Privacy Policy

Last Updated: March 26, 2026
Effective Date: December 15, 2025

1. Introduction

Quarlo Software LLC ("Quarlo," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered interview preparation platform (the "Service").

By using Quarlo, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Full name, email address (typically your college email), password (hashed), and institution affiliation.
  • Resume Data: When you upload a resume for interview preparation, we process and store the text content to generate personalized prep materials.
  • Job Information: Job descriptions, company names, and role details you provide for interview preparation.
  • Recruiter/Hiring Manager Contacts: Names, email addresses, phone numbers, and LinkedIn URLs of recruiters and hiring managers you manually add to your tracked jobs.
  • Community Contributions: Interview questions, salary information, and interview experiences you voluntarily share with the community.
  • Feedback: Ratings, comments, and suggestions you provide about the platform or generated content.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and time spent on the platform.
  • Device Information: Browser type, operating system, and device identifiers.
  • IP Address: Used for security, rate limiting, and approximate location (country/region level only).
  • Cookies: Session cookies for authentication and keeping you logged in. We also use analytics cookies to understand how the platform is used. We do not use advertising or tracking cookies.

2.3 Voice Recordings

When you use the interview practice feature, we temporarily record your voice via your device's microphone. Recordings are used to generate a text transcript and delivery analysis, and are temporarily available for your own playback review within the session. Audio files are automatically and permanently deleted within 24 hours of transcription. We retain only the text transcript and analytical scores.

You must explicitly grant microphone consent before any recording begins. Your microphone activates only when you press the record button.

2.4 Information from Third Parties

  • Your Institution: We may receive your institutional affiliation and email domain verification from partner colleges and universities.
  • Public Data Sources: We aggregate publicly available information about companies, job markets, and career outcomes from sources like O*NET, BLS, and public job postings.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Generate personalized interview preparation materials using AI based on your resume and target job.
  • Improve AI Quality: Analyze anonymized usage patterns and feedback to improve our AI models and recommendations.
  • Community Features: Display anonymized or attributed contributions to help other users prepare for interviews.
  • Institution Analytics: Provide aggregate, anonymized statistics to partner institutions about career outcomes and platform usage.
  • Security: Detect and prevent fraud, abuse, and unauthorized access.
  • Communication: Send service-related notifications, updates, and (with your consent) promotional materials.
  • Legal Compliance: Meet legal obligations and respond to lawful requests.

4. Third-Party Services and Data Sharing

We use the following third-party services to provide our platform. Your data may be processed by these providers in accordance with their privacy policies:

4.1 AI and Machine Learning

  • Language Model Providers: We use third-party AI services to generate interview prep content. Your resume text and job descriptions are sent to these providers' APIs. Our providers do not use API data for training their models and maintain zero-retention or minimal-retention policies.
  • Embedding Services: We use vector embedding services to enable semantic search functionality. These services process anonymized text snippets to create searchable representations of content.
  • Speech-to-Text Service: When you use the interview practice feature, your voice recording is transmitted to a third-party transcription service to generate a text transcript. The provider does not retain audio data beyond the transcription request.

4.2 Research and Data Enrichment

  • Company Research APIs: We use third-party services to gather publicly available information about employers. No personal data is shared with these services.
  • Interview Intelligence Services: We use search and aggregation services to gather interview-related information from public sources. No personal data is shared with these services.

4.3 Infrastructure

  • Database Provider: We use a cloud database service for data storage and authentication. All data is encrypted at rest and in transit. Data is stored in US regions.
  • Hosting Provider: We use a cloud hosting platform for web hosting and serverless functions that processes requests and serves the application.
  • Email Delivery Service: We use a third-party email delivery service to send transactional emails (account verification, password reset, notifications). Your email address is shared with this service solely for delivery purposes.
  • Error Monitoring Service: We use a third-party error monitoring service to capture application errors and maintain reliability. Error reports may incidentally include email addresses when present in error context.

4.4 We Do NOT Sell Your Data

Quarlo does not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share data with service providers who assist in operating our platform, and only to the extent necessary to provide the Service.

5. FERPA Compliance (For Educational Institutions)

When Quarlo provides services to colleges and universities, we act as a "school official" with a "legitimate educational interest" under the Family Educational Rights and Privacy Act (FERPA).

