Privacy Policy

Last Updated: November 16, 2024

1. Introduction

PM Interview Tutor ("we", "us", "our") is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Estonian data protection legislation.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our interview preparation platform.

2. Data Controller

Data Controller: PM Interview Tutor

Location: Estonia

Contact: mshcheglov1@gmail.com

3. Information We Collect

3.1 Information You Provide

  • Account Information: Email address, name, password
  • Payment Information: Billing details processed through Stripe (we do not store payment card details)
  • Interview Content: Audio recordings, transcripts, and responses during interview sessions
  • Communications: Messages you send to us via email or contact forms

3.2 Automatically Collected Information

  • Usage Data: Interview history, performance metrics, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: Authentication cookies, session management (see Section 9)
  • Log Data: Access times, pages viewed, errors encountered

3.3 Third-Party Data

We may receive information about you from third-party services you connect to our platform, including authentication providers and payment processors.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you've subscribed to (Art. 6(1)(b) GDPR)
  • Consent: Where you have given explicit consent for specific processing activities (Art. 6(1)(a) GDPR)
  • Legitimate Interests: For service improvement, fraud prevention, and security (Art. 6(1)(f) GDPR)
  • Legal Obligation: To comply with legal requirements such as tax and accounting obligations (Art. 6(1)(c) GDPR)

5. How We Use Your Information

  • Provide, maintain, and improve our interview practice platform
  • Process payments and manage your subscription
  • Generate AI-powered feedback and performance analysis
  • Send service-related communications and updates
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Respond to your inquiries and provide customer support

6. Data Sharing and Third-Party Services

We share your information with the following third-party service providers:

Supabase (Database & Authentication)

Purpose: User authentication, data storage

Location: USA (EU-US Data Privacy Framework certified)

OpenAI (AI Processing)

Purpose: Interview simulation, feedback generation

Location: USA (processes interview audio and transcripts)

Stripe (Payment Processing)

Purpose: Payment processing, subscription management

Location: USA (GDPR-compliant)

Third-Party Responsibility: These third-party providers have their own privacy policies and data processing practices. While we select reputable providers, we are not responsible for their data handling practices or security measures.

International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA, including the United States. We ensure such transfers comply with GDPR through Standard Contractual Clauses and adequacy decisions where applicable.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Until you delete your account, plus 30 days
  • Interview Data: Until you delete your account or request deletion
  • Payment Records: 7 years (Estonian accounting requirements)
  • Communications: 2 years from last contact
  • Log Data: 90 days

8. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

Right to Access (Art. 15)

Request a copy of your personal data we hold

Right to Rectification (Art. 16)

Correct inaccurate or incomplete personal data

Right to Erasure (Art. 17) - "Right to be Forgotten"

Request deletion of your personal data (subject to legal retention requirements)

Right to Restriction (Art. 18)

Limit how we use your personal data

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format

Right to Object (Art. 21)

Object to processing based on legitimate interests

Right to Withdraw Consent (Art. 7(3))

Withdraw consent at any time (does not affect prior processing)

Exercising Your Rights

To exercise any of these rights, contact us at mshcheglov1@gmail.com. We will respond within 30 days as required by GDPR.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, session management (required for service)
  • Analytics: Understanding usage patterns (with your consent)
  • Preferences: Remembering your settings

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure third-party service providers

Security Limitations

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your data.

You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any unauthorized access.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Estonian Data Protection Inspectorate within 72 hours (as required by Art. 33 GDPR)
  • Notify affected users without undue delay if the breach poses a high risk (Art. 34 GDPR)
  • Provide information about the nature of the breach and remedial actions taken

12. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children under 16.

If you become aware that a child under 16 has provided us with personal data, please contact us immediately, and we will take steps to delete such information.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

Estonian Data Protection Inspectorate

Website: www.aki.ee/en

Email: info@aki.ee

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending email notification for significant changes (where we have your consent)

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: PM Interview Tutor

Email: mshcheglov1@gmail.com