Privacy Policy

Last Updated: March 8, 2026

This Privacy Policy explains how https://skillrally.app/ ("we", "us", or "our") collects, protects, and uses your information. We are committed to transparency and the protection of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Controller & Contact Information

The entity responsible for the processing of your personal data (the "Controller") in connection with the use of our Mock Interview platform is:

Contact Email: interview.rally@gmail.com

If you have any questions regarding this Privacy Policy, your data rights, or how we handle your information, please contact us exclusively via the email address provided above. We aim to respond to all data-related inquiries within 30 days.

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

Art. 6 (1)(b) GDPR (Contractual Necessity): To provide the services you have requested (e.g., creating an account and facilitating mock interviews).
Art. 6 (1)(a) GDPR (Consent): When you explicitly agree to the use of analytical cookies or the processing of transcripts by AI models.
Art. 6 (1)(f) GDPR (Legitimate Interests): To ensure the security of our platform, detect fraud, and monitor technical performance via error tracking.

3. Information We Collect & Purpose

To maintain a high level of privacy, we follow the principle of "Data Minimization":

Authentication Data: We collect your name and email address via third-party providers (Google/LinkedIn OAuth). This is used solely to identify you and save your progress.
Interview Transcripts: Our service does not record or store video or audio streams. We process audio in real-time to generate a text transcript. These transcripts are stored only if you choose to save them to receive AI-powered feedback.
Metadata & Technical Logs: We collect technical information such as your IP address (anonymized), browser type, and operating system to ensure our application run smoothly.

4. International Data Transfers

We use world-class infrastructure providers located globally. While our primary servers are located within the European Economic Area (EEA), some of our sub-processors (such as Google, Sentry, and OpenAI) may process data in the United States.

To ensure your data remains protected, we rely on:

Standard Contractual Clauses (SCCs): Legal contracts approved by the European Commission that guarantee European data protection standards.
Data Privacy Framework (DPF): Using providers that are certified under the EU-U.S. Data Privacy Framework.

5. Third-Party Processors

We carefully select our partners to ensure they comply with strict privacy standards:

Google Analytics: Used to understand website traffic. We have enabled IP anonymization.
PostHog: Product analytics that help us understand which features are most valuable to you.
Sentry: Essential for identifying bugs and performance bottlenecks in real-time.
AI Analysis (e.g., OpenAI): We use enterprise-grade API configurations. This means your transcripts are sent for analysis but are not used by the provider to train their global AI models.

6. Video & Audio Confidentiality

Zero-Storage Policy: We never save, "watch", or listen to your camera or microphone streams on our servers. The "interview" is a transient stream.
Privacy by Design: Our architecture ensures that once the speech-to-text conversion is complete, the raw audio is immediately discarded from the temporary memory.

7. Data Security

We implement robust technical and organizational measures:

Encryption: All data is encrypted in transit using TLS 1.2/1.3 and at rest using AES-256.
Access Control: Only authorized system processes have access to the database.
Regular Audits: We constantly review our code and infrastructure for potential vulnerabilities.

8. Data Retention & Deletion

Active Account: Data is kept as long as your account exists.
Manual Deletion: You can delete individual transcripts or your entire account at any time via the user settings.
Automatic Cleanup: Technical logs in Sentry and PostHog are automatically purged after 90 days. Upon account deletion, all personal identifiers are removed from our production databases within 30 days.

9. Your Rights under GDPR

You have the following rights regarding your personal data:

Right to Access: You can request a copy of all data we have about you.
Right to Erasure: You can demand the permanent deletion of your data.
Right to Portability: You can request your data in a structured, commonly used format.
Right to Withdraw Consent: You can opt-out of analytics at any time.

To exercise any of these rights, please email us at [Твій Email].

10. Cookies

We use essential cookies for session management and analytical cookies for service improvement. You can manage your cookie preferences through the interactive banner on our website.

__Secure-next-auth.session-token — skillrally.app · Essential · Maintains your authenticated session · Session
__Host-next-auth.csrf-token — skillrally.app · Essential · Prevents cross-site request forgery attacks · Session
_ga — Google Analytics · Analytics · Distinguishes unique users by assigning a randomly generated number · 2 years
_ga_* — Google Analytics · Analytics · Stores and counts page views · 2 years
_gid — Google Analytics · Analytics · Distinguishes users (short-lived) · 24 hours
ph_* — PostHog · Analytics · Identifies users and tracks product usage events · 1 year
posthog-opt-out — PostHog · Analytics · Stores your opt-out preference for PostHog analytics · 1 year
sentry-sc — Sentry · Essential · Maintains Sentry session context for error tracking · Session
__sentry_release — Sentry · Essential · Tracks the application release version for error attribution · Session

Cookie Categories:

Essential — Required for the platform to function. Cannot be disabled.
Analytics — Help us understand how the service is used. You may opt out at any time via our cookie banner.