Konfidence AI
Konfidence AI
Privacy Policy

Privacy Policy

Last updated: 18 May 2026 Applies to: Konfidence AI web app and website (the "Service")

Konfidence AI is operated by Innovationera Pty Ltd ("Konfidence", "we", "us", "our"). This Privacy Policy explains how we collect, use, share, and protect information when you use the Service.

If you do not agree with this Privacy Policy, do not use the Service.

1) Plain-English summary

  • We collect account info, practice session transcripts, and derived coaching metrics so we can generate feedback and show your progress.
  • We do not store raw audio or video recordings in production on our servers. Your browser may access your microphone/camera locally during a session, and audio may be sent to transcription providers so we can create text transcripts.
  • If you opt to use your camera, body language and facial expression detection runs locally on your device (MediaPipe in your browser). Only derived numeric scores are sent to our servers — never your camera feed or photos of your face.
  • We use Google Analytics only with your consent (when enabled).
  • When you sign up, we add you to occasional product updates by email. You can unsubscribe any time.
  • We use trusted processors (e.g., Firebase/Google Cloud, Stripe, Resend for email, and AI providers such as OpenAI) to operate the Service.
  • We do not use your individually identifiable practice content to train third-party foundation models, and we do not sell your personal information. See section 8.
  • If you join via a school or educator invite link, that educator can see your practice activity (session counts, streak, last active). They cannot see transcripts, audio, AI feedback content, or your individual dimension scores. See section 4.
  • We monitor usage (session counts, durations, cost-related metadata) to enforce fair-use limits and detect abuse. See section 5.
  • You can request account and data deletion in the app (Profile → Delete account) or by emailing info@konfidence.ai.

2) Information we collect

A. Account information

  • Email address and sign-in identifiers (for authentication and account management).
  • Terms acceptance record: timestamp and version of the Terms you accepted, stored when you first complete sign-in.
  • Preferences you choose to provide (e.g., coaching preference or profile settings).

B. Practice session information (core feature)

  • Scenario inputs you provide (e.g., prompts, context, goals).
  • Text transcripts of your responses (including transcripts generated from your audio).
  • Derived metrics and coaching signals generated from transcripts and other lightweight session signals (e.g., timing/pacing measures).
  • Coaching outputs generated for you (scores, summaries, recommendations, drills).

C. Body language and expression metrics (camera, optional)

If you opt to enable your camera during a session:

  • Face landmark and pose detection runs locally in your browser using MediaPipe — your camera feed never leaves your device.
  • Only derived numeric scores (for example, posture stability, gesture frequency, expression engagement, eye-contact estimate) are computed from those signals and saved as part of your session metrics.
  • We do not store images, photos, or video frames of you. We do not run face recognition or identification — we only compute coaching-relevant motion/expression scores.

D. Technical, device, and usage information

  • IP address, device/browser type, operating system, language, and app version.
  • Reliability/diagnostic data (e.g., error logs and performance telemetry).
  • Usage metadata for fair-use and cost-protection purposes: count of sessions, session timestamps, recording durations, token counts on AI calls, and STT minute counts. Lawful basis: legitimate interest (operating the Service, preventing abuse, managing infrastructure cost).

E. Billing information (Stripe)

  • Subscription state (e.g., active, trialing, past_due, canceled) and billing metadata necessary to provide access.
  • Partner discount or campaign-code metadata needed to validate eligibility, apply discounts, prevent abuse, and track redemptions (for example, discount code, campaign, institution/domain, redemption status, and related Stripe checkout/subscription references).
  • We do not store full payment card details. Payments are processed by Stripe.

F. Cookies and local storage

We may use cookies and local storage for:

  • Authentication/session (essential)
  • Consent (e.g., remembering your analytics choice)
  • Analytics (non-essential, only after consent when enabled)

3) Audio/video storage policy (important)

In production, we do not store raw audio or video recordings on our servers. Your browser may temporarily access your microphone/camera locally to enable recording, transcription, and feedback generation.

