This policy applies to anyone who downloads the ClutchTimeAI desktop application, visits this website, or creates an account. If you are located in the European Economic Area (EEA), GDPR applies to how we handle your data and gives you additional rights described in Section 8.
| Data | Why we collect it |
|---|---|
| Email address, name, Google account ID | Authentication via Google OAuth — to identify your account |
| Resume text | To generate answers grounded in your real background — core product function |
| Resume embeddings (vector representations) | To retrieve relevant parts of your background for each question |
| Persona summary | A short AI-generated summary of your background, used to speed up responses |
| Session context (company, role, job description) | To calibrate answers to the specific interview — not persisted after session ends |
| Questions you ask | Sent to the LLM to generate your answer — not stored permanently |
| Audio (if you use voice input) | Transcribed to text for question input — raw audio is never stored |
| Screenshots (if you use screen capture) | Sent to vision model to extract the interview question — never stored |
Audio and screenshots are processed in real time and immediately discarded. We never store recordings of your voice or images of your screen.
For users in the EEA, our legal bases for processing your data are:
Your data is stored in Supabase with row-level security — your resume and account data are only accessible to you. API keys and secrets are never exposed to the client. All data in transit is encrypted via HTTPS/TLS.
No system is perfectly secure. If we become aware of a breach affecting your data we will notify you within 72 hours, as required by GDPR.
If you are in the EEA you have the following rights over your data:
To exercise any of these rights, contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
ClutchTimeAI is not directed at anyone under 16. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it immediately.
If we make material changes to this policy we will notify registered users by email at least 14 days before the change takes effect. The "last updated" date at the top of this page will always reflect the current version.
For any privacy questions, data requests, or concerns:
Email: clutchtimeai@gmail.com
For account deletion requests, include the email address associated with your ClutchTimeAI account. We will confirm deletion within 30 days.