Legal

Privacy Policy

Last updated: July 2026
This policy explains what data we collect when you use ClutchTimeAI, why we collect it, and what rights you have over it. We have written this to be readable, not to obscure anything.

1. Who this applies to

This policy applies to anyone who downloads the ClutchTimeAI desktop application, visits this website, or creates an account. If you are located in the European Economic Area (EEA), GDPR applies to how we handle your data and gives you additional rights described in Section 8.

2. What data we collect and why

Data Why we collect it
Email address, name, Google account ID Authentication via Google OAuth — to identify your account
Resume text To generate answers grounded in your real background — core product function
Resume embeddings (vector representations) To retrieve relevant parts of your background for each question
Persona summary A short AI-generated summary of your background, used to speed up responses
Session context (company, role, job description) To calibrate answers to the specific interview — not persisted after session ends
Questions you ask Sent to the LLM to generate your answer — not stored permanently
Audio (if you use voice input) Transcribed to text for question input — raw audio is never stored
Screenshots (if you use screen capture) Sent to vision model to extract the interview question — never stored

Audio and screenshots are processed in real time and immediately discarded. We never store recordings of your voice or images of your screen.

3. Legal basis for processing (GDPR)

For users in the EEA, our legal bases for processing your data are:

4. Data retention

5. What we do not do

6. Security

Your data is stored in Supabase with row-level security — your resume and account data are only accessible to you. API keys and secrets are never exposed to the client. All data in transit is encrypted via HTTPS/TLS.

No system is perfectly secure. If we become aware of a breach affecting your data we will notify you within 72 hours, as required by GDPR.

7. Your rights (EEA / GDPR)

If you are in the EEA you have the following rights over your data:

To exercise any of these rights, contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Children

ClutchTimeAI is not directed at anyone under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it immediately.

9. Changes to this policy

If we make material changes to this policy we will notify registered users by email at least 14 days before the change takes effect. The "last updated" date at the top of this page will always reflect the current version.

10. Contact

For any privacy questions, data requests, or concerns:

Email: clutchtimeai@gmail.com

For account deletion requests, include the email address associated with your ClutchTimeAI account. We will confirm deletion within 30 days.