  • Audio: a short audio clip of your spoken answer may be transmitted to an AI transcription provider (for example, OpenAI Whisper) so we can produce a text transcript. Once the transcript is created, the audio file is deleted from our servers and only the text transcript and derived metrics are retained. AI-provider retention of API data: OpenAI states that API request data is retained for up to 30 days for abuse monitoring and then deleted; OpenAI does not use API data to train its models by default.
  • Camera video: the camera feed is processed only in your browser for body-language and expression analysis (see § 2.C). The feed is never uploaded to our servers.

We may store text transcripts and derived metrics created from your session, as described above.

4) Organisations and educators (schools, career services, teachers)

Konfidence offers an "educator" account type for teachers, schools, and career services. If you (a student) join via an educator's invite link or enrolment code, the following also applies:

What your educator can see

  • Number of practice sessions completed
  • Current streak and last-active date
  • At-risk status (if you haven't practised in a long period)
  • Your account email (so they can identify you in the list)
  • Session timestamps and session duration

What your educator cannot see

  • Transcripts of what you said
  • Audio recordings (which we never retain anyway)
  • AI feedback content (coach summary, recommendations, narrative paragraphs)
  • Per-dimension scores (Structure, Clarity, Vocal delivery, Presence, Audience engagement)
  • Any free-text content you generated during the session

This visibility split is enforced at the API layer: the teacher endpoints select only the metadata fields above and do not return transcript, audio, or analysis content.

Organisation account record

  • Your account is linked to the organisation via an enrolment record. This record contains: your account email, the date you joined, the class you're in (if any), and your enrolment status.
  • If you joined an organisation as a minor (under 18) the educator is responsible for collecting any required parental/guardian consent before adding you. We track a parental consent flag on the enrolment record where required by local law.
  • If your educator's licence ends or is cancelled, your account stays — but you lose the free-access benefit that the licence provided. You can keep using your own account (subject to free-trial limits or your own subscription).
  • You can leave an organisation at any time by contacting your educator or by emailing info@konfidence.ai. Leaving removes your enrolment record. Your practice history (transcripts and scores) stays on your personal account.
  • Educators agree to use the activity reports only for legitimate coaching and pastoral purposes related to your course of study.

Educators do not sign a separate Terms of Service — the same Terms govern all use of the Service.

5) How we use information

We use information to:

  • Provide the Service (transcripts, feedback, progress views). Lawful basis: contract.
  • Operate, secure, and maintain the Service (fraud/abuse prevention, reliability, debugging, fair-use enforcement, cost-protection monitoring). Lawful basis: legitimate interest.
  • Improve Konfidence features and quality using aggregate, anonymised insights, testing, evaluation quality, prompt improvements, and safety/reliability improvements (see § 8 on AI training). Lawful basis: legitimate interest.
  • Communicate with you (support responses, account and billing notices, important changes). Lawful basis: contract / legitimate interest.
  • Send occasional product updates by email if you have not unsubscribed (see § 6). Lawful basis: legitimate interest, with opt-out available.
  • Send practice-reminder emails if you have enabled streak nudges in your profile. Lawful basis: consent.

6) Email communications and newsletter

When you sign up, we add your email to our product-updates list ("subscribed" status by default). Product-update emails are infrequent and focused on new features, content, and important Service changes. You can unsubscribe at any time via:

  • The unsubscribe link in any product email, or
  • Your profile settings, or
  • Emailing info@konfidence.ai

We will always send essential account, billing, and policy-update emails regardless of newsletter status, because they are required to operate your account.

Practice-reminder ("streak nudge") emails are opt-in: they are only sent if you turn them on in Profile → Practice reminders. You can turn them off at any time in the same place.

7) Google Analytics (consent-based)

If enabled, we use Google Analytics to understand aggregated usage and improve the Service.

