PRIVACY POLICY

Privacy Policy

1. Who we are

Enterview Ltd is the data controller responsible for your personal data.

Our details:

• Company name: Enterview Ltd
• Trading as: Case Interview Labs
• Companies House number: 14047407
• Registered office: 259 Creighton Avenue, London N2 9BP, United Kingdom
• Jurisdiction: England & Wales
• Contact email: support@enterview.info

We are not currently required to register a Data Protection Officer under UK GDPR. For all data protection matters, please contact us using the details above.

2. The personal data we collect

We collect and process the following categories of personal data:

2.1 Information you provide directly

• Account information: your full name, email address, and password (passwords are hashed by our authentication provider and never stored in readable form).
• Profile information: your subscription tier, available interview credits, and other account preferences.
• Payment information: we do not store your payment card details. Card details are entered directly into Stripe's secure checkout and processed by Stripe (see Section 5).
• Communications: any messages you send us through the contact form or via email, including your name, email address, and message content.
• Interview data: the cases you complete, your typed and spoken responses during interviews, and the scores and feedback generated by our AI.

2.2 Information collected automatically

• Authentication and session data: essential cookies and tokens used to keep you logged in.
• Analytics data: aggregated, anonymised statistical information about how the Service is used (see Section 8 on cookies).
• Email engagement data: if you receive emails from us, we use Resend to track whether you click links in those emails (see Section 8).

2.3 Information from third parties

• Google sign-in: if you choose to sign in with Google, we receive your name and email address from Google as part of the OAuth flow. We do not access any other Google account data.

3. How we use your personal data

We process your personal data for the following purposes and on the following lawful bases under UK GDPR Article 6:

3.1 To provide the Service (Lawful basis: contract)

• Creating and managing your account.
• Authenticating you and keeping you logged in.
• Generating AI-powered case interviews and scoring your responses.
• Storing your interview history (limited to your most recent five interviews).
• Processing your payments and applying purchased credits to your account.

3.2 To communicate with you (Lawful basis: contract or legitimate interest)

• Sending essential transactional emails such as account confirmation, password reset, payment receipts, and subscription notifications.
• Responding to your support requests.

3.3 To improve the Service (Lawful basis: legitimate interest)

• Understanding aggregate, anonymised usage patterns to improve the Service.
• Diagnosing technical issues and fixing bugs.

3.4 To comply with legal obligations (Lawful basis: legal obligation)

• Keeping records required by tax, accounting and corporate law.
• Responding to lawful requests from regulators or law enforcement.

4. How long we keep your personal data

We keep your personal data only for as long as necessary for the purposes set out in this policy. Specific retention periods are:

• Account data: kept for as long as your account is active. When you delete your account, all account data, including your name, email, profile, and interview history, is permanently deleted immediately. Deletion is not reversible.
• Interview history: automatically limited to your five most recent interviews. Older interviews are permanently deleted as new ones are saved.
• Payment records: retained for six years after the date of the transaction in accordance with UK tax and accounting requirements (HMRC and the Companies Act 2006). These records are held by Stripe and by us in our accounting records.
• Support emails: retained for up to two years after the matter is closed, then deleted.
• Legal hold: where we are required to retain data to comply with a legal obligation, defend a legal claim, or respond to a regulator, we will retain it for as long as necessary for those purposes.

5. Who we share your personal data with

We do not sell your personal data. We share it only with the following categories of third parties, all of whom act either as our processors (under our instructions) or as independent controllers for specific purposes:

5.1 Service providers (processors)

• Supabase Inc. — authentication and database. Stores your account information, profile, and interview history. Hosted in the European Union.
• Railway Corp. — application hosting infrastructure.
• Resend (Resend.com Inc.) — transactional email delivery (account confirmations, password resets, receipts, and other service emails). Domain hosted in the European Union (Ireland).
• Stripe, Inc. — payment processing. Stripe collects your card details directly through their secure checkout; we do not see or store your card information. Stripe is the controller for the card data they receive.
• Anthropic, PBC — AI processing. Your interview responses are sent to Anthropic's Claude API to generate the AI interviewer's replies and scoring. Anthropic processes this data on our behalf and does not use your inputs to train its models when accessed via the API.
• Google LLC — text-to-speech voice generation (Gemini API) for the AI interviewer's voice, and Google Analytics for aggregate website usage statistics.
• ipapi.co (Kloudend, Inc.) — geo-IP lookup. We send your IP address to ipapi.co to determine your country and display prices in your local currency. Your IP is processed for this single purpose and the result is cached server-side for 24 hours.

