Draft — counsel review required

Privacy Policy

Last updated: May 2, 2026

ReadyRise is voice AI interview practice. This policy explains what data we collect when you use the product, how we use it, how long we keep it, who we share it with, and the controls you have.

Plain-language summary: we collect what we need to run a practice session and grade it against the company’s hiring rubric. We don’t train AI models on your data unless you explicitly opt in (off by default). You can export or delete your account at any time, and we’ll honor the request within 30 days.

1. Who we are

ReadyRise AI (“ReadyRise,” “we,” “us”) operates the ReadyRise website and product. Contact: privacy@readyrise.ai.

[TO BE COMPLETED BY COUNSEL] Legal entity, registered address, EU/UK representative (if applicable), Data Protection Officer contact (if applicable).

2. Who can use ReadyRise

ReadyRise is for users 18 and older. We confirm your age at signup and store the confirmation timestamp. We do not knowingly collect data from anyone under 18.

3. What we collect

The categories below reflect what the product actually collects today:

Account data

Email address, authentication provider (Google or email), subscription tier and status, timezone, signup source. Stored in our Supabase Postgres database.

Compliance flags

Timestamps recording your acknowledgment of: age (18+), the AI disclosure modal, recording consent, marketing-email consent, AI-training opt-in (default off), data-export request, account-deletion request.

Resume content (optional)

If you upload a resume, we store the parsed text in your account record. Used only to personalize the questions we generate for you.

Job posting content

The URL or pasted job-posting text you submit, plus the parsed company, role, seniority, and responsibilities extracted from it.

Session data

For each practice session: the audio recording (stored in AWS S3, encrypted at rest), the spoken transcript (stored in our database), the generated questions and persona, voice metrics (pace, filler-word count, long pauses), and the content analysis (per-principle scoring, hiring debrief).

Story bank

Title, body, principle tags, and starred state for any stories you create or that we auto-extract from session wins.

Payment data

If you upgrade to Pro, Stripe processes payment. We store only the customer ID, subscription ID, subscription status, and current period end. Card numbers and payment-method details live with Stripe.

Product analytics

PostHog records anonymous product events (page views, feature usage). Session recording is on for non-voice screens but off during voice sessions — we don’t record your screen while you’re practicing.

Logs

We keep server access logs and an audit log for security and debugging. These are not used to profile you.

4. How we use it

· Run your practice sessions (the live AI interviewer)
· Grade your performance against the target company’s published rubric
· Generate the feedback report and hiring committee debrief
· Extract reusable stories from your wins
· Personalize future questions based on your past sessions and resume
· Process payments (if you subscribe)
· Send transactional email (feedback-ready, export-ready, deletion-confirmation)
· Improve the product through aggregate analytics. We do not train AI models on your data unless you explicitly opt in.

5. Legal basis (EEA/UK users)

We process your data on the bases of: (a) performance of our contract with you (running the product); (b) your explicit consent (recording, AI training opt-in, marketing email); (c) our legitimate interests (security, product improvement in aggregate); and (d) legal obligations (tax, fraud prevention).

6. Who we share data with

We share data with the subprocessors listed at /legal/subprocessors. Each one is contractually limited to the data categories listed and to the purposes of operating the product. We do not sell your data.

Voice sessions involve a short, in-session call to DeepSeek for the AI interviewer’s turn. That call includes the rendered system prompt and the last few turns of the conversation — it does not include your resume or full transcript history. Transcripts and analysis run inside AWS Bedrock, which contractually does not train on or share customer data.

We may disclose data when legally required (subpoena, court order) or to protect rights, safety, or property.

7. How long we keep it

· Audio recordings: Free tier — 7 days. Pro tier — 30 days. You can opt to keep audio until you delete your account.
· Transcripts and metrics: kept for the life of your account so you can revisit past feedback.
· Account data: kept until you delete your account. After deletion, we fully remove your data within 30 days.
· Payment records: retained as required by tax and accounting law (typically 7 years).
· Audit logs: 90 days.

8. Your controls

· Export your data. Request a full JSON export from Account > Settings. We email the export within 30 days.
· Delete your account. Same place. Full hard delete within 30 days; payment records retained as required by law.
· AI training opt-in. Off by default. Toggle in Account > Settings. When off, your sessions are never used to train any model.
· Recording consent. Required to use voice sessions. You can decline; you just can’t practice without it.
· Marketing email. Off by default. You can opt in or out at any time.
· Access, rectify, restrict, object. EEA/UK and California residents have additional rights under the GDPR/UK GDPR and CCPA. Email privacy@readyrise.ai and we’ll respond within 30 days.

9. International data transfers

ReadyRise is operated from the United States. Our subprocessors are located in the regions listed at /legal/subprocessors. For EEA/UK users, we rely on Standard Contractual Clauses with each subprocessor where applicable.

10. Security

Data in transit is TLS-encrypted. Audio at rest is encrypted on AWS S3. Database access is role-scoped per user (row-level security). We log access for audit purposes. No system is perfect — if we discover a breach affecting your data, we’ll notify you and the appropriate regulators within the timelines required by law.

11. Children

ReadyRise is for users 18 and older. If we learn we’ve collected data from someone under 18, we’ll delete it. Email privacy@readyrise.ai if you believe this has happened.

12. Changes to this policy

When we make a material change, we’ll email registered users at least 30 days in advance. The “last updated” date at the top of this page always reflects the current version.

13. Contact

Questions about this policy or your data: privacy@readyrise.ai.

[TO BE COMPLETED BY COUNSEL] Postal address for legal notices; EU/UK representative contact (Art. 27 GDPR) if/when applicable.