Legal

Data Privacy

We collect only what's required to run your interview practice and bill you for the time you use. This page summarises — in line with Art. 13/14 GDPR — what is stored, on which legal basis, for how long, who receives it, and what rights you have under the GDPR (Regulation (EU) 2016/679).

Who is responsible (controller)

The controller responsible for processing your personal data is the operator of MeetandGreet.AI. The full legal entity, postal address, and authorised representative are listed in our Impressum (/impressum). For data protection matters you can reach us at info@meetandgreet.ai.

What we collect

Account data (name, email address, Google account ID) when you sign in. Interview data: transcripts, scores, and feedback; the setup you provide (target role, prior role, job posting); and, if you upload a CV, an extracted text summary used to personalise your session. Audio is processed in real time to generate transcripts; raw audio is not retained after the session ends. Technical data (IP address, timestamps, request metadata) is processed in server logs for security, error diagnosis, and abuse prevention. Payment data is handled by Stripe — we never see your card details; we store only the purchase metadata (amount, minutes, invoice details) needed for billing.

Legal bases for processing

We process your data on these legal bases under Art. 6 GDPR: to perform our contract and provide the interview service (Art. 6(1)(b)); to meet legal obligations such as tax and accounting retention (Art. 6(1)(c)); and on our legitimate interest in securing and improving the service (Art. 6(1)(f)). Where we ask for consent, the basis is Art. 6(1)(a) and you may withdraw it at any time.

How we use it

To deliver interview sessions, persist your history so you can review past interviews, debit your minute balance per usage, prevent abuse (rate limiting, security monitoring), send transactional emails (purchase confirmations and invoices, account notices), and improve question quality through aggregate metrics. We do not sell personal data and we do not use it for advertising or profiling beyond the practice feedback you explicitly request.

Third-party services (processors)

We use the following service providers: Firebase / Google Cloud (authentication, database, hosting), Google Cloud Speech-to-Text and Text-to-Speech (audio processing during sessions), Google Gemini and Anthropic Claude (question generation and feedback), Stripe (payment processing), and Resend (transactional email). These providers process personal data on our behalf on the basis of data processing agreements pursuant to Art. 28 GDPR; Stripe additionally acts as an independent controller for the payment transaction itself. We do not permit these providers to use your interview content to train their models.

International data transfers

Some processors (Google, Anthropic, Stripe) are based in or transfer data to the United States. Such transfers are safeguarded by the EU–U.S. Data Privacy Framework and/or the EU Standard Contractual Clauses pursuant to Art. 44 et seq. GDPR. You may request a copy of these safeguards at the contact address above.

Automated processing and AI scoring

Your interview answers are analysed by AI models to generate scores and feedback. This is practice feedback for your own use — it is not a decision producing legal or similarly significant effects within the meaning of Art. 22 GDPR, and we make no hiring decision about you. You stay in control of how you use the feedback and can delete any session. If an organisation invited you to a session and receives your results, that organisation is itself responsible under the GDPR and the EU AI Act for how it uses them; practice results must not be the basis of a hiring decision (see our EU AI Act page for details).

How long we keep it

Interview transcripts and scores are retained while your account exists so you can review them; you can remove individual sessions from your history at any time, and you can delete your account directly in your profile. Raw audio is discarded immediately after each session. Billing and transaction records are kept for the statutory commercial and tax retention periods (up to ten years, § 147 AO / § 257 HGB — Art. 6(1)(c) GDPR) even after account deletion, and we may retain evidence that a paid session was delivered for the duration of applicable limitation periods to defend against payment disputes (Art. 6(1)(f) GDPR).

Your rights under the GDPR

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21) — in particular, you may object at any time to processing based on our legitimate interests. Where processing is based on consent, you may withdraw it at any time with effect for the future. To exercise these rights, contact us at the address below; we respond without undue delay and at the latest within one month (Art. 12(3) GDPR).

Right to lodge a complaint

If you believe our processing infringes data protection law, you have the right to lodge a complaint with a supervisory authority — in particular in the EU member state of your residence, place of work, or the place of the alleged infringement.

Cookies

We use only cookies and local storage that are strictly necessary to run the service — in particular to keep you signed in (Firebase Authentication) and to remember your language. We use no advertising or third-party analytics cookies, so no consent banner is required under § 25(2) TDDDG.

Contact

Data protection inquiries: info@meetandgreet.ai

Last updated: July 14, 2026