Privacy Policy
Last updated: April 2026
1. Introduction
ReadyCue ([registered legal entity name — TBD], company registration number [Company registration number — TBD], registered office: [Registered office address — TBD], [Jurisdiction — TBD]) is the data controller for personal data processed through readycue.ai. For privacy questions, contact [email protected].
This policy explains what data we collect, how we use it, and your rights. The service is offered at readycue.ai.
2. Data We Collect
- Account data: email address, display name.
- Career data: work experiences (role, company, timeframe, STAR stories), skills, interview themes.
- Session data: practice session responses and scores, live interview transcripts, AI-generated coaching feedback.
- Interview prep data: role titles, company names, job descriptions, predicted questions.
- Uploaded files: CVs, resumes, performance reviews — stored securely, never shared.
- Usage data: page views, feature usage (via PostHog, if consented).
- Error data: crash reports, session replays on errors (via Sentry, if consented).
- Billing data: when you purchase a paid plan, Stripe processes payment details and provides us with subscription status, customer identifiers, and limited billing metadata (we do not store full card numbers on our servers).
3. Lawful basis for processing (GDPR)
We process personal data under the UK GDPR / EU GDPR where applicable, on the following bases:
- Contract: operating your account, delivering coaching features, processing payments, and communicating about the service you asked us to provide.
- Legitimate interests: securing the product, detecting abuse and fraud, improving reliability, and aggregated analytics that do not require identifying you beyond what is necessary (balanced against your rights).
- Consent: where we ask for it — for example PostHog product analytics, Sentry error monitoring with session replay, and any optional marketing (if offered). You can withdraw consent via cookie preferences or by contacting us.
4. How We Use Your Data
- AI processing: sent to OpenAI and Anthropic for STAR extraction, scoring, and coaching. Data is processed but not retained by providers for training per their enterprise terms.
- Real-time transcription: audio sent to Deepgram for speech-to-text during live sessions.
- Payments: Stripe processes card payments, manages subscriptions and the customer billing portal, and shares transaction and subscription status with us.
- Email: via Resend for waitlist confirmation and support communications.
- Analytics: PostHog for product improvement (only with consent).
- Error monitoring: Sentry for bug detection (only with consent).
5. Sub-Processors and Data Transfers
| Provider | Location | Purpose |
|---|---|---|
| Supabase | US | Database, auth, file storage |
| OpenAI | US | AI processing (extraction, scoring, matching) |
| Anthropic | US | AI processing (refinement, answer generation) |
| Deepgram | US | Real-time speech-to-text |
| Stripe | US (and other regions per Stripe) | Payments, subscriptions, billing portal |
| Resend | US | Transactional email |
| Sentry | US | Error monitoring |
| PostHog | EU | Product analytics |
| Railway | US | Application hosting |
6. Data Retention
- Active accounts: data retained while your account is active.
- Deleted accounts: all data permanently deleted within 30 days of account deletion.
- Waitlist: email retained until signup or manual removal request.
- Payment records: Stripe and our billing records may be retained for up to seven years where required by applicable accounting, tax, or financial-services laws. Retention depends on jurisdiction and obligation; we retain only what is necessary.
We intend to register with the UK Information Commissioner's Office (ICO) as a data controller before processing personal data commercially at scale. ICO registration reference: [ICO registration number — TBD].
7. Your Rights (GDPR)
Refund and statutory cancellation rights for paid plans are described in our Refund Policy and Terms of Service.
- Right of access: download all your data from Account settings.
- Right to erasure: delete your account and all data from Account settings.
- Right to rectification: edit your data directly in the app.
- Right to data portability: export your data as JSON.
- Right to withdraw consent: manage cookie preferences at any time.
- Right to object: contact us to object to processing.
To exercise any of these rights, contact [email protected].
8. Cookies and Local Storage
- Essential: Supabase auth session cookie.
- Preferences: theme (light/dark), audio device selection.
- Analytics: PostHog (with consent).
- Error monitoring: Sentry session replay (with consent).
- Consent: your cookie preference choices.
- Checkout and billing: when you use Stripe Checkout or the Stripe customer billing portal, Stripe may set cookies or similar technologies needed to process payments, prevent fraud, and complete your session. Those technologies are controlled by Stripe subject to their policies and what is strictly necessary to perform the transaction you initiate.
9. Security
We protect your data with encryption in transit (HTTPS), encryption at rest (Supabase), rate limiting on API endpoints, row-level security policies on all database tables, and server-side file validation for uploads.
10. Children
ReadyCue is not intended for users under the age of 16. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be notified via email to all registered users.
12. Contact
If you have any questions about this Privacy Policy, contact us at [email protected].