Pending final legal review. This page reflects our current practices and applies to your use of the service. We are completing a final attorney review and may refine the wording before public launch.

Privacy Policy

Last updated: June 12, 2026

This Privacy Policy explains how Nuvortex LLC, doing business as InterviewSurge (“InterviewSurge,” “we,” “us,” or “our”) collects, uses, stores, and shares your personal data when you use our website and services. By creating an account or using the service, you acknowledge the practices described here.

Who we are

InterviewSurge operates a job-search service that finds relevant roles, tailors your CV, drafts recruiter outreach, and — on paid plans — submits applications on your behalf and helps you run a dedicated job-search email account. We fulfill applications using a combination of automated tools and trained human specialists; the mix varies by platform. The contracting entity is Nuvortex LLC d/b/a InterviewSurge. For any privacy question, contact us at support@interviewsurge.com.

Data we collect

We collect the following categories of data:

  • Account data — your name, email address, and authentication identifiers (including any data provided by Google when you sign in with Google).
  • CV content and the personal data within it — the CV file you upload and the information it contains, such as work history, education, skills, and contact details.
  • Job preferences — target roles, locations, salary expectations, and other search criteria you configure.
  • Application profile data (paid plans) — details required to submit applications on your behalf, which may include legal name, address, work-history answers, screening responses, and credentials for applicant tracking systems.
  • Job-search email data (application plan) — for the email account you connect, we access email content and metadata to create drafts, send messages, and read and classify your inbox (including application confirmations and verification codes), and we store the access tokens that authorize this. See Email and calendar access below.
  • Calendar data (application plan, optional) — if you connect your calendar, we read event details (title, time, attendees, location, meeting link) on a read-only basis to detect interview-related events and prepare interview briefings and thank-you drafts. We never create, modify, or delete events.
  • Payment data — billing country and subscription status. Card details are collected and processed directly by Stripe; we do not store your card number.
  • Usage and device data — analytics events, pages viewed, approximate location derived from your IP address, and cookie identifiers (see Cookies).

We also process limited professional contact data about recruiters and hiring contacts (such as name, role, company, and business contact details) gathered from public sources, in order to surface recruiter contacts and deliver outreach features. This data concerns business capacity, is not sold, and is handled under the same safeguards described here.

How we use your data

We use your data to:

  • Deliver the service — match you to roles, tailor your CV, draft outreach, submit applications on paid plans, and (on the application plan) draft, send, read, and classify messages in your connected job-search email account.
  • Prepare interview materials — where you connect your calendar, detect interview events and prepare pre-interview briefings and post-interview thank-you drafts.
  • Provide support and maintain oversight — authorized members of our team may access a read-only view of your account to provide support, maintain quality, investigate abuse, and meet legal obligations. Such access is recorded in an internal audit log.
  • Process payments and manage your subscription.
  • Communicate with you — transactional email such as account confirmation, password resets, and match summaries.
  • Measure usage and improve the product through aggregate analytics.
  • Comply with legal obligations and protect against fraud and abuse.

Sensitive data (EEO self-identification)

Some applications request voluntary self-identification information — gender, race or ethnicity, veteran status, and disability status (“EEO Data”).

We do not collect or store EEO Data. When an application presents voluntary self-identification fields, we select “Prefer not to say” (or the equivalent decline option) or leave the field blank. We do not answer these questions on your behalf, and we do not use any such categories for profiling, matching, analytics, advertising, or model training.

If we offer an optional EEO-completion feature in the future, we will update this policy first, obtain explicit per-field opt-in consent, and — for any disability-related information covered by Washington’s My Health My Data Act or similar laws — publish a separate Consumer Health Data Privacy Policy before any collection begins.

Email and calendar access — Google API Services User Data Policy

On the application plan, you connect a job-search email account (and, optionally, your calendar) so we can provide the features above. Where this access is provided through Google APIs (Gmail, Google Calendar), the following applies:

  • InterviewSurge’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
  • We use Gmail data only to provide the email features visible to you in the product (drafting, sending, reading, and classifying messages to surface action items), and Calendar data only to provide the interview-briefing features. Calendar access is read-only.
  • We do not sell or transfer Gmail or Calendar data, use it for advertising, or use it to develop, improve, or train generalized AI/ML models.
  • Human access to your email and calendar data is restricted to limited, permitted purposes (such as security, abuse investigation, legal compliance, or support you request). Our staff do not browse your mailbox; classification is performed by automated systems.
  • You can revoke our access at any time through your Google Account security settings or by contacting us at support@interviewsurge.com.

How we store and protect your data

Your data is stored in our managed PostgreSQL database hosted by Supabase. Sensitive fields — such as the credentials you provide for applicant tracking systems — are encrypted at rest in our database provider’s vault using libsodium authenticated encryption, and are accessed only through audited database functions that record each use. All data is encrypted in transit and at rest. Access to production data is restricted to the systems and personnel that require it to operate the service.

Third parties we share data with

We share the minimum data necessary with the following sub-processors, each of which acts under its own privacy and security commitments:

  • Supabase — database, authentication, and file storage.
  • Hostinger — virtual-server infrastructure on which our application services and queues run.
  • Stripe — payment processing and subscription billing.
  • Google Analytics 4 — website and product analytics. Analytics run only after you grant consent.
  • Bright Data — the data source we use to discover public job listings.
  • Google (Vertex AI — Gemini) — the large language model provider used to analyze job descriptions and generate tailored CV content. We send the data necessary for each task and do not authorize this provider to use your data to train its models.

We do not sell your personal data. We may disclose data when required by law or to protect our rights and the safety of our users.

Cookies

We use a small number of cookies. Strictly necessary cookies keep you signed in and remember your cookie choice; these are always active. Analytics cookies set by Google Analytics 4 are off by default and load only after you select “Accept” in our cookie banner. The GA4 cookies are:

  • _ga — distinguishes visitors; expires after about two years.
  • _ga_<container-id> — persists session state for the GA4 property; expires after about two years.
  • _gid — distinguishes visitors; expires after about 24 hours.

You can change your choice at any time using the “Cookie preferences” link in the site footer. Rejecting analytics cookies keeps Google Analytics fully disabled.

How long we keep your data

We retain account and profile data for as long as your account is active, and for a limited period afterward to meet legal and operational requirements. Job listings discovered by our scraper are retained for approximately 15 days. On account deletion or offboarding, we delete or de-identify your personal data — including application profile data and any email and calendar content we have stored — and revoke or destroy stored credentials and email-account access tokens within 30 days, except where we are required to retain data by law.

Your rights

Subject to applicable law, you have the right to access, correct, export, and delete your personal data, to withdraw consent (including for analytics) at any time, and — where your state law provides — to limit the use of sensitive personal information and to opt out of any sale or sharing (we do not sell or share personal data for cross-context behavioral advertising). To exercise any of these rights, email us at support@interviewsurge.com. We will respond within the timeframe required by applicable law.

International users

We operate online and may process your data in countries other than the one in which you reside. Where we transfer data across borders, we take steps to ensure it remains protected in line with this policy.

Children

The service is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the date above and, where appropriate, notify you. Continued use of the service after an update constitutes acknowledgment of the revised policy.

Contact

For any question about this policy or your personal data, contact us at support@interviewsurge.com.

Privacy Policy | InterviewSurge