Privacy Policy

Aim4 - Consulting

This privacy policy describes how Aim4 - Consulting (our web platform and our Chrome extension "Augmented Interview Panel") collects, uses and protects your personal data.

1. Data collected

1.1. Via our web platform

Our web platform collects the following data:

• Account information: name, email address, password (hashed)
• Usage data: interview history, cases practiced, drills completed, scores and evaluations
• Session data: information about your interview sessions, transcripts, evaluations
• Payment data: if you subscribe to a plan, we collect payment information via Stripe (we do not store credit card numbers)

1.2. Via our Chrome extension "Augmented Interview Panel"

The "Augmented Interview Panel" extension collects the following data:

• Email address: used for authentication on our platform. The email is stored locally in your browser to facilitate future logins.
• Authentication tokens (JWT): authentication tokens are generated on login and stored locally in your browser to keep your session active.
• User role: your role (interviewer or candidate) is stored locally to customize the extension interface.

Important note: Passwords are never stored. They are only transmitted securely during login and are never retained by the extension.

2. Data storage

2.1. Web platform

Data collected via our web platform is stored on our secure servers. We use a PostgreSQL database to store your account information, interview sessions, evaluations and usage data.

Data stored on our servers includes:

• Your account information (name, email, hashed password)
• Your interview and practice history
• Your scores, evaluations and performance analyses
• Your preferences and account settings

2.2. Chrome extension

Data collected by the extension is stored locally in your browser via Chrome's chrome.storage API. This data remains on your device and is not synced with our servers except for communications necessary for the extension to function.

Locally stored data includes:

• Your email address (to pre-fill the login form)
• Your authentication token (to maintain your session)
• Your user role (to customize the interface)

3. Use of data

Collected data is used only for the following purposes:

• Authentication and account management: identify and authenticate users, manage accounts and subscriptions
• Service provision: provide access to interview cases, drills, evaluations and platform features
• Experience improvement: personalize your experience, track your progress, generate performance analyses
• Extension operation: enable the extension to function during video interviews (Google Meet, Zoom, Microsoft Teams, Webex)
• Session synchronization: sync interview sessions with our backend to manage cases, drills and interview scenarios
• Customer support: answer your questions and provide technical support
• Billing: process payments and manage subscriptions (via Stripe)

4. Data transmission

4.1. Third-party services used

We use the following third-party services for our platform to function:

• Stripe: for payment processing. Stripe collects and processes your payment information securely. We do not store your credit card numbers.
• Recall.ai: for transcription and recording of video interviews (only if you use the extension with this feature enabled)
• Hosting services: our servers are hosted on secure cloud infrastructure

4.2. Communication with our backend

Data is transmitted only to our backend server (aim4-consulting.com) in the following cases:

• On login: your email and password are transmitted for authentication
• When using the web platform: your actions, responses and interview data are synced with our servers
• When using the extension: your authentication token is transmitted with each API request to verify your identity
• During session synchronization: interview session information is transmitted to manage cases and scenarios

Important commitment: We do not sell, rent or share your personal data with third parties (except for the necessary third-party services mentioned above). Your data is used exclusively to provide our services.

5. Data security

We implement appropriate security measures to protect your data:

• Secure communication via HTTPS for all data transmissions
• JWT token authentication with automatic expiration
• Hashed passwords with secure algorithms (bcrypt)
• Secure database with restricted access and encryption
• Secure local storage via Chrome Storage API (for the extension)
• Monitoring and protection against unauthorized access
• Regular data backups

6. Data deletion

6.1. Web platform

You can delete your account and data at any time:

• Via your account settings on the web platform
• By contacting us directly at the address indicated below

Note: Deleting your account will result in the deletion of all your personal data, including your interview history, scores and evaluations. Some data may be retained for legal or accounting reasons for a limited period.

6.2. Chrome extension

You can delete extension data at any time in several ways:

• Uninstalling the extension: all locally stored data is automatically deleted when you uninstall the extension
• Logout: use the "Log out" button in the extension to remove your authentication token and locally stored email
• Manual cleanup: you can clear extension data via Chrome settings (chrome://extensions → Details → Site data → Clear)

7. Cookies and similar technologies

7.1. Web platform

Our web platform uses cookies to:

• Keep your session active (session cookies)
• Remember your preferences
• Improve your user experience

You can manage your cookie preferences via your browser settings.

7.2. Chrome extension

The extension may read authentication cookies (access_token) from our backend domain to automatically detect if you are already logged in. These cookies are managed by our backend server and follow the same privacy policy as described here.

8. Extension permissions

The extension requests the following permissions:

• activeTab: to detect active video meetings
• sidePanel: to display the extension side panel
• storage: to store your preferences and tokens locally
• tabs: to detect video meeting tabs
• cookies: to read backend authentication cookies
• host_permissions: to communicate with our backend API and detect video conferencing platforms

All these permissions are used only for the features described in this policy.

9. Your rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: you can request to know what data we hold about you
• Right to rectification: you can request correction of your data
• Right to erasure: you can request deletion of your data
• Right to portability: you can request to receive your data in a structured format
• Right to object: you can object to the processing of your data

To exercise these rights, please contact us at the address indicated below.

10. Modifications to this policy

We reserve the right to modify this privacy policy at any time. Any changes will be published on this page with an update to the "Last updated" date. We encourage you to check this page regularly to stay informed of our practices.

11. Contact