Privacy Policy

Last updated: April 12, 2026

Brightlift (“we,” “us,” or “our”) operates the Brightlift platform at brightlift.ai. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

1. Information We Collect

Account information

When you sign in with Google OAuth, we receive your name, email address, and profile picture from Google. This information is stored in Supabase and used to identify your account.

Voice transcripts

During an interview session, your voice is recorded by your browser and sent to our server for transcription. Audio is never stored. Audio data is processed in real time by OpenAI Whisper, converted to text, and immediately discarded. Only the resulting text transcript is saved.

Session and usage data

We store interview session metadata (candidate level, start time, turn count), conversation transcripts (both your responses and AI interviewer turns), and rubric-based feedback scores. We also collect basic usage analytics via Vercel Analytics (page views, session duration, browser and device type).

2. How We Use Your Information

  • To provide and improve the interview practice experience
  • To generate AI-powered feedback on your interview responses
  • To authenticate your account and manage session limits
  • To analyze aggregate usage patterns and improve our service

3. Third-Party Services

We use the following third-party services to operate Brightlift:

  • OpenAI— Whisper for speech-to-text transcription and TTS for AI interviewer voice synthesis. Audio is sent to OpenAI for processing and is not retained by OpenAI beyond the duration of the API call, per their data usage policy.
  • Anthropic (Claude)— Powers the AI interviewer conversation and rubric-based scoring. Conversation transcripts are sent to Anthropic for processing.
  • Supabase— Provides authentication (Google OAuth) and database storage for accounts, sessions, transcripts, and feedback.
  • Vercel— Hosts the application and provides basic analytics.
  • Stripe— Processes payments for Pro subscriptions. Stripe handles all payment information directly; we do not store credit card numbers or payment details on our servers.

4. Data Retention

  • Audio recordings: Never stored. Audio is processed in real time and discarded immediately after transcription.
  • Transcripts and feedback: Retained for as long as your account is active so you can review past sessions and track improvement over time.
  • Account data: Retained until you request deletion.

5. Your Rights

You have the right to:

  • Access your data— Request a copy of the personal data we hold about you, including transcripts and feedback.
  • Delete your data— Request deletion of your account and all associated data, including session transcripts, feedback, and usage history. We will process deletion requests within 30 days.
  • Correct your data— Request correction of inaccurate personal information.
  • Export your data— Request a machine-readable export of your data.

To exercise any of these rights, contact us at privacy@brightlift.ai.

6. Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS), secure authentication via Supabase, and row-level security on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

7. Children's Privacy

Brightlift is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the “Last updated” date.

9. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@brightlift.ai.