Corvly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered interview practice platform. This policy is designed to comply with the California Privacy Rights Act (CPRA) and other applicable privacy laws.
1. Information We Collect
We collect information that you provide directly to us and information that is automatically collected when you use our services. The categories of personal information we have collected in the past 12 months include:
Identifiers
- Email address
- Name
- IP address
Professional Information
- Resume and work history
- Career goals and preferences
- Interview practice responses
Usage Data
- Device information (browser type, operating system)
- Interaction events (features used, session duration)
- Performance metrics from practice sessions
Audio/Visual Information (with consent)
- Voice recordings during AI coaching sessions
- Video recordings during AI coaching sessions (future feature)
2. Sensitive Personal Information
Under the California Privacy Rights Act (CPRA Section 1798.121), certain categories of data are considered Sensitive Personal Information (SPI) and require explicit opt-in consent before collection.
Voice and video recordings are classified as SPI. We only collect this data when you explicitly enable these features in your Privacy Settings. You may revoke this consent at any time through the same settings page, and we will stop collecting this data going forward.
3. How We Use Your Information
We use the information we collect for the following purposes:
- AI Coaching and Feedback: To provide personalized interview coaching, analyze your responses, and generate improvement suggestions using AI technology (Google Gemini).
- Product Analytics: To understand how our platform is used, identify areas for improvement, and optimize user experience (PostHog).
- ML Model Training: Where permitted by law, we may use your non-sensitive information to improve our AI models and coaching algorithms. You can disable this at any time through your Privacy Settings. Data is anonymized before use.
- Service Delivery: To provide, maintain, and improve our platform, authenticate users, and communicate with you about your account.
4. Third-Party Service Providers
We share your information with the following categories of service providers who process data on our behalf (CPRA Section 1798.100(a)(4)):
| Processor | Data Categories | Purpose |
|---|---|---|
| PostHog | Device info, usage events | Product analytics |
| Google Gemini | User content, prompts | AI feedback generation |
| Langfuse | User prompts, conversation IDs, AI outputs | LLM observability and quality |
| Resend | Email address, notification content | Transactional emails |
| LiveKit | Voice/video (SPI, with consent) | Real-time communication |
| Supabase | All user data | Database and authentication |
| Vercel | Request logs, IP addresses | Application hosting |
We do not sell or share your personal information for advertising purposes.
5. Analytics and Global Privacy Control
We collect usage data starting from your first visit to understand how our platform is used. This data is linked to your account when you log in.
Global Privacy Control (GPC): We treat GPC signals as a valid opt-out request under CPRA Section 1798.135. When GPC is detected, we disable ALL tracking automatically—not just sale/sharing, but all analytics collection. This ensures complete privacy protection for users who send the GPC signal.
You can also opt out manually through your Privacy Settings at any time, regardless of whether you use GPC.
6. Your California Privacy Rights
If you are a California resident, you have the following rights under the California Privacy Rights Act (CPRA Sections 1798.100-1798.125):
| Right | Description | Response Timeline |
|---|---|---|
| Right to Know | Request disclosure of personal information collected in the past 12 months | 45 days (up to 90 days with notice) |
| Right to Delete | Request deletion of your personal information | 45 days (up to 90 days with notice) |
| Right to Correct | Request correction of inaccurate personal information (CPRA Section 1798.106) | 45 days |
| Right to Opt-Out | Opt out of the sale or sharing of your personal information | Immediate |
| Right to Limit SPI Use | Restrict use of sensitive personal information to necessary purposes | Immediate |
Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing or quality of service for exercising these rights (CPRA Section 1798.125).
Free Request Threshold: You may make up to 2 requests per 12-month period at no cost.
7. How to Exercise Your Rights
You can exercise your California privacy rights through the following methods:
- Email: Contact us at privacy@corvly.com
- Privacy Settings: Use your Privacy Settings for immediate controls over analytics, SPI consent, and training data preferences
Authorized Agents: You may designate an authorized agent to make a request on your behalf. We will require verification of the agent's authorization through a signed permission from you, and may also require verification of your identity directly.
Response Timeline: We will respond to verifiable requests within 45 days. If additional time is needed, we will notify you of the reason and extension period (up to an additional 45 days, for a maximum of 90 days total).
8. Data Retention
We retain your personal information for as long as your account is active and as needed to provide you with our services.
- Active accounts: Your data is retained while your account remains active.
- AI training data: If you consent to AI training, your anonymized interaction data may be retained indefinitely to improve our models. If you opt out, we retain only minimal data needed for session completion. You can change this preference anytime in your Privacy Settings.
- Deletion requests: Upon receiving a verified deletion request, we will remove your personal information within 30 days.
- Account deletion: When you delete your account, your personal information will be removed within 30 days.
Some data may be retained longer if required for legal, security, or fraud prevention purposes, in which case it will be deleted once no longer needed for those purposes.
9. How We Protect Your Information
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS) and at rest (AES-256)
- Secure authentication with row-level security policies
- Regular security assessments and monitoring
- Access controls limiting data access to authorized personnel only
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. Children's Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information as quickly as possible.
If you believe we have collected information from a child under 16, please contact us at privacy@corvly.com.
11. Links to Other Websites
Our platform may contain links to third-party websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top.
For significant changes, we may also notify you via email or through a prominent notice on our platform. We encourage you to review this Privacy Policy periodically for any changes.
13. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise your California privacy rights, please contact us:
- Email: privacy@corvly.com
- Privacy Settings: corvly.com/settings/privacy
We will respond to your inquiry as soon as reasonably practicable.