Last updated: 13 June 2026
This policy explains how Tell Me Why ("we", "us", "the service") handles your personal data when you use our interview-analysis tool at tellmewhy.app. We are the data controller responsible for the personal data described below. It is written to meet our obligations under the EU General Data Protection Regulation (GDPR), the UK GDPR, and the ePrivacy Directive.
1. What we collect
Account information
When you create an account we collect your name, email address, and a securely hashed password. We record when your email address is verified so we can keep your account secure.
The content you submit for analysis
To produce your report, you provide some or all of the following:
- An interview recording (audio or video), a link to a recording, or a transcript you paste in.
- Your CV / résumé (uploaded as a PDF).
- The job description for the role.
From these inputs we generate and store derived data — the interview transcript, extracted question-and-answer pairs, a structured summary of your experience, your analysis result, and any optional pre-mortem you request. This content can contain personal data about you and, in the case of recordings, about other people present in the interview.
Feedback
If you send us feedback through the in-app feedback widget, we receive the message you write so we can read and act on it.
Usage data and cookies
We use Cloudflare Web Analytics, a privacy-first analytics tool that is cookieless: it sets no cookies, builds no profile of you, and does not track you across other websites. It only gives us aggregate figures such as page views and referrers.
The only cookies we set are strictly necessary — a session cookie and a security (CSRF) token that keep you logged in and protect forms from abuse. Because we use no advertising, profiling, or non-essential cookies, no cookie-consent banner is required for our site.
2. How we use your data and our legal basis
- To provide the service — transcribing your recording, generating your analysis, storing your reports, and managing your account. Legal basis: performance of a contract (Art. 6(1)(b)).
- To send service emails — email verification, password resets, and notifying you when an analysis is ready. Legal basis: contract (Art. 6(1)(b)).
- To keep the service secure and reliable — preventing abuse, debugging, and understanding aggregate usage. Legal basis: our legitimate interests (Art. 6(1)(f)).
- To comply with the law where we are legally required to. Legal basis: legal obligation (Art. 6(1)(c)).
We do not sell your personal data, and we do not use it for advertising.
3. Who processes your data
We share data only with the service providers ("sub-processors") that we need to run the tool. Each acts on our instructions under a data-processing agreement.
| Provider | Purpose | Data involved |
|---|---|---|
| OpenAI | Transcribing your recording and generating your analysis | Recording / transcript, CV text, job description. Under OpenAI's API terms this content is not used to train their models. |
| Amazon Web Services (AWS S3) | Secure file storage | Your uploaded recording and CV |
| Cloudflare | Content delivery, security, and cookieless analytics | Technical request data; aggregate, non-identifying usage metrics |
| Telegram | Delivering feedback you submit to our team | Only the feedback message you choose to send |
| Email provider | Sending transactional account emails | Your email address and the message content |
4. International transfers
Some of these providers process data outside the European Economic Area, including in the United States. Where that happens, the transfer is protected by an appropriate safeguard — such as the EU Standard Contractual Clauses or the provider's certification under the EU–US Data Privacy Framework.
5. How long we keep it
- Account and analysis history are kept while your account is active. When you delete your account, your profile and analysis records are erased from our database.
- Uploaded files (your recording and CV) are stored so we can deliver and, if needed, regenerate your report. You can ask us to delete any uploaded file at any time.
- Incomplete uploads held temporarily during the upload process are automatically discarded within 24 hours.
- Aggregate analytics contain no personal data and are retained only in summary form.
6. Your rights
Under the GDPR and UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased ("right to be forgotten");
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent at any time, where we rely on consent; and
- lodge a complaint with your local data protection authority.
You can delete your account yourself from your profile settings, or exercise any of these rights by emailing us at privacy@tellmewhy.app.
7. Recordings and the rights of others
8. Security
We protect your data with measures including encrypted connections (HTTPS), hashed passwords, access controls, and reputable infrastructure providers. No system can be guaranteed completely secure, but we work to protect your information against unauthorised access, loss, or misuse.
9. Children
The service is intended for adults and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. When we make material changes we will update the "last updated" date at the top of this page and, where appropriate, notify you directly.
11. Contact
For any privacy question or request, contact us at privacy@tellmewhy.app.