to operate the Service:
- Supabase — application hosting, authentication, and database (stores account data and session content).
- Deepgram — speech-to-text; receives the audio streams you capture, in real time, for transcription.
- OpenAI — answer generation; receives detected questions, recent transcript excerpts, prior questions and answers from the session, and your custom instructions.
- Stripe — payment processing for credit purchases.
- Google — sign-in (authentication).
7. How AI providers use your data
We use Deepgram and OpenAI via their business APIs. According to these providers' API terms and commitments, data submitted through their APIs is not used to train their models. This reflects the providers' own commitments as published in their terms; we pass your data to them solely to provide transcription and answer generation.
8. International transfers
Our providers (including OpenAI, Deepgram, Stripe, Google, and Supabase's infrastructure providers) are based in or use infrastructure in the United States, which means your data may be transferred outside the European Economic Area.
Such transfers are safeguarded by the EU Standard Contractual Clauses and/or the vendors' participation in the EU–US Data Privacy Framework, as applicable to each provider.
9. Retention
- Account data — for as long as your account exists.
- Sessions and transcripts — until you delete them in the app or your account is deleted.
- Captured audio — not stored by us; processed in real time for transcription only.
- Purchase records — for as long as required by applicable tax and accounting law.
- Credits — until used; credits do not expire.
10. Your rights
Under the GDPR you have the right to access your data, rectify it, erase it, restrict its processing, receive it in a portable format, and object to processing based on legitimate interests. You also have the right to lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).
You can delete individual sessions directly in the app (History). To delete your account and the data associated with it, or to exercise any other right, contact us at pawelkarwat9@gmail.com.
11. Security
We protect your data with measures including encryption in transit (TLS), database row-level security and access controls, and short-lived, scoped tokens for the transcription connection.
No method of transmission or storage is 100% secure; we cannot guarantee absolute security, but we work to protect your data using measures appropriate to the risk.
12. Children
The Service is not directed at children. You must be at least 18 years old to use it, consistent with the Terms of Service. We do not knowingly process children's data; if you believe a child has provided us data, contact us and we will delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last updated” date above. We encourage you to review this page periodically.