Privacy Policy
Last updated: December 1, 2025
1. Introduction
JustGrind ("we", "our", or "us") operates the justgrind.dev website and interview practice platform. This Privacy Policy explains how we collect, use, and protect your personal information.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Email address - for authentication and communication
- Name - to personalize your experience
- Password - stored securely by Clerk (we never see your password)
2.2 Interview Data
During interview practice sessions, we collect:
- Audio recordings - your voice responses during interviews
- Transcripts - text versions of your responses
- Performance metrics - scores, feedback, skill assessments
- CV/Resume - if you upload one for personalized interviews
2.3 Technical Data
We automatically collect:
- IP address - to prevent abuse and provide geolocation features
- Browser type & device - to optimize the experience
- Session data - to maintain your login state
- Analytics - via Plausible (privacy-focused, no personal data)
3. How We Use Your Information
3.1 Essential Services (Legal Basis: Contract)
- Authentication - Clerk manages your account securely
- AI Interview Processing - OpenAI Whisper (transcription), Anthropic Claude (feedback), Cartesia (voice synthesis)
- Database Storage - Convex stores your interview data
- Payment Processing - Lemon Squeezy handles credit purchases
These services are necessary to deliver our core functionality and cannot be opted out of.
3.2 Optional Services (Legal Basis: Consent)
- Email Marketing - MailerLite sends tips and updates (only if you opt in)
You can withdraw consent anytime in your account settings.
3.3 Analytics (Legal Basis: Legitimate Interest)
- Plausible Analytics - Privacy-focused, no cookies, no personal data tracking
4. Third-Party Services
We share your data with the following services to operate our platform:
| Service | Purpose | Data Shared | Privacy Policy |
|---|
| Clerk | Authentication | Email, name, password | Link |
| Convex | Database | All interview data | Link |
| OpenAI (via Together.AI) | Speech transcription | Audio recordings | Link |
| Anthropic | AI interview feedback | Transcripts, responses | Link |
| Cartesia | Voice synthesis | Text for TTS | Link |
| Lemon Squeezy | Payment processing | Email, name, payment info | Link |
| MailerLite | Email marketing (optional) | Email, name | Link |
| Plausible | Analytics | Page views (no PII) | Link |
5. Data Retention
Active Accounts: We retain your data as long as your account is active.
Account Deletion: When you delete your account:
- 30-day grace period - You can cancel the deletion request
- After 30 days - Permanent deletion of all personal data:
- Profile, CV, and all files
- Interview recordings and transcripts
- Meeting recordings
- Notes and analytics
- Financial records - Anonymized and retained for 7 years (legal requirement for tax/fraud prevention)
6. Your Rights (GDPR & CCPA)
You have the right to:
- Access - Request a copy of your data
- Deletion - Delete your account via settings
- Correction - Update your profile information
- Portability - Export your interview data (contact support)
- Withdraw consent - Unsubscribe from email marketing anytime
- Object - Object to data processing (may limit service availability)
To exercise these rights, contact us at son@justgrind.dev
7. Security
We protect your data using:
- HTTPS encryption - All data in transit is encrypted
- SOC2-compliant vendors - Clerk, Convex, Lemon Squeezy
- Access controls - Limited employee access to user data
- Regular security audits - We review our systems quarterly
8. Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours via email, as required by GDPR Article 33.
9. Children's Privacy
Our service is not intended for users under 16 years old. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately at son@justgrind.dev.
10. International Data Transfers
Your data may be processed in the United States and other countries where our service providers operate. We ensure adequate safeguards through:
- Standard Contractual Clauses (SCCs) with vendors
- SOC2 Type II certification
- GDPR compliance commitments
11. Changes to This Policy
We may update this policy periodically. We'll notify you of material changes via:
- Email to your registered address
- Notice in the application dashboard
- Updating the "Last updated" date above
12. Contact Us
For privacy-related questions or concerns:
Note: This privacy policy is based on current practices as of December 1, 2025. Before launching publicly, this document will be reviewed by a privacy attorney to ensure full GDPR and CCPA compliance.