  • Direct Control: Your institution maintains control over student education records. We process data only as directed by the institution.
  • Limited Use: We use student data solely for the educational purposes specified in our agreement with your institution (interview preparation and career services).
  • No Re-disclosure: We do not disclose personally identifiable information from education records to other parties without consent, except as required by law.
  • Data Security: We implement appropriate technical and organizational measures to protect student records.
  • Data Retention: Student data is retained while the account is active. Upon account deletion or institutional offboarding, personal data is deleted or anonymized within 30 days.

For questions about FERPA compliance, contact your institution's registrar or email us at privacy@quarlo.co.

6. Your Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your Rights Include:

  • Right to Know: Request what personal information we collect, use, disclose, and sell about you.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out: We do not sell personal information, but you may opt out of any future sales.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Limit Use of Sensitive Information: Limit how we use sensitive personal information (we collect minimal sensitive data).

How to Exercise Your Rights

To exercise any of these rights, you may:

We will verify your identity before processing requests and respond within 45 days as required by law.

Do Not Track: We do not currently respond to Do Not Track browser signals.

Categories of Information We Collect

For CCPA disclosure purposes, we collect the following categories:

  • Identifiers (email, IP address)
  • Professional information (resume, work history)
  • Education information (institution, graduation status)
  • Internet activity (usage data, device information)
  • Inferences drawn from the above (career recommendations)
  • Sensitive personal information: audio recordings captured during the interview practice feature (deleted within 24 hours — see Section 12)

7. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Interview Preps: Retained for the life of your account, and deleted within 30 days of account closure. You may delete individual preps at any time.
  • Practice Recordings: Voice recordings are automatically deleted within 24 hours of creation. Text transcripts and practice analytics are retained as long as your account is active.
  • Community Contributions: Retained indefinitely unless you request removal. Anonymized contributions may be retained after account deletion.
  • Usage Logs: Retained for 90 days for security purposes, then anonymized or deleted.
  • Legal Hold: Data may be retained longer if required for legal proceedings or regulatory compliance.

8. Security Measures

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access Controls: Role-based access with least-privilege principles. Row-level security enforced at the database level.
  • Authentication: Secure password hashing, email verification, and session management.
  • Monitoring: Automated threat detection and audit logging for suspicious activity.
  • Vendor Security: Our primary infrastructure providers maintain SOC 2 Type II certification or equivalent. All providers are contractually bound to industry-standard security practices.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. Report security concerns to legal@quarlo.co.

9. Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours of discovery
  • We will notify your institution (if applicable) per our FERPA agreement
  • We will notify relevant regulatory authorities as required by law
  • We will provide details on the nature of the breach and recommended actions

10. Children's Privacy

Quarlo is designed for college students and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately at privacy@quarlo.co.

Users between 13 and 18 should review this policy with a parent or guardian.

11. International Data Transfers

Quarlo is based in the United States. If you access our Service from outside the US, your information will be transferred to, stored, and processed in the United States where our servers are located. While Quarlo is designed for use by students at U.S. institutions, we recognize that users may occasionally access the Service from abroad (e.g., study abroad programs).

For users in the European Economic Area (EEA), United Kingdom, or Switzerland:

  • Data transfers are conducted under Standard Contractual Clauses (SCCs) approved by the European Commission
  • You have additional rights under GDPR including data portability and the right to lodge a complaint with your local supervisory authority
  • Contact privacy@quarlo.co for GDPR-specific requests

12. Illinois Biometric Data (BIPA)

For students at Illinois institutions who use the interview practice feature, the following biometric data retention and destruction policy applies as required by the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.):

  • Data collected: Audio recordings captured during practice sessions that may constitute biometric identifiers under BIPA.
  • Purpose: Generating a speech-to-text transcript and delivery analysis. Recordings are also available for your playback review within the session.
  • Retention: Audio recordings are automatically and permanently deleted within 24 hours of transcription, after the playback window. Text transcripts and delivery scores are retained for the account lifetime.
  • Destruction: You may request immediate destruction of your biometric data at any time by contacting privacy@quarlo.co. We will confirm destruction in writing within three (3) business days.
  • No sale or trade: Quarlo will not sell, lease, trade, or profit from any biometric data. Audio is transmitted only to the designated speech-to-text provider listed in our Data Processing Agreement, which is contractually bound to the same destruction schedule.

Questions about biometric data? Contact privacy@quarlo.co.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new effective date
  • Sending an email notification for significant changes
  • Displaying a prominent notice in the application

Your continued use of Quarlo after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Quarlo Software LLC

Email: privacy@quarlo.co

For specific inquiries:

Related Documents