Privacy Policy
1. Who We Are
PitchVoxx is an AI-powered interview coaching service. References to "we", "us", or "PitchVoxx" mean the operator of this service. For questions about this policy or to exercise your rights, contact us at privacy@pitchvoxx.com.
2. Data We Collect
2.1 Account data
| Data | Why we collect it | Retention |
|---|---|---|
| Email address | Account identification, login | Until account deletion |
| Password (hashed with bcrypt) | Authentication โ the plain-text password is never stored | Until account deletion |
| Subscription plan and session count | Enforce plan limits, display plan status | Until account deletion |
| Stripe customer ID and subscription ID | Link payments to your account | Until account deletion (Stripe retains its own records per financial regulations) |
| Account creation timestamp | Audit and support | Until account deletion |
2.2 Interview session data
Interview messages (your questions and the AI's responses) are processed in real time to generate replies and post-interview feedback. We do not store conversation transcripts in our database. Messages exist only in your browser's memory for the duration of your session and are discarded when you close or refresh the page.
Each message is sent to Anthropic (Claude API) to generate a response. See ยง5 for details.
2.3 Resume data (Pro/Team plans)
If you use the Resume Analysis feature, the text you paste is sent to Anthropic for analysis and immediately discarded โ it is not stored in our database.
2.4 Server logs
Our server records access logs containing IP address, timestamp, HTTP method, and response code. These logs are used for security monitoring and are rotated and deleted after 90 days. We do not log message content.
2.5 Cookies
We use a single essential session cookie (session) to keep you
logged in. This cookie is strictly necessary for the service to function and does not require
your consent under the ePrivacy Directive. It contains only an encrypted session identifier โ
no personal data. It expires when your browser session ends or after 30 days of inactivity.
We use no analytics, advertising, or tracking cookies.
3. Lawful Basis for Processing (GDPR Article 6)
| Processing activity | Lawful basis |
|---|---|
| Creating and maintaining your account | Contract performance (Art. 6(1)(b)) |
| Processing payments via Stripe | Contract performance (Art. 6(1)(b)) |
| Sending interview messages to Claude AI | Contract performance โ core service delivery (Art. 6(1)(b)) |
| Server access logs for security monitoring | Legitimate interests โ fraud prevention and service security (Art. 6(1)(f)) |
4. How We Share Your Data
We do not sell your data. We share data only with the subprocessors listed below, strictly as necessary to deliver the service.
| Subprocessor | Role | Data shared | Location |
|---|---|---|---|
| Anthropic | AI responses (Claude API) | Interview messages and resume text (text only). No email, no payment data. | United States |
| Stripe | Payment processing | Email address (pre-fills checkout). Payment card data is held by Stripe only โ never by PitchVoxx. | United States (global) |
| ElevenLabs | Text-to-speech (voice output) | AI-generated reply text only. No email, no user messages, no PII. | United States |
| Hosting provider | Server infrastructure | All server-side data (database, logs). Encrypted at rest. | European Union (where possible) |
International transfers
Anthropic, Stripe, and ElevenLabs are based in the United States. Transfers to these providers are made under Standard Contractual Clauses (SCCs) adopted by the European Commission, or under the EUโUS Data Privacy Framework where applicable. Copies of relevant transfer mechanisms are available on request.
5. Your Rights Under GDPR
As an EEA, UK, or Swiss resident you have the following rights:
- Right of access (Art. 15) โ request a copy of the data we hold about you
- Right to rectification (Art. 16) โ request correction of inaccurate data
- Right to erasure (Art. 17) โ delete your account and all associated data at any time using the "Delete my account" option in the Account menu, or by emailing privacy@pitchvoxx.com
- Right to restriction of processing (Art. 18) โ request we limit how we use your data
- Right to data portability (Art. 20) โ receive your data in a machine-readable format
- Right to object (Art. 21) โ object to processing based on legitimate interests
- Right to withdraw consent โ where processing is based on consent, you may withdraw at any time without affecting lawfulness of prior processing
To exercise any right, email privacy@pitchvoxx.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (e.g. CNIL in France, ICO in the UK, BfDI in Germany).
6. Data Retention
Account data is retained until you delete your account. Access logs are retained for 90 days. Interview transcripts are not stored. When you delete your account, all personal data is permanently removed from our systems within 30 days. Stripe retains payment records for the period required by applicable financial regulations (typically 7 years).
7. Security
We protect your data using industry-standard measures: bcrypt password hashing, encrypted HTTPS connections (TLS 1.2+), HTTP security headers (Content-Security-Policy, HSTS, X-Frame-Options), rate limiting to prevent brute-force attacks, and bot-filtering middleware. The server is hardened following SOC 2 security guidelines. We hold SOC 2 compliance documentation on request.
8. Children
PitchVoxx is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us at privacy@pitchvoxx.com and we will delete it promptly.
9. Changes to This Policy
We may update this policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where required by law, notify you by email. Continued use of PitchVoxx after changes take effect constitutes acceptance of the revised policy.
10. Contact
For any privacy-related questions or to exercise your rights:
Email: privacy@pitchvoxx.com
PitchVoxx ยท Effective 2026-03-24 ยท Back to app