AO
AceOffer

Privacy Policy

Last updated: May 28, 2026

The short version

We collect the minimum we need to run your account, process payments, and let an AI act as your interviewer. We do not sell your data. You can request deletion at any time by emailing support@aceoffer.app.

What we collect

Account data — your email address and a unique user ID, created when you sign up. Authentication is handled by Supabase.

Billing data — your Stripe customer ID and subscription status. We do not store your card number or full payment details; Stripe does. We see only the last 4 digits and metadata Stripe shares for invoicing.

Interview content — the questions you attempt, the answers you submit, the conversation transcripts between you and the AI interviewer, and any scores or feedback the AI generates. This is tied to your user ID and stored in our Supabase database.

Technical data — basic request logs (IP address, user agent, timestamps) needed for security, abuse prevention, and debugging. Standard server-side logging via our hosting provider (Vercel).

Email events — delivery, open, and bounce events for transactional emails (signup confirmation, password reset), handled by Resend.

What we don’t collect

We don’t use ad-tech trackers, third-party advertising pixels, or behavioral profilers. We don’t sell your data to any third party.

How we use your data

To run your account and the subscription you purchased; to send transactional email (signup, password reset, billing notices); to generate AI interview feedback in your sessions; to detect and prevent abuse; to fix bugs and improve the product (in aggregate, de-identified form); and to comply with legal obligations.

Who processes your data on our behalf

We use a small set of subprocessors. Your data is shared with them only as needed to run the service:

  • Supabase — authentication and database hosting.
  • Stripe — payment processing and subscription management.
  • Anthropic— large language model API used to generate interviewer turns and feedback. Per Anthropic’s API terms, prompts and completions are not used to train their models.
  • Vercel — application hosting and request logs.
  • Resend — transactional email delivery.

Retention

We keep account, billing, and interview content for as long as your account is active, plus a reasonable period afterward to satisfy tax, accounting, and dispute-resolution obligations. Server-side logs are rotated on our hosting provider’s standard schedule (typically weeks to a few months).

Your rights

You can request a copy of the data we hold about you, ask us to correct it, or ask us to delete your account and associated content by emailing support@aceoffer.app. We’ll respond within a reasonable time (typically within 30 days). If you are located in the EU/UK or California, you may have additional rights under GDPR / UK GDPR / CCPA; the same email is the right path for those requests.

International transfers

AceOffer is operated from the United States. If you access the service from outside the U.S., your data will be processed in the U.S. and other countries where our subprocessors operate.

Security

We use industry-standard measures (TLS in transit, encrypted databases at rest via Supabase, restricted service credentials, row- level security on user-owned tables). No system is 100% secure; if we become aware of a breach that affects you, we will notify you promptly as required by law.

Children

AceOffer is not directed to children under 18 and we do not knowingly collect data from them. If you believe a child has given us personal data, contact us and we will delete it.

Changes

We may update this policy from time to time. The “Last updated” date at the top will change, and we’ll give reasonable notice of material changes (banner in-app or email).

Contact

Questions about privacy? support@aceoffer.app