MAYPURL
Inc.

LEGAL

Privacy Policy

Effective April 30, 2026

The short version

Maypurl Inc is a voice AI interview rehearsal platform. We collect what we need to run simulations, score them, charge for them, and improve the product. Nothing else. We never sell your data. We never share it with advertisers. We never use it to train AI models without your explicit consent.

This policy explains exactly what we collect, why, where it lives, who can see it, and how to make us delete it. If anything below is unclear, email support@maypurl.com.

1. Who we are

Maypurl Inc operates the maypurl.com service. References to "Maypurl Inc," "Maypurl," "we," "us," or "our" mean the company. References to "you" mean anyone who uses the website, signs up for an account, or interacts with the service.

Our principal contact for privacy matters is support@maypurl.com. Under India's Digital Personal Data Protection Act, 2023 (DPDPA), we serve as the Data Fiduciary for personal data we process about you.

2. What we collect

2.1 Information you give us directly

  • Account information: name, email, password (stored as a one-way hash. We never see your actual password).
  • Onboarding information: target role, experience level, target company. Used to calibrate simulations.
  • Payment information: processed entirely by Stripe. We do not store card numbers, CVV codes, or full bank details. We see and store only the transaction ID, amount, and confirmation that a payment succeeded.
  • Email subscriptions: if you subscribe to updates, we store your email address and the page you subscribed from.

2.2 Information generated by your use of the service

  • Simulation transcripts: the text of conversations between you and our AI interviewer. Stored to score your session, show you the report, and let you review your own history.
  • Scores and feedback: the AI-generated evaluation of your sessions.
  • Trust signals: behavioural data captured during sessions (whether you switched tabs, typed during a voice session, swapped microphone) to detect abuse. Aggregated counters only, not the keys you typed or the content you switched to.
  • Technical metadata: session timestamps, durations, device type, browser, error logs.

2.3 Information collected automatically

  • Analytics: if you grant analytics consent, we use PostHog (EU cloud) and Google Analytics 4 to understand which features land. We do not enable behavioural advertising. We mask all text inputs and don't capture form contents.
  • Cookies and local storage: for your login session, your saved preferences (tone mode, scoring lens, accommodations), and your consent choices. No third-party advertising cookies.

2.4 Audio

During voice simulations, your microphone audio is sent directly from your browser to OpenAI Realtime and Deepgram for processing. The audio never touches Maypurl Inc's servers. We receive only the resulting text transcript.

2.5 Resume content (Phase 1.5+)

If you upload a resume, we strip personally identifying information (name, email, phone, address, photos, social URLs) before writing anything to our database. We retain only the structured anonymized content (companies, role titles, dates, achievements, derived narrative red flags). You can delete your resume at any time, which cascades to all derived data.

3. Why we collect it (legal bases)

We process your data on these bases:

  • Consent for analytics, optional features, and any processing not strictly required to deliver the service.
  • Contract performance for account management, payments, simulation delivery, and scoring (DPDPA: legitimate use, GDPR Article 6(1)(b)).
  • Legal obligation for tax records and regulatory compliance.
  • Legitimate interest for security, fraud prevention, and product improvement (limited scope, balanced against your rights).

4. Where your data lives

  • Database: Supabase, EU region (PostgreSQL).
  • Web hosting: Vercel, global CDN.
  • API hosting: Railway, EU region.
  • AI providers: OpenAI (Realtime API and Whisper) and Anthropic (Claude for scoring). Data sent to these providers is governed by their respective terms. Neither uses your API-submitted data to train models when accessed via paid API.
  • Transcription: Deepgram, US/EU regions.
  • Email: Resend, US-based with EU-routing where applicable.
  • Payments: Stripe, global infrastructure.
  • Analytics: PostHog (EU cloud) and Google Analytics 4.

Some of these providers may transfer data outside India or the EU. We rely on Standard Contractual Clauses, adequacy decisions, or equivalent safeguards. You can request the specific safeguards in writing.

5. How long we keep it

  • Account data: until you delete your account.
  • Session transcripts and scores: until you delete them or close your account.
  • Trust signals and technical logs: 90 days, then aggregated anonymously or deleted.
  • Payment records: 7 years (regulatory requirement for financial records in India).
  • Email subscriptions: until you unsubscribe.
  • Backups: retained up to 30 days after your deletion request, then permanently removed in the next backup cycle.

6. Your rights

6.1 Under DPDPA (India)

You have the right to:

  • Access a summary of the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Erase data we are no longer required to hold
  • Nominate another person to exercise these rights if you become unable
  • Withdraw consent for processing based on consent
  • Lodge a grievance with us, and if unresolved, escalate to the Data Protection Board of India

6.2 Under GDPR (EU/UK users)

You additionally have the right to:

  • Data portability (machine-readable export)
  • Object to processing based on legitimate interest
  • Restrict processing while a complaint is being investigated
  • Lodge a complaint with your national data protection authority

6.3 How to exercise your rights

Email support@maypurl.com with your request. We respond within 30 days. We may need to verify your identity (which we do using your registered email) to protect your data from someone impersonating you.

7. What we don't do

  • We do not sell your data to anyone for any reason.
  • We do not share your data with advertisers or use it for retargeting.
  • We do not use your data to train Maypurl Inc's own AI models without explicit, separate consent.
  • We do not run third-party tracking pixels (Facebook Pixel, LinkedIn Insight Tag, etc.) on our site.
  • We do not require analytics consent to use the product. You can reject all analytics and the service still works.

8. Children

Maypurl is intended for adults preparing for technology industry interviews. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, contact us and we will delete the account.

9. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Passwords are hashed using bcrypt. API access is gated by JWTs with short expirations. Database access uses row-level security so users can only access their own data. We log security events and review them regularly.

No system is invulnerable. If we discover a breach affecting your data, we will notify you and the Data Protection Board (or relevant authority) within the timeframe required by law.

10. Changes to this policy

We will update this policy when our practices change. The "Effective" date at the top reflects the most recent change. For material changes, we will email you at the address on file at least 14 days before the change takes effect.

11. Contact

For privacy questions, requests, or grievances, email support@maypurl.com. Please put "Privacy Request" in the subject line so we route it correctly.