PrepIO

Legal

Privacy policy

Draft. This page is a structural placeholder. The legal text needs to be written and reviewed against UK GDPR before the site goes live to paying customers.

Who we are

PrepIO is operated by [trading entity name], registered in England and Wales ([company number, if a Ltd]). Our registered address is [registered address]. You can reach us at our contact page.

What this policy covers

This policy explains what personal data we collect when you use PrepIO, why we collect it, how we use it, and what rights you have under UK GDPR and the Data Protection Act 2018.

The data we collect

  • Account data from your sign-in provider (email address, name where supplied).
  • Interview inputs you upload: CV text, job description, company name.
  • Live interview data: your voice and video while the call is in progress, the transcript, and the resulting report.
  • Billing data: the payment provider (Stripe) processes your card details. We never see card numbers; we store only your customer reference, plan, status, and renewal date.
  • Technical data: standard server logs (IP, user agent, request timestamps) for security and debugging.

How we use it

We use the data above to deliver the interview service you signed up for, to bill you, to keep the platform secure, and to comply with our legal obligations.

Retention

Recordings, transcripts, and reports are retained for 30 days from the end of the interview, then deleted. Account and billing data are retained while your account is active and for the period required by law afterwards.

Your rights

Under UK GDPR you have the right to access, correct, and delete your data, to object to processing, and to data portability. To exercise any of these, contact us via the contact page.

Sub-processors

We use the following third-party services to run PrepIO. Each is responsible for its own data handling under its own privacy notice.

  • Anthropic (LLM inference for question design and scoring)
  • Tavus (live AI avatar and transcript)
  • Clerk (authentication)
  • Stripe (payments)
  • Resend (transactional email)
  • Vercel (frontend hosting)
  • Brave Search (public web research)

International transfers

Some sub-processors are based outside the UK. Where data is transferred internationally, we rely on the UK International Data Transfer Agreement or an adequacy decision.

Complaints

If you have a concern about how we handle your data, please contact us first. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.