Privacy Policy

This policy applies to every Opaige account holder ("you", "user") and to anyone whose data we receive in connection with a Opaige mock interview — including, importantly, the voice and (for video mocks) the face of the person in front of the camera.

Account data

At signup we collect your name, email address, and a hashed password. We record the timestamp at which you accepted these Terms, and your IP address (geolocated to country) for fraud prevention and product analytics.

Optional profile data

If you choose to provide them, we store your profile picture, your real interview date, your destination country, and your target score. These power the dashboard countdown, weekly digest, and goal tracking — they're never required and are deletable at any time from Settings.

Mock interview data

When you run a mock, we collect: the officer archetype you picked; the destination and embassy you named; the audio of your voice (for voice mocks) and the audio + video of you (for video mocks); the AI-generated transcript; and the AI-generated score across composure, consistency, specificity, and time-use.

Usage data

Standard server logs (timestamps, IPs, user-agent, route accessed) for security and reliability. These are retained for 30 days then aggregated/discarded.

1. To run your mock interview and return a scored report.
2. To populate your dashboard — past mocks, score trends, achievements, weekly digest emails.
3. To send transactional email (welcome, verify, password reset, scored report).
4. To prevent fraud and abuse (rate-limiting, unusual-activity detection, sub-processor terms enforcement).
5. To improve the product through aggregated, de-identified analytics (e.g. "average score across all users this week") — never tied back to you individually.

We do not train AI models on your data. Your voice, video, transcripts, and scores are processed only to deliver your mock interview and your scored report. They are never fed into model training, fine-tuning, or evaluation datasets — neither ours nor any sub-processor's.

For account creation and delivery of the Service, processing is based on contract (Article 6(1)(b)).

For mock-interview audio and video, processing is based on your explicit consent (Article 6(1)(a) and, where applicable, Article 9(2)(a) for special-category biometric data). You give that consent by starting a mock; you can withdraw it at any time by deleting the recording (per-session) or turning off "Save my recordings" in Settings (going forward).

For fraud prevention and security logging, processing is based on our legitimate interests (Article 6(1)(f)) in operating a safe service.

We share personal data only with vetted sub-processors that help us deliver the Service — voice/video AI infrastructure, cloud hosting, database, transactional email, and payment processing. Each is bound by a Data Processing Agreement with terms equivalent to the protections this policy describes.

The current list, with each vendor's purpose, the data category they receive, and their jurisdiction, is published at opaige.com/sub-processors.

We do not sell, rent, or share your data with advertisers, data brokers, or for any marketing purpose by any third party.

We may disclose personal data when required by applicable law (subpoena, court order, regulatory request) or to protect Opaige, our users, or the public against fraud, abuse, or imminent harm.

Recordings (audio + video)

Voice and video recordings of your mock are saved by default so you can re-watch them from your dashboard. We mirror provider-hosted recordings to our own encrypted storage within 24 hours and delete the provider copy as soon as their retention permits.

You can:

1. Opt out entirely — Settings → Privacy → toggle "Save my session recordings" off. From that moment we never persist new recordings; the file is dropped as soon as the call ends.
2. Delete any single recording — open the past-session viewer, click "Delete recording". Permanent and immediate.
3. Delete your whole account — Settings → Danger zone. Cascades through every session, transcript, recording, and PDF within 7 days.

Transcripts and scores

Your scored transcript and PDF report are retained for the life of your account so you can compare progress over time. They are deleted on account deletion.

Server logs

30 days, then aggregated or discarded.

Billing records

Retained for 7 years after the transaction to meet U.S. tax and accounting obligations. Personal data attached to the invoice (name, billing email) is retained for the same period; we cannot delete this earlier even on request.

Under the UK GDPR and EU GDPR you have the right to:

1. Access the personal data we hold about you — much of it is visible in your dashboard; for the rest, email privacy@opaige.com.
2. Rectify inaccurate data — from Settings, or by emailing us.
3. Erase your account and the data associated with it — self-serve from Settings → Danger zone.
4. Restrict or object to processing — email us with the specifics.
5. Data portability — request an export of your sessions, transcripts, and scores in JSON or PDF. We'll respond within 30 days.
6. Withdraw consent to recording storage — toggle off in Settings, or delete recordings individually.
7. Lodge a complaint with a supervisory authority (in the UK, the ICO).

We employ industry-standard security measures: TLS 1.3 for data in transit, encryption at rest for recordings, bcrypt-hashed passwords (cost factor 12), HttpOnly session cookies, role-based access controls, rate limiting, and audit logging on privileged actions. We conduct periodic security reviews.

No system is perfectly secure. In the event of a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, per UK GDPR Article 33.

Opaige is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.

Several sub-processors operate from the United States. Transfers of personal data outside the UK and EEA rely on appropriate safeguards — Standard Contractual Clauses, the UK International Data Transfer Addendum, and (where applicable) the EU–US Data Privacy Framework certification of the vendor.

We may update this policy from time to time. Material changes are announced via email to active account holders at least 30 days before they take effect, where reasonably practicable. The current version is always at this URL with the effective date at the top.

Opaige Inc. is incorporated in the State of Delaware, United States. Registered address: 1111B S Governors Ave STE 37935, Dover, DE 19904, United States.

Privacy questions or requests: privacy@opaige.com. For non-privacy support: support@opaige.com.

Back to opaige.com