DebriefAI ("we," "our," or "us") is a desktop application that helps job candidates improve their interview performance through AI-powered coaching. This Privacy Policy explains what data we collect, how we use it, who we share it with, and the choices you have. Please read it carefully before using our software or services.
Plain-language summary: Your interview audio is captured locally on your device. During processing it is temporarily transmitted to our secure infrastructure and third-party services to generate your debrief. It is deleted from those systems after processing. Your debrief report is stored only on your device unless you explicitly choose otherwise. We do not sell your data. We do not advertise to you.
This policy applies to all users of the DebriefAI desktop application ("App") and the DebriefAI website at debriefai.co (the "Site"), collectively the "Services." By installing the App or using the Site you agree to this policy.
Our Services are intended for individuals aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately at privacy@debriefai.co and we will delete it promptly.
When you create an account or sign in, we collect:
This information is necessary to provide the Service and enforce session limits. It is stored on our servers and, partially, encrypted on your local device.
When you run an interview session, the App captures and stores locally on your device:
All of the above is stored exclusively on your device in an encrypted application database and local files. We do not maintain copies of your debrief reports or transcripts on our servers.
We collect minimal server-side analytics for service operation:
We do not use third-party analytics platforms (no Google Analytics, Mixpanel, Amplitude, etc.).
If you subscribe to DebriefAI Pro, payment is processed entirely by our payment processor. We never receive, store, or have access to your credit card number, CVV, or full billing details. We only store a customer reference ID provided by our payment processor to manage your subscription.
When you end an interview session, the App initiates a multi-step processing pipeline entirely managed by your device and our secure backend infrastructure:
Audio files remain on your device until you delete them. You can delete any session — including all audio — from the History page in the App at any time.
We use the following categories of third-party services. We share only the minimum data necessary for each function and have data processing agreements in place where required.
We use a cloud authentication provider to manage sign-up, sign-in, and password management. This provider processes your email address and, if you use social login (Google), your OAuth token. We do not store your password.
Your stereo audio is sent to a US-based speech-to-text service solely for the purpose of generating a transcript. The audio is transmitted over TLS (HTTPS). The service's data retention policy governs how long they may retain data on their infrastructure; we recommend reviewing their privacy policy. We delete the audio from our temporary storage immediately upon receipt of the transcript.
The transcript text — not your audio — is sent to a secure AI language model service to generate your coaching debrief. No personally identifying information (name, email, company name) is included in the prompt. Session metadata like round type and company type is included to calibrate the coaching tone. The service processes this data as a transactional API call.
Payments are handled by a PCI DSS Level 1 certified payment processor. We never see your card details. The processor stores transaction records in compliance with financial regulations.
Our backend API and temporary file storage run on a major cloud platform. All data in transit is encrypted via TLS 1.2+. Temporary audio files are stored with server-side encryption at rest and deleted as described in Section 4.
We do not sell, rent, or trade your personal data to any third party for their own commercial purposes.
All communication between the App and our servers uses HTTPS (TLS 1.2 minimum). API keys for third-party services are stored server-side only and are never present in the App binary.
Our servers store: your email, user ID, account tier, lifetime session count, and a payment processor customer reference. We do not store audio, transcripts, or debrief reports.
Sessions — including audio files, transcripts, and reports — are retained on your device indefinitely until you delete them. You can delete individual sessions from the History page. Deleting a session permanently removes all associated audio files, transcripts, and report data from your device. Deleted data cannot be recovered.
Account data (email, tier, session count) is retained while your account is active. To delete your account and all associated server-side data, contact us at privacy@debriefai.co. We will process deletion requests within 30 days.
Audio uploaded for transcription is deleted from our cloud storage immediately after the transcript is received. The transcript is also deleted from the speech-to-text service immediately after it is returned to our backend. No audio or transcript content is retained on any third-party service following the completion of your session.
Payment records are retained by our payment processor in accordance with financial regulations (typically 7 years for PCI compliance). We cannot delete these records on your behalf.
Depending on your jurisdiction, you may have the right to:
To exercise any of these rights, contact privacy@debriefai.co. We will respond within 30 days. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your EU member state's supervisory authority).
DebriefAI records audio from your microphone and your device's system audio output. Laws regarding the recording of conversations vary by country, state, and jurisdiction. In many jurisdictions, you are required to obtain the consent of all parties before recording a conversation.
You are solely responsible for ensuring that your use of DebriefAI complies with all applicable recording consent laws in your jurisdiction. DebriefAI does not notify other parties that recording is in progress. We strongly recommend disclosing to any other parties on your call that the conversation may be recorded for personal coaching purposes.
The DebriefAI desktop application does not use cookies. The DebriefAI website uses only essential cookies required for the authentication and payment flows to function (session tokens, CSRF protection). We do not use tracking pixels, advertising cookies, or cross-site tracking technology.
Our Services are not directed at or intended for children under 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has submitted personal data, contact us at privacy@debriefai.co and we will delete it immediately.
DebriefAI is operated from the United States. If you are located outside the United States, your data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our Services, you consent to this transfer. We ensure that any such transfers comply with applicable data protection laws through the use of standard contractual clauses or equivalent safeguards.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you via email or an in-app notice. Your continued use of the Services after any change constitutes acceptance of the updated policy.
For privacy-related questions, requests, or concerns:
We aim to respond to all inquiries within 5 business days and to fulfill all data requests within 30 days.
© 2026 DebriefAI. All rights reserved. Terms & Conditions