Privacy Policy

Last updated: March 30, 2026

Overview

BriefRoom ("we", "our", "us") is an AI-powered interview preparation platform operated by Tomer Butbul. This policy explains how we collect, use, and protect your information when you use briefroom.app.

We believe in transparency: we collect only what we need to make the product work, we never sell your data, and you can delete your account at any time.

Information We Collect

Account Information

When you create an account, we collect your email address and password (hashed, never stored in plain text). If you sign in with Google or GitHub, we receive your name and email from those services.

Information You Provide

  • Resume text: Parsed from uploaded files (PDF, DOCX, TXT) in memory. The original file is discarded immediately after parsing — we never store your resume file on disk. Only the extracted text is saved to your account.
  • GitHub profile: If you connect your GitHub, we fetch your public repositories, READMEs, and commit history using GitHub's public API. No private repositories are accessed.
  • Profile information: Name, university, degree, target role, and other fields you voluntarily fill in.
  • Interview answers: Your responses during practice interviews, including voice transcriptions processed locally in your browser.
  • Projects and materials: Any additional context you paste or upload for interview preparation.

Automatically Collected Information

  • Usage analytics: Page views, feature usage, interview completions — used to improve the product. No personally identifiable information is included in analytics events.
  • Browser information: Standard web server logs including IP address, browser type, and referring page.

Video and Audio

  • Voice input: Speech-to-text transcription happens entirely in your browser using the Web Speech API. Audio is never sent to our servers.
  • Voice output: Text-to-speech runs locally in your browser. No audio is transmitted.
  • Video recording: If you enable camera recording during practice, the video is stored locally in your browser as a temporary blob. It is never uploaded to our servers. Periodic snapshots may be sent to our AI provider for body language analysis, then immediately discarded.

How We Use Your Information

  • AI-powered features: Your resume, profile, and interview answers are sent to Anthropic (Claude AI) to generate personalized interview questions, feedback, cheat sheets, elevator pitches, and coaching. Anthropic processes this data according to their privacy policy and does not use your data to train their models.
  • Improving your experience: Session history and scores are stored to track your progress, avoid repeating questions, and personalize future sessions.
  • Product improvement: Aggregated, anonymized usage data helps us understand which features are most valuable.
  • Payment processing: Payment information is handled entirely by Stripe. We never see, store, or process your credit card details. See Stripe's privacy policy.

Data Storage and Security

  • Authentication: Managed by Supabase with encrypted passwords and secure session tokens.
  • Database: Your account data is stored in Supabase (PostgreSQL) with row-level security — users can only access their own data.
  • Local storage: Some data (session history, preferences) is also stored in your browser's localStorage for faster access. Clearing your browser data removes this local copy.
  • Encryption: All data is transmitted over HTTPS (TLS 1.2+). Data at rest is encrypted by our infrastructure providers.
  • File handling: Uploaded resume files are parsed in memory and immediately discarded. Only extracted text is retained.

Third-Party Services

We use the following third-party services that may process your data:

  • Anthropic (Claude AI): Processes your interview answers, resume, and profile to generate AI responses. Anthropic does not use API inputs to train their models.
  • Supabase: Authentication and database hosting.
  • Stripe: Payment processing. We never handle your payment card information directly.
  • Vercel: Website hosting and deployment.
  • Google/GitHub (optional): OAuth sign-in if you choose to use social login.

We do not sell, rent, or share your personal information with any third parties for marketing purposes.

Your Rights

  • Access: You can view all your stored data through the app (My Info tab, session history, etc.).
  • Deletion: You can request deletion of your account and all associated data by contacting us at the email below. We will delete your data within 30 days.
  • Portability: You can export your session history and generated content (cheat sheets, pitches) from the app.
  • Correction: You can update your profile information at any time through the My Info tab.
  • Opt out: You can use the product without creating an account (limited to browsing). You can clear localStorage to remove locally stored data.

Cookies

We use essential cookies only — authentication session tokens managed by Supabase. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. The theme preference (dark/light mode) is stored in localStorage, not cookies.

Children's Privacy

BriefRoom is intended for users aged 16 and older (college-age and above). We do not knowingly collect information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via email. The "last updated" date at the top reflects the most recent revision.

Contact

If you have questions about this privacy policy or want to request data deletion, contact:

Tomer Butbul
Email: tomerbutbuleast@gmail.com
Website: briefroom.app

briefroomTerms of Service →