DATA DEPLOYMENT | SECURITY POLICIES

Privacy Policy

LAST UPDATED: MAY 25, 2026

At HiddenMentor.ai, protecting candidate privacy is our foundational metric. We detail exactly how your information, transcripts, and billing records are stored and processed safely.

1. Information We Collect

We process specific datasets to deliver our services:

  • Account Data: Email addresses, hashed passwords, and authentication tokens.
  • Billing Data: We do NOT record full credit card numbers on our servers. All transactions are processed directly by our secure payment provider (Stripe). We only store receipt references and active token balances.
  • Interaction Data: Audio transcriptions generated during live sessions, mock interview scorecards, and ATS resumes uploaded to your dashboard.
Audio Capture Consent & User Liability: Our desktop client captures local system and microphone audio to generate real-time transcriptions. By using the Service during a live meeting, you explicitly consent to this audio transcription. You are solely responsible for complying with all applicable local, state, and federal wiretapping and recording laws (including "two-party consent" laws) regarding the capture of any third-party voices.

2. How We Use Your Information

Your data is used strictly for the following purposes:

  • To provide real-time AI coaching and feedback based on your specific context.
  • To authenticate your identity and protect against credential abuse.
  • To process payments and manage your subscription or credit balance.
  • To send necessary service updates, invoices, and technical guidance.
Trust Oath: We never sell personal datasets, contact logs, or uploaded resumes to third-party advertising companies or marketing brokers.

3. AI Data Processing Policy

We use third-party AI models (including OpenAI, Anthropic, and DeepSeek) to generate coaching responses. We pass your uploaded resumes, job descriptions, and temporary audio transcripts to these APIs. We strictly configure these API connections to opt-out of foundational model training. This means your interview transcripts and personal data are not used by these providers to train their public AI models.

4. Information Sharing & Subprocessors

We leverage industry-leading cloud partners to run the platform:

  • Stripe: Secure, PCI-compliant checkout sessions and subscription management.
  • AWS: Structured databases (RDS) and S3 storage instances, isolated with strict IAM permissions.
  • Google Analytics: Anonymized, aggregated site performance and traffic metrics.

5. Data Security Measures

All data transmitted between your desktop client, browser, and our servers is encrypted using industry-standard TLS/SSL protocols. Data at rest in our AWS RDS instances is encrypted, and access to production servers is strictly limited to authorized engineering personnel using multi-factor authentication.

6. Data Retention, CCPA, & GDPR Rights

Transcripts, resumes, and mock data reside on AWS RDS only as long as your account is active. You can execute complete account deletes directly from your Candidate dashboard at any point, which will permanently purge your records from our active databases.

California (CCPA) & European (GDPR) Residents: You have the right to request access to the personal data we hold about you, request corrections, or demand complete deletion ("Right to be Forgotten"). You also have the right to non-discrimination for exercising these privacy rights. To submit a data subject access request, please contact us using the information below.

7. Cookies & Tracking

We use minimal cookies necessary for the operation of the web platform (e.g., maintaining authentication sessions via Laravel Sanctum). We do not use intrusive cross-site tracking pixels. By using the platform, you consent to our use of these essential operational cookies.

8. Children's Privacy (COPPA)

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information immediately.

9. International Data Transfers

HiddenMentor.ai operates primarily out of the United States, utilizing US-based AWS infrastructure. By accessing our Service or providing us with your personal data, you explicitly consent to the transfer, storage, and processing of your data in the United States.

10. Contact Privacy Operations

For questions about database deletion, user logs, or data storage, contact: support@hiddenmentor.ai.