Privacy Policy

Introduction

Rehearsal AI ("we," "us," or "our"), a product of Gradeless AI, operates the website tryrehearsal.ai, the Rehearsal mobile applications for iOS and Android, and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using our Service, you consent to the practices described in this policy.

Information We Collect

We collect information you provide directly, as well as information collected automatically when you use our Service.

Personal Information You Provide

• Account information: Name and email address when you create an account via Google OAuth, Microsoft OAuth, or Email OTP
• Professional profile: Your domain, function, industry, experience level, and skill areas that form your professional profile, used to personalise your learning and interview preparation experience
• Voice and audio data: Microphone audio recorded during AI voice interviews conducted via WebRTC; interview transcripts generated from these sessions
• Interview responses: Your answers during mock interviews, including text and voice responses, and AI-generated feedback and scores
• CV and document uploads: Curriculum vitae and other documents you upload for analysis
• Aptitude data: Your responses and scores from aptitude practice assessments
• Notebook content: Auto-generated Q&A journal entries created from your interview and learning sessions
• Payment information: Transaction details processed through Apple In-App Purchase, Google Play Billing, or our external payment providers (we do not store full payment card details)
• Communications: Messages you send to our support team at contact@gradeless.ai

Information Collected Automatically

• Device and usage data: IP address, browser type, operating system, device model, device identifiers, referring URLs, pages visited, and interaction patterns
• Analytics and session data: Session duration, feature usage, learning completion rates, interview performance metrics, and session replays collected through our analytics provider (PostHog)
• Push notification tokens: Device tokens used to deliver push notifications on mobile devices
• Streak and engagement data: Daily usage streaks, learning progress, and engagement metrics synced across your devices
• Cookies and similar technologies: As described in the Cookies section below (applicable to our website; our mobile apps use local storage and secure storage for similar purposes)

How We Use Your Information

We use the information we collect to:

• Provide and maintain our professional skills platform, including Skill Briefs, AI voice interviews, aptitude practice, and related services
• Personalise your learning and interview preparation experience based on your professional profile and performance
• Facilitate AI voice interviews and generate real-time conversational feedback, scores, and improvement recommendations
• Power Skill Briefs (interactive micro-learning modules) and track your progress across courses
• Provide RAG-based AI chat for contextual learning support using your interview history
• Process transactions and send related information including purchase confirmations
• Send push notifications including streak reminders, learning updates, and promotional communications (which you can opt out of at any time)
• Analyse usage trends to improve our AI models, content, and overall platform quality
• Detect, prevent, and address technical issues, fraud, or security concerns
• Comply with legal obligations and enforce our terms of service

Voice Data Handling

Our AI voice interview feature uses your device's microphone to conduct real-time conversational practice. Here is how we handle your voice data:

• Voice audio is captured in real time during AI interview sessions and transmitted via WebRTC to our AI service provider (OpenAI) for processing
• Voice data is used solely to conduct the interview simulation and generate real-time AI responses
• We do not store raw voice recordings after the interview session ends
• Voice data is not used to train any AI models, whether ours or third-party
• Interview transcripts (text derived from voice) are stored as part of your interview history and Notebook entries, and can be deleted by deleting your account

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. On our mobile applications, we use local storage and secure storage for similar purposes.

Types of Cookies We Use (Website)

• Essential cookies: Required for the platform to function, including authentication and session management
• Analytics cookies: Help us understand how visitors interact with our website through services such as PostHog (including session replay functionality that records interactions such as clicks, scrolls, and screen views, but does not capture text input in sensitive fields)
• Functional cookies: Remember your preferences such as language and display settings

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

Third-Party Services

We share your information with the following categories of third parties solely to provide and improve the Service:

• AI service providers (OpenAI): Powers AI voice interviews via the Realtime API. Your voice audio and text prompts are processed in real time to generate interview responses. This data is not used to train OpenAI models under our data processing agreement
• Authentication and data platform (Supabase): Manages user authentication (Google OAuth, Microsoft OAuth, Email OTP) and securely stores user data in a cloud database
• Analytics (PostHog): Provides product analytics and session replay to help us understand and improve platform usage
• Push notifications (Expo): Delivers push notifications to your mobile device
• In-app purchases (Apple, Google): Apple In-App Purchase and Google Play Billing process subscription payments on mobile. These transactions are governed by Apple's and Google's respective privacy policies
• External payment processors: Process payments made outside of app stores through secure third-party providers
• Cloud infrastructure: We use trusted cloud hosting providers to store and process data securely

We do not sell your personal information to third parties. We only share data as necessary to provide our Service or as required by law.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, encrypted API responses, secure token storage on mobile devices, regular security assessments, and access controls. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

Data Retention and Account Deletion

We retain your personal information for as long as your account is active or as needed to provide you with our Service.

You may request deletion of your account at any time through the account settings in our mobile app or by contacting us at contact@gradeless.ai. Upon requesting deletion, your account enters a 30-day grace period during which you may cancel the deletion by logging back in. After 30 days, your personal data will be permanently deleted, except where we are required to retain it for legal or legitimate business purposes.

Anonymised and aggregated data that cannot identify you may be retained indefinitely for research and analytics.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Data portability: Request your data in a structured, commonly used format
• Opt-out: Unsubscribe from marketing communications and push notifications at any time
• Withdrawal of consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at contact@gradeless.ai. We will respond to your request within 30 days.

Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us at contact@gradeless.ai.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date and, where appropriate, through in-app notifications. We encourage you to review this policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: