InterviewMD is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform. We process your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
InterviewMD is operated by InterviewMD Ltd, a company registered in England and Wales. For the purposes of data protection law, InterviewMD Ltd is the data controller - meaning we determine the purposes and means of processing your personal data.
If you have any questions about this policy or our data practices, you can contact our Data Protection Officer at privacy@interviewmd.com.
2. Data We Collect
We collect information that you provide directly, information generated by your use of the platform, and limited information from third parties.
2.1 Information you provide
- Account information: name, email address, and password when you create an account.
- Profile data: target medical schools, application cycle year, and onboarding preferences.
- Payment information: processed securely by our third-party payment provider. We do not store your full credit card number, CVV, or bank details on our servers.
- Practice session data: audio recordings of your interview responses, text transcripts, and any written responses you submit during practice sessions.
- Support communications: messages you send us via email or in-app support channels.
2.2 Information generated automatically
- Usage data: pages visited, features used, session duration, practice frequency, and interaction patterns.
- Performance data: AI-generated scores, feedback reports, coaching recommendations, and progress analytics.
- Device information: browser type, operating system, screen resolution, and IP address.
- Log data: access times, error logs, and referral URLs.
2.3 Information from third parties
- Authentication providers: if you sign in via a third-party service (e.g. Google), we receive your name and email address from that provider.
- Referrals: if you were invited by an administrator or educational institution, we receive your email address from them.
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Data used |
|---|---|
| Providing the service | Account info, profile data, session recordings, transcripts |
| AI-powered feedback and coaching | Audio recordings, transcripts, historical performance data |
| Progress tracking and analytics | Session scores, usage patterns, performance history |
| Processing payments | Payment information (via third-party processor) |
| Account administration | Email address, name, authentication data |
| Product improvement | Aggregated and anonymised usage data |
| Customer support | Account info, support communications |
| Legal compliance | As required to comply with applicable laws |
We do not sell your personal data to third parties. We do not use your practice recordings or personal responses to train general-purpose AI models.
4. Legal Basis for Processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
- Contract: processing necessary to provide you with the InterviewMD service, including account management, practice sessions, AI feedback, and coaching (Article 6(1)(b)).
- Legitimate interests: improving our platform, preventing fraud, ensuring security, and sending service-related communications (Article 6(1)(f)). We balance these interests against your rights and freedoms.
- Legal obligation: where we are required by law to process or retain certain data (Article 6(1)(c)).
- Consent: where we rely on your consent, you may withdraw it at any time by contacting us. This applies to optional marketing communications and non-essential cookies.
5. AI & Automated Processing
InterviewMD uses artificial intelligence to provide core features of the platform. Here is how AI processes your data:
- Speech-to-text transcription: your audio recordings are transcribed using third-party AI services. Transcripts are stored in your account and used to generate feedback.
- AI feedback and scoring: your transcribed responses are analysed by AI models to generate scores on criteria such as content, empathy, structure, and communication. These scores are recommendations, not definitive assessments.
- Personalised coaching: the AI uses your historical performance data to generate tailored improvement recommendations.
Important: AI-generated feedback is provided as a learning tool and should not be treated as professional advice. No automated decisions with legal or similarly significant effects are made about you based solely on AI processing.
Your practice recordings and transcripts are not used to train general-purpose AI models. They are processed solely to provide you with feedback and coaching within the InterviewMD platform.
6. Data Sharing & Third-Party Processors
We share your data only with trusted third-party service providers who process data on our behalf, under strict data processing agreements:
- Supabase (database & authentication): stores your account data, session data, and handles authentication. Data is encrypted at rest and in transit.
- AI providers (e.g. OpenAI): processes your transcripts to generate feedback and coaching. Subject to data processing agreements that prohibit use of your data for training.
- Speech-to-text provider: transcribes audio recordings. Audio is processed ephemerally and not retained by the provider.
- Payment processor: handles payment transactions securely. We do not store payment card details on our servers.
- Analytics: we may use privacy-focused analytics tools to understand aggregate usage patterns. No personally identifiable information is shared.
We may also disclose your data where required by law, regulation, legal process, or governmental request.
7. International Data Transfers
Some of our third-party processors operate outside the United Kingdom. Where your personal data is transferred internationally, we ensure appropriate safeguards are in place, including:
- Transfers to countries with an adequacy decision from the UK Secretary of State.
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).
- Binding data processing agreements with all processors that include equivalent protections.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: retained for the duration of your account. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.
- Practice recordings and transcripts: retained for the duration of your active subscription to enable progress tracking and coaching. Deleted within 30 days of account deletion.
- Performance data and scores: retained for the duration of your account.
- Payment records: retained for 7 years as required by UK tax and accounting regulations.
- Log and analytics data: retained for up to 12 months, then automatically deleted or anonymised.
9. Your Rights
Under the UK GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data in certain circumstances.
- Right to restrict processing: request that we limit how we use your data.
- Right to data portability: receive your data in a structured, commonly used format, or request transfer to another provider.
- Right to object: object to processing based on legitimate interests.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@interviewmd.com. We will respond within one month of receiving your request, as required by law.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
10. Cookies
InterviewMD uses a minimal number of cookies to operate the platform:
- Essential cookies: required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
- Preference cookies: store your settings such as theme preference (light/dark mode).
We do not use third-party advertising or tracking cookies. If we introduce non-essential analytics cookies in the future, we will obtain your consent before setting them.
11. Children's Privacy
InterviewMD is designed for individuals aged 16 and over who are preparing for medical school interviews. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@interviewmd.com and we will promptly delete such data.
12. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS) and at rest.
- Secure authentication with hashed passwords.
- Role-based access controls limiting who within our organisation can access personal data.
- Regular security reviews and monitoring.
- Data processing agreements with all third-party processors requiring equivalent security standards.
While we take every reasonable precaution, no system is completely secure. If you become aware of any security vulnerability, please report it to security@interviewmd.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the platform. The “Last updated” date at the top of this page indicates when the policy was most recently revised.
We encourage you to review this policy periodically to stay informed about how we protect your data.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@interviewmd.com
- General enquiries: hello@interviewmd.com
We aim to respond to all privacy-related enquiries within 5 working days.