Privacy Policy

This Privacy Policy explains how PrepInterview AI ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our service at prepinterview.io. We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

We collect the following types of information:

• Account information — name, email address, and/or phone number when you create an account via Google, email, or phone OTP.
• Usage data — your current plan, number of generations used, PAYG credits, and generation history (stored to enforce plan limits).
• Input data — job title, company name, experience level, and focus areas you enter when generating interview questions.
• Payment data — payment status and plan tier. We do not store card numbers, bank details, or UPI IDs — these are handled exclusively by Razorpay.
• Technical data — IP address (for rate limiting and anonymous usage tracking), browser type, and pages visited (via Google Analytics if enabled).
• Contact form data — name, email, subject, and message when you contact us.

2. How We Use Your Information

• To provide, maintain, and improve the PrepInterview AI service.
• To enforce plan limits and track generation credits.
• To process payments and manage subscriptions via Razorpay.
• To send OTP codes for phone-based authentication via Twilio.
• To respond to your support and contact form enquiries.
• To send transactional emails (account confirmation, subscription updates).
• To detect and prevent fraud, abuse, and unauthorised access.
• To analyse aggregate usage patterns and improve the product.

3. Data Storage

Your account and usage data are stored in a SQLite database on our server (Hostinger). Anonymous (non-logged-in) usage data is stored in a JSON file keyed by IP address and is not linked to any personal identity.

OTP codes are stored temporarily (maximum 10 minutes) and deleted immediately after successful verification.

4. Third-Party Services

We use the following third-party services that may process your data:

• Razorpay — payment processing. See Razorpay's Privacy Policy.
• Anthropic (Claude AI) — AI question generation. Your job title and preferences are sent to Anthropic's API. See Anthropic's Privacy Policy.
• Google (OAuth) — if you sign in with Google, your name, email, and profile picture are shared with us. See Google's Privacy Policy.
• YouTube Data API — used to fetch video suggestions. No personal data is sent to YouTube beyond the interview topic query.
• Twilio — SMS OTP delivery. Your phone number is shared with Twilio to send verification codes. See Twilio's Privacy Policy.
• Google Analytics — if enabled, collects anonymised usage statistics. See Google Analytics Privacy.

5. Cookies

We use cookies solely for authentication (session management via NextAuth.js). We do not use advertising or tracking cookies. Google Analytics, if enabled, uses its own cookies — you can opt out via Google's opt-out tool.

6. Data Retention

• Account data — retained as long as your account is active.
• Usage data — retained indefinitely to enforce plan limits.
• OTP codes — deleted within 10 minutes.
• Contact form messages — retained for 12 months then deleted.
• Anonymous IP data — retained for 90 days then purged.

7. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your account and associated data.
• Portability — request your data in a machine-readable format.
• Objection — object to processing of your data for marketing purposes.

To exercise any of these rights, contact us and we will respond within 30 days.

8. Security

We implement appropriate technical and organisational measures to protect your data, including HTTPS encryption in transit, hashed passwords (bcrypt), and access controls on our servers. No system is 100% secure — if you suspect a breach, please contact us immediately.

9. Children's Privacy

Our service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the platform. Continued use after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, please contact us.