← Back to App
Privacy Policy
Last updated: February 2026
1. Introduction
IT Helpdesk AI Assistant ("we", "our", "the app") is committed to protecting your privacy.
This Privacy Policy explains what personal data we collect, why, how we store it, your rights,
and how to exercise them.
2. Data Controller
The data controller for this application is the operator of this instance. For questions about
your personal data, contact us at: privacy@ithelpdesk-ai.com
3. Information We Collect
3.1 Account Data (collected at registration)
| Data | Purpose | Retention |
|---|
| Full Name | Personalisation and display | Until account deletion |
| Email Address | Login, password reset, communication | Until account deletion |
| Password | Authentication (stored as salted hash only) | Until account deletion |
3.2 Profile Data (voluntarily provided)
| Data | Purpose | Retention |
|---|
| Resume / CV text | Personalise helpdesk queries to your background | Until you delete it or delete your account |
| Job profile text | Tailor practice to target role | Until you delete it or delete your account |
3.3 Session & Conversation Data
| Data | Purpose | Retention |
|---|
| Conversation messages (text) | Provide AI responses, track progress | Stored in database; deleted on account deletion |
| Session analytics (scores, filler words, confidence, pace) | Progress tracking and feedback | Stored in database; deleted on account deletion |
| Cumulative progress data | Show improvement trends over time | Stored in database; deleted on account deletion |
3.4 Voice Data
| Data | Purpose | Retention |
|---|
| Audio recordings (microphone) | Transcription via OpenAI Whisper API | Not stored. Audio is sent to OpenAI for transcription, then the temporary file is immediately deleted. Only the resulting text is kept. |
Important: Audio recordings are never stored on our servers.
They are processed in real-time, sent to OpenAI for transcription, and immediately deleted.
Only the resulting text transcript is retained as part of your conversation history.
4. Lawful Basis for Processing (GDPR Article 6)
- Consent (Art. 6(1)(a)): You consent to data processing when you create your account
and agree to these terms. You may withdraw consent at any time by deleting your account.
- Contract (Art. 6(1)(b)): Processing is necessary to provide you with the interview
practice, language practice, and helpdesk simulation services.
- Legitimate Interest (Art. 6(1)(f)): Security measures (rate limiting, content moderation,
input validation) to protect the service and all users.
5. Cross-Border Data Transfers
Your text and voice data is sent to OpenAI's API servers (located in the United States)
for processing. This constitutes a cross-border data transfer. OpenAI processes data in accordance
with their Privacy Policy
and Terms of Use.
OpenAI does not use API data to train their models.
We rely on OpenAI's Standard Contractual Clauses (SCCs) and data processing agreements as the
legal mechanism for this transfer under GDPR Chapter V.
6. How We Use Your Information
- To provide AI-powered interview practice, language practice, and IT helpdesk simulation
- To transcribe your voice input into text (via OpenAI Whisper)
- To generate AI responses (via OpenAI GPT)
- To generate text-to-speech audio (via OpenAI TTS)
- To moderate content for safety (via OpenAI Moderation API)
- To track your practice progress and provide performance analytics
- To personalise the experience based on your resume and target role
7. Data Storage & Security
- Account data is stored in a SQLite database on our server.
- Session history and progress data is stored in a SQLite database on our server.
- Passwords are hashed using PBKDF2-SHA256 with a unique per-user random salt. We never store plaintext passwords.
- Audio recordings are NOT stored — they are processed in memory and immediately deleted.
- In-transit encryption: All data is encrypted via HTTPS/TLS.
- Security headers: We set CSP, HSTS, X-Frame-Options, and Permissions-Policy headers.
- Rate limiting: We enforce per-session rate limits to prevent abuse.
- Content moderation: User input is checked for harmful content before processing.
8. Third-Party Services
| Service | Purpose | Data Shared |
|---|
| OpenAI API | Speech-to-text, text generation, text-to-speech, content moderation | Your text messages, voice audio (temporarily), conversation context |
| Cloudflare CDN | Serving static assets (icons, Socket.IO library) | IP address (standard CDN access) |
9. Data Retention
- Account data: Retained until you delete your account.
- Conversation history: Retained until you delete your account.
- Session analytics: Retained until you delete your account.
- Audio recordings: Not retained — deleted immediately after transcription.
- TTS cache: Cached in server memory only; purged on server restart.
- Redis session data: Automatically expires after 1 hour of inactivity.
10. Your Rights (GDPR Articles 15–22)
You have the following rights regarding your personal data:
- Right of Access (Art. 15): You can download all your data at any time from your
account settings, or via the "Export My Data" feature.
- Right to Rectification (Art. 16): You can update your profile information
(name, resume, job profile) at any time.
- Right to Erasure (Art. 17): You can delete your account and all associated data
from your account settings. This permanently removes all your data from our systems.
- Right to Data Portability (Art. 20): You can export your data in JSON format
via the data export feature.
- Right to Object (Art. 21): You may object to processing by deleting your account.
- Right to Withdraw Consent: You may withdraw consent at any time by deleting your account.
This does not affect the lawfulness of processing before withdrawal.
11. Automated Decision-Making (GDPR Article 22)
This app uses AI to generate IT helpdesk responses and resolutions.
These are practice tools only and do not constitute automated decisions
that produce legal or similarly significant effects. No hiring decisions, scoring decisions,
or consequential assessments are made by this application.
AI Disclaimer: All feedback, scores, and assessments are generated by
artificial intelligence and may be inaccurate, incomplete, or reflect unintended biases.
They are provided for practice purposes only and should not be relied upon as professional evaluations.
12. Children's Privacy
This app is not directed at children under 16. We do not knowingly collect information
from children under 16. Users must confirm they are at least 16 years old during registration.
If you are a parent and believe your child has provided us information, please contact us
and we will promptly delete the data.
13. Microphone Permission
The app requests microphone access only when you choose to use the voice feature.
Microphone access is optional — you can use the app entirely via text input.
Audio recording only occurs while the microphone button is active. Your browser
will always ask for explicit permission before granting microphone access.
14. Cookies
We use essential cookies only:
- Session cookie: Maintains your login session. Expires when you close your browser or after 1 hour of inactivity.
We do not use any analytics, advertising, or tracking cookies.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated
via a notice in the app. Continued use after changes constitutes acceptance.
The "Last updated" date at the top reflects the most recent revision.
16. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
privacy@ithelpdesk-ai.com
If you are unsatisfied with our response, you have the right to lodge a complaint with your
local Data Protection Authority.