1. Who we are
CS Interview Coach is operated by CS Interview Coach, a sole trader registered in England and Wales.
Data controller: CS Interview Coach
Contact: customerservice@csinterviewcoach.com
We are the data controller for personal data you provide when using CS Interview Coach. We are not required to register with the ICO as a sole trader whose processing does not trigger mandatory registration, but we comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
2. Data we collect and why
Account information
When you create an account we collect:
- Email address — to identify your account and send transactional emails (e.g. password reset)
- Name (if provided) — to personalise your experience
Lawful basis: Performance of a contract (Article 6(1)(b) UK GDPR) — processing is necessary to provide you with the service you signed up for.
Usage data
When you use the service we collect:
- Interview session records — questions attempted, competency framework, grade selected
- Answer text — the written answers you submit for AI evaluation
- Scores and AI feedback — the evaluation results returned for each answer
- Session timestamps and progress data
Lawful basis: Performance of a contract (Article 6(1)(b)) for core functionality; Legitimate interests (Article 6(1)(f)) for service improvement — we have a legitimate interest in understanding how the service is used to improve it for all users.
Important: Your answer text is sent to Anthropic's Claude API for AI scoring. See Section 5 (Subprocessors) and Section 6 (International transfers).
Payment information
Payments are handled entirely by Stripe. We do not see or store your full card number, CVV, or bank details. We receive from Stripe only: your name (as entered at checkout) and a Stripe customer reference so we can manage your subscription or lifetime access. See Section 5 for Stripe's role.
Lawful basis: Performance of a contract (Article 6(1)(b)).
Cookies and technical data
We use essential cookies for authentication and session security, and optional analytics cookies (only with your consent) to understand how people use the service. See our Cookie Policy for full details.
Lawful basis: Consent (Article 6(1)(a)) for non-essential cookies; Legitimate interests (Article 6(1)(f)) for essential session cookies.
3. How long we keep your data
| Data type | Retention period | Reason |
|---|---|---|
| Account information | Until you delete your account, then 30 days | Operate the service |
| Interview sessions and answers | Until you delete your account, then 30 days | Provide session history and progress tracking |
| AI feedback and scores | Until you delete your account, then 30 days | Provide session history |
| Payment records (Stripe reference, name) | 6 years from transaction date | Legal obligation — accounting and tax records |
| Cookie consent records | 6 months (stored in your browser's localStorage) | Demonstrate consent |
Where retention is based on a legal obligation, data is kept for the minimum period required by law and then securely deleted.
4. Who we share your data with
We do not sell your personal data. We share data only with the subprocessors listed in Section 5, and only to the extent necessary to operate the service.
We may disclose personal data if required to do so by law, by court order, or in connection with any legal proceedings.
5. Subprocessors
| Subprocessor | Role | Location | Privacy information |
|---|---|---|---|
| Supabase | Database storage and user authentication. Stores your account details, session records, answers, and scores. | EU (AWS eu-west-2) | supabase.com/privacy |
| Anthropic | AI scoring. Your answer text is sent to the Claude API to generate interview feedback and scores. Anthropic does not use API inputs to train its models by default. | United States | anthropic.com/privacy |
| Stripe | Payment processing. Handles all card transactions. We do not receive your card details. | United States / EU | stripe.com/privacy |
| Vercel | Hosting. Serves the web application. May process request logs including IP addresses. | United States / EU edge | vercel.com/legal/privacy-policy |
6. International transfers
Some of our subprocessors are based in or transfer data to the United States, which is outside the UK. Where this applies:
- Anthropic: Your answer text is transferred to the US for AI processing. This transfer is made under the UK International Data Transfer Agreement (IDTA) / Standard Contractual Clauses (SCCs) as adopted under UK GDPR. Anthropic's API terms incorporate these safeguards.
- Stripe: Stripe operates under the EU-US Data Privacy Framework and standard contractual clauses.
- Vercel: Uses edge network infrastructure. Standard contractual clauses apply for any US processing.
You can request details of the specific transfer mechanism used for any subprocessor by contacting us at customerservice@csinterviewcoach.com.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure — ask us to delete your personal data (subject to legal retention obligations).
- Right to restriction — ask us to restrict how we process your data in certain circumstances.
- Right to data portability — receive your personal data in a structured, machine-readable format and transfer it to another controller.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent (e.g. analytics cookies), withdraw it at any time without affecting the lawfulness of prior processing.
How to exercise your rights
Email customerservice@csinterviewcoach.com with the subject line "Data rights request" and describe your request. We will respond within one calendar month. We may ask you to verify your identity before acting on a request.
Right to complain
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
- Post: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would, however, appreciate the opportunity to address your concerns before you contact the ICO.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encrypted data storage (Supabase), HTTPS for all data in transit, and access controls limiting who can view user data.
No system is perfectly secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by UK GDPR.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or via a notice on the service. The "Last updated" date at the top of this page will always reflect the most recent revision.
10. Contact
For any questions about this Privacy Policy or how we handle your data, contact us at: customerservice@csinterviewcoach.com