Privacy Policy

• We collect what we need to run the Service: account identity, billing details (via Stripe), and the content you give us (resumes, knowledge files, profiles, transcripts of meetings you record).
• Audio is processed in real time for transcription and answer generation; we do not store recordings as audio files.
• We use AI providers (Google Gemini and similar) to produce answers. Your prompts pass through them as transient processors, not as training data.
• We do not sell personal information.

Account & billing

Email address; optional name and phone (collected at sign-up if you provide them); subscription status from Stripe (we never see your full card number — Stripe is the processor). For users with active subscriptions, your billing address is collected by Stripe to compute tax.

Content you upload

Resumes, knowledge files, persona configurations, voice fingerprints (when you train Voice ID). Stored encrypted at rest in our database, scoped to your user via row-level security.

Audio & meeting data

When you press Listen, the desktop app captures system audio loopback. Audio is streamed to our AI provider for transcription and answer generation, then discarded. We do not save audio files. Transcripts are saved only if you have session recording enabled in Settings; you can export and delete them at any time.

Usage telemetry

Token counts per call, daily totals, error events with short fingerprints. Used for billing accuracy, abuse prevention, and to debug failures. We do not log the content of individual prompts or answers in our telemetry pipeline.

Device & analytics

IP address (for rate limiting + abuse prevention), browser / OS strings, and product analytics events (e.g. “signup_completed”). We use PostHog for product analytics in cookieless mode — the distinct identifier sits in your browser's localStorage only; no analytics cookies are set. You can opt out from Settings, and clearing localStorage resets the identifier entirely.

• To provide and improve the Service.
• To process payments and prevent fraud (via Stripe).
• To enforce our Terms and Acceptable Use Policy.
• To send transactional emails (sign-in codes, billing receipts, security notices). We do not send marketing emails without explicit opt-in.

The Service routes prompts and answers through third-party AI providers — currently Google Gemini. These providers are bound by data-processing agreements that prohibit training their public models on your content. If we add or change providers, we will update this list.

• Audio: not stored. Transient through the AI provider only.
• Transcripts & reports: stored on your account until you delete them or close your account.
• Account data: kept while your account is active. After account closure, deleted within 90 days unless we are required by law to retain it (e.g. tax records).
• Error events: kept 30 days, then deleted by automated job.

Depending on where you live, you may have rights to access, correct, export, or delete your data. Some actions you can do yourself in Account & Billing (export resumes, delete profiles, close account). For everything else, email privacy@t20media.com with your request and we will respond within 30 days.

If you are in the EU/UK, you may also lodge a complaint with your supervisory authority. If you are in California, the CCPA “Do Not Sell or Share My Personal Information” right is honoured by default — we don't sell or share for cross-context behavioural advertising.

Data is encrypted in transit (TLS) and at rest. Database access is limited via Supabase row-level security so one user cannot read another's rows. Production secrets are stored in environment variables, not in source code. We perform code review on every change.

Our infrastructure runs primarily in the United States (Vercel + Supabase). If you are in the EU/UK, your data is transferred under Standard Contractual Clauses (SCCs) with our processors.

The Service is not intended for users under 16. We do not knowingly collect data from children under 16.

We may update this policy. Material changes will be communicated to active subscribers by email. Continued use after a change constitutes acceptance.