Privacy

Privacy & Data Retention

What we collect, how we protect it, how long we keep it, and how to get it deleted.

Last updated: June 21, 2026

The short version: InterviewIQ redacts personal information from your resume before any AI model sees it, deletes your original files immediately after reading them, and lets you wipe everything with one request. We're aligned with India's DPDP Act and GDPR best practices.

What we collect

  • Email — to verify you (OTP) and send your report.
  • Job description & resume — to tailor the interview. Treated as sensitive PII.
  • Your profile choices — confirmed seniority, focus skills, target companies.
  • Interview transcript & answers — to score and give feedback.
  • Integrity signals — tab-switch / paste events, used only for an integrity score.
  • Payment metadata — handled by Razorpay; we store transaction records, not card details.

PII redaction — our core guarantee

Before any text reaches an AI provider, we detect and replace direct identifiers (name, email, phone, address, profile URLs) with typed placeholders. The model receives only redacted text. Your raw, un-redacted text never leaves our infrastructure.

This minimizes what any third-party model can ever see and is the privacy guarantee we surface throughout the product.

How long we keep things

DataRetentionNotes
Original uploaded files (PDF/DOCX)Deleted immediatelyRemoved right after redaction + extraction succeed.
Redacted text + structured summaries30 daysThen purged. Used only for planning/evaluation.
Transcript + scorecard (guests)90 daysThen purged automatically.
Account holders' results + historyUntil you deletePowers progress trends (only if you opt in).
Financial records (invoice/GST)~8 yearsKept separately per Indian tax law.

A scheduled purge job enforces these windows. Deletes are hard deletes, not soft hides — except legally-required financial records.

Your rights & control

  • Delete everything — one request wipes inputs, redacted text, summaries, transcript and results immediately (only financial records remain).
  • Access — request a copy of the data we hold about you.
  • Grievance — raise a concern with us directly.
  • Consent — you explicitly consent before upload; you can withdraw it by deleting your data.

File any of these on the contact & data requests page.

Who we share with

  • AI model providers — receive only redacted text, never your originals. See our AI usage policy.
  • Razorpay — processes payments securely.
  • Email provider — delivers your OTP and report.
  • We do not sell your data or use it to train models.

Security

  • Sensitive fields encrypted at rest.
  • Secrets kept in environment config, never committed.
  • Rate limiting on auth and sensitive endpoints.
  • Least-privilege access and audit logging on admin actions.

Compliance posture

We follow India's Digital Personal Data Protection (DPDP) Act and GDPR best practices: purpose limitation, explicit consent, a clear processing notice, and data-subject deletion. This page is our processing notice.

Questions about this policy, or want your data deleted? Contact us / file a data request →