5.2 Other recipients

• Professional advisers: our accountants, lawyers, and auditors, who are bound by confidentiality.
• Regulators and authorities: where we are required by law to disclose data.
• Successors in interest: if Enterview Ltd is sold, merged, or otherwise transferred, your data may be transferred to the new owner under the same protections as this policy.

6. International transfers

Your personal data is primarily stored within the United Kingdom and the European Economic Area (EEA).

Some of our service providers (notably Anthropic, Google, Stripe, Resend, and ipapi.co) are headquartered in the United States or process data internationally. Where personal data is transferred outside the UK, we rely on appropriate safeguards under UK GDPR Article 46, including:

• The UK Government's adequacy decisions (where they apply).
• The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs).
• The UK Extension to the EU–US Data Privacy Framework, where applicable.

If you would like a copy of the safeguards in place for any specific transfer, please contact support@enterview.info.

7. Your rights

Under UK GDPR you have a number of rights in relation to your personal data. You can exercise any of these rights at any time by emailing support@enterview.info. We will respond within one month, unless your request is complex or you have made several requests, in which case we may extend this by up to two further months and tell you why.

• Right of access: you can ask us for a copy of the personal data we hold about you.
• Right to rectification: you can ask us to correct any data that is inaccurate or incomplete.
• Right to erasure: you can ask us to delete your personal data. You can also delete your account and all its data yourself at any time from the Settings page.
• Right to data portability: you can ask us to send you, or another controller, a copy of your personal data in a structured, machine-readable format.
• Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
• Right to object: you can object to processing based on our legitimate interests.
• Right to withdraw consent: where we rely on your consent (for example, for non-essential cookies), you can withdraw it at any time.
• Right to lodge a complaint: you have the right to complain to the UK Information Commissioner's Office (ICO) at any time. We would, however, appreciate the chance to address your concerns first — please contact us before approaching the ICO.

8. Cookies and similar technologies

We use cookies and similar technologies on the Service. A cookie is a small text file stored on your device when you visit a website. We use the following categories:

8.1 Strictly necessary cookies

These cookies are essential for the Service to work and cannot be turned off. They include:

• Authentication cookies: to keep you logged in.
• Session cookies: to maintain your interview state and preferences during your visit.
• Security cookies: to protect against fraud and unauthorised access.

Strictly necessary cookies do not require your consent under PECR.

8.2 Analytics cookies

We use Google Analytics to understand how visitors use the Service in aggregate. This helps us improve the Service. We rely on the analytics exception under the Data (Use and Access) Act 2025, which permits first-party analytics without consent provided that:

• The data is used solely to measure how the Service is used by visitors as a whole;
• The data is not used to track individuals across other websites or services;
• The data is not shared with third parties for their own purposes; and
• Visitors can opt out free of charge.

You can opt out of Google Analytics by clicking "Manage cookies" in the website footer at any time.

8.3 Email tracking

When we send you transactional emails through Resend, we track whether you have clicked links in those emails. This helps us understand whether important emails (such as password resets) are reaching you. We do not track whether you have opened our emails.

8.4 Managing cookies

You can manage your cookie preferences at any time using the "Manage cookies" link in the website footer, or through your browser settings. You can also block all cookies through your browser, but this may affect how the Service works.

9. How we keep your data secure

We take the security of your personal data seriously. The technical and organisational measures we use include:

• Encryption of data in transit using HTTPS/TLS.
• Encryption of data at rest within our database provider (Supabase).
• Hashed passwords — we never see or store your password in readable form.
• Strict access controls — only authorised personnel can access systems containing personal data, and only when needed.
• Service providers selected for their security and compliance posture.
• Regular software updates and dependency monitoring to address security vulnerabilities.

No system can be guaranteed 100% secure. If we ever become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO without undue delay, in accordance with UK GDPR.

10. Children's data

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact support@enterview.info and we will delete it.

11. Automated decision-making

The Service uses AI to generate interview questions, evaluate your responses, and produce a numerical score and written feedback. This is an automated assessment intended for educational and practice purposes only.

The score does not produce any legal or significant effect on you. It is not used to grant or deny access to employment, education, financial services, or any other significant benefit. The output is illustrative practice feedback only and you have full control over how, or whether, you use it.

If you would like to discuss any AI-generated output you receive, please contact support@enterview.info.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the "Effective date" shown at the top of this policy.
• If the changes are material, notify you by email or through a prominent notice on the Service.

The version published on www.enterview.info is always the current and authoritative version. By continuing to use the Service after a change, you accept the updated policy.

13. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: support@enterview.info
• Post: Enterview Ltd, 259 Creighton Avenue, London N2 9BP, United Kingdom