Privacy Policy
Last updated May 2026
1. Introduction
Westbridge is operated by Jonathan Schneider, based in Bautzen, Germany. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our AI-powered interview preparation platform at westbridge.app.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Data We Collect
2.1 Account Data
When you create an account, we collect your email address for authentication and communication purposes. We also store your account creation date and session-related authentication tokens.
2.2 Interview Data
During mock interviews, we record your voice through your device microphone. These recordings are transcribed and analyzed by AI systems to generate feedback, performance scores, and improvement suggestions. We also store session metadata such as duration, selected topics, and difficulty level.
2.3 Payment Data
We store transaction records and credit balance information. We do not store credit card numbers or raw payment instrument data. All payment processing is handled by Stripe. See Stripe's Privacy Policy for details on how they handle your payment data.
2.4 Technical Data
We automatically collect technical information including your IP address, browser type and version, device information, pages visited within the Service, and referring URLs. We also collect aggregated, anonymized page-view analytics (page URL, referrer, browser, operating system, device type, and country) through Vercel Analytics. Your IP address is not stored by the analytics system; country is derived from it and immediately discarded.
3. How We Use Your Data
3.1 Contract Fulfillment (Art. 6(1)(b) GDPR)
We process your data to provide the mock interview service, including recording, transcribing, and analyzing your responses. This also covers managing your account, processing purchases, maintaining your credit balance, and generating AI-powered feedback.
3.2 Legitimate Interest (Art. 6(1)(f) GDPR)
We use data to improve and maintain the Service, ensure security, prevent fraud and abuse, and analyze aggregated anonymized usage patterns. Vercel Analytics is used to collect privacy-first, cookieless page-view statistics to help us understand how the Service is used. No personal profiles are built and no data is shared with third parties for advertising purposes.
3.3 Consent (Art. 6(1)(a) GDPR)
Recording your voice requires explicit consent through your browser's microphone permission prompt, which appears before any recording begins. You may withdraw consent at any time.
4. AI Processing Disclosure
Our Service uses artificial intelligence as a core component. Your audio responses are transmitted to third-party AI providers for transcription, and your transcribed responses are analyzed by AI models to generate feedback and scores. These evaluations are automated and based on comparison against model answers and key evaluation criteria.
AI-generated scores and feedback are for educational and informational purposes only. They do not constitute professional career advice, and no guarantees are made regarding their accuracy or real interview outcomes.
5. Third-Party Service Providers
We use the following providers to operate the Service. Your data may be processed by them in accordance with their respective privacy policies:
Supabase handles our database hosting, authentication, and file storage (Privacy Policy). Vercel provides application hosting, content delivery, and privacy-first page-view analytics via Vercel Analytics. Analytics data is aggregated and anonymized; no cookies are set and no personal identifiers are retained (Privacy Policy). OpenRouter routes AI model requests for interview analysis and transcription (Privacy Policy). Stripe processes all payments (Privacy Policy).
6. International Data Transfers
Some of our providers are based in the United States or operate infrastructure outside the European Economic Area. When your data is transferred outside the EEA, we ensure appropriate safeguards are in place, including EU-U.S. Data Privacy Framework certifications, Standard Contractual Clauses approved by the European Commission, and provider-specific data processing agreements.
7. Audio Recordings
Before any recording begins, you are explicitly asked to grant microphone permission through your browser. Audio recordings are uploaded to our servers for transcription and AI analysis, processed by the third-party providers described above, and stored for the duration of your account. Voice recordings constitute personal data under GDPR. You may request deletion of your recordings at any time by contacting us or deleting your account.
8. Cookies
We use essential cookies required for authentication and session management. These are strictly necessary and do not require consent under ePrivacy regulations. We do not use advertising trackers, Meta Pixel, Google Analytics, or similar non-essential tracking technologies. Vercel Analytics collects anonymized page-view data without using cookies or persistent identifiers and does not require consent under the ePrivacy Directive.
9. Data Retention
Account data and interview recordings are retained for the duration of your account and deleted upon account deletion or upon request. Unused interview credits expire after 12 months without starting an interview. Payment records are retained as required by German tax and commercial law, typically up to 10 years. Technical logs are retained for up to 90 days for security and debugging purposes.
In the event that the Service is permanently discontinued, we will notify all registered users at least 30 days in advance via email and through the Service. At the end of this notice period, all account data, interview recordings, credits, and associated personal data will be permanently and irreversibly deleted.
10. Your Rights
Under the GDPR, you have the right to access your data, rectify inaccuracies, request erasure, restrict processing, receive your data in a portable format, object to processing based on legitimate interest, and withdraw consent at any time. You can also delete your account directly through the account settings page.
To exercise any of these rights, contact us at js@jonathanschneider.co. You also have the right to lodge a complaint with the competent supervisory authority, the Sächsische Datenschutz- und Transparenzbeauftragte (SDTB).
11. Data Security
We implement appropriate technical and organizational measures to protect your data, including HTTPS encryption for all data in transit, encrypted database connections, row-level security ensuring users can only access their own data, secure authentication, and no client-side exposure of secret API keys.
12. Minors
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that a minor has provided us with personal data, please contact us immediately.
13. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or via email. Continued use after changes constitutes acceptance of the updated policy.
14. Contact
If you have questions about this Privacy Policy, contact us at js@jonathanschneider.co.