Privacy Policy
Last updated: July 17, 2026 | Compliant with India DPDPA 2023
1. Information We Collect
| Data Type | What | Why |
| Account Info | Name, email (from Google/GitHub OAuth) | Authentication, communication |
| Usage Data | Sessions, questions practiced, answers saved | Provide the service, progress tracking |
| Device Info | Browser fingerprint, device type, IP address | Security, abuse prevention, single-device enforcement |
| Payment Info | Transaction IDs (card details handled by Stripe — we never see them) | Billing, refunds |
| Interview Audio | NOT stored. Processed in real-time, discarded immediately. | Generate AI answers during session |
2. How We Use Your Data
- Provide and improve the Service (questions, copilot, study plans).
- Track your progress and generate readiness scores.
- Enforce fair use policies and prevent account sharing.
- Send service-related communications (daily questions, session summaries).
- Aggregate anonymised analytics (no individual tracking shared externally).
3. What We Do NOT Do
- We do NOT sell your data to third parties.
- We do NOT store audio recordings of your interviews.
- We do NOT share individual usage data with employers.
- We do NOT use your data to train AI models (your answers stay yours).
- We do NOT track you across other websites.
4. Data Sharing
| Third Party | What's Shared | Why |
| Supabase (database) | All account data | Infrastructure provider |
| OpenAI / Anthropic | Interview transcript (ephemeral) | Generate AI answers. Not stored by them for training. |
| Deepgram | Audio stream (real-time only) | Speech-to-text. Not stored. |
| Stripe | Email + payment info | Process payments |
| Cloudflare | Request metadata | CDN, security, hosting |
5. Institution (College) Users
If you joined via an institution link:
- Your coordinator can see: name, email, questions practiced, confidence score, certifications earned.
- Your coordinator CANNOT see: your saved answers, session transcripts, or billing information.
- You can leave an institution at any time by contacting support.
6. Data Retention
- Active accounts: data retained while account is active.
- Deleted accounts: data permanently deleted within 30 days of deletion request.
- Inactive accounts (no login for 12 months): data anonymised after notification.
- Legal obligations may require longer retention of transaction records.
7. Your Rights (DPDPA India)
- Access: Request a copy of all your data.
- Correction: Update inaccurate information via Settings.
- Deletion: Request complete deletion of your account and data.
- Portability: Export your saved answers, resumes, and progress data.
- Withdraw Consent: Opt out of non-essential data processing.
To exercise these rights: email [email protected]. We respond within 72 hours.
8. Security Measures
- All data encrypted in transit (TLS 1.3) and at rest.
- OAuth-only authentication (no passwords stored).
- Row-level security on all database tables.
- Device fingerprinting for abuse detection.
- Content Security Policy headers on all pages.
- Regular security audits.
9. Cookies
We use minimal cookies:
- Authentication cookie (essential): Supabase auth session. Required for login.
- No tracking cookies. No Google Analytics. No Facebook Pixel.
10. Children
MuteCoach is not intended for users under 18. We do not knowingly collect data from minors.
11. Changes
We may update this policy. Material changes will be communicated via email 7 days before taking effect.
12. Contact
Data Protection queries: [email protected]
General: [email protected]
← Back to MuteCoach