  • We ask for your consent before loading non-essential analytics scripts/cookies (where required by law).
  • If you decline, analytics won't load.
  • If analytics is not configured, no analytics banner is shown.

8) AI training and aggregated insights

We do not use your individually identifiable practice content to train third-party foundation models, and we will not do so without your express opt-in consent. This applies to your transcripts, audio recordings, AI-generated feedback, and any free-text inputs you provide.

We may use aggregated, anonymised, non-identifying data to improve the Service. This includes:

  • Aggregate dimension-score trends (e.g., "median Structure score across 1,000 sessions")
  • Aggregate behaviour patterns (e.g., "average time to first session")
  • Evaluation quality measurements that compare AI outputs without exposing individual transcript content

Aggregated insights are produced in such a way that no individual user or session can be re-identified. We may publish or share these insights for research, marketing, or industry reporting purposes.

OpenAI API data handling: As noted in § 3, OpenAI states that API request data is retained for up to 30 days for abuse monitoring and then deleted, and OpenAI does not use API data to train its models by default. You can find OpenAI's API data policy at openai.com.

9) Sharing and service providers

We share information with service providers ("processors") that help us run the Service, including:

  • Google Firebase / Google Cloud (authentication, file storage, infrastructure)
  • Stripe (payments and subscription management)
  • OpenAI for:
    • Speech-to-text (Whisper) — your session audio is sent to be transcribed, then deleted from our servers
    • Text-to-speech (tts-1) — for interview practice, the AI-generated question text is sent so we can play it back to you as voice
    • Language model — your session transcripts and setup context are sent to generate coaching feedback, next-question prompts, and summaries
  • Resend (email delivery) — for product updates, streak reminders, and account/billing notices
  • MediaPipe (Google) — face/pose detection model runs locally in your browser; nothing is sent to MediaPipe servers

Our service providers are bound by their own privacy and security obligations. They process data only on our instructions and for the purposes described.

We may also share information if required by law, in response to a valid legal process, or to protect our rights, users, or the security and availability of the Service.

We do not sell your personal information.

10) Data retention

We retain account and practice data while your account is active and as needed to provide the Service. Retention may also be required for:

  • security and abuse prevention
  • legal, tax, and accounting obligations
  • safeguarding obligations under the UK Online Safety Act and the Australian Online Safety Act (for example, reports of harm submitted via /support/report may be retained for the period required by those laws)

When you delete your account, we delete or de-identify stored transcripts and derived results associated with your account, except where limited retention is required by law.

11) Delete account / delete data

You can delete your account:

Deletion removes your account, profile, entitlement, sessions, transcripts, derived metrics, body-language scores, org enrolment records, and credit-usage history. Limited retention is required by law for billing transaction records (held by Stripe under their retention policy) and may be retained for anti-fraud purposes (hashed payment fingerprints) and safeguarding records.

If you delete an educator account that owns a class, please first transfer ownership or invite a co-owner — otherwise enrolled students will lose access to the class.

12) Age requirement and young users (16+)

The Service is intended for users aged 16 and over. We ask you to confirm your age at sign-up.

We do not knowingly collect personal information from anyone under 16. If you believe a person under 16 has used the Service, please contact info@konfidence.ai and we will take steps to delete the data.

Users aged 16–17 are still considered children under the UK Online Safety Act and the Australian Online Safety Act. We apply additional safeguards to all under-18 users:

  • Safety filters on AI-generated content and on transcripts where signs of crisis or distress appear
  • Crisis-resource signposting — see our Get help now page
  • Easy complaint mechanism — see our Report a concern page
  • No targeted advertising — we don't run ad networks against your activity
  • Faster audio deletion — audio is deleted from our servers as soon as the transcript is generated, regardless of user age, and this applies equally to under-18 users

If you joined Konfidence via a school or educator invite, your educator is responsible for ensuring the students they invite meet our 16+ age requirement and for obtaining any parental consent required by local law.

13) International users and transfers

We operate globally. Your information may be processed in countries other than where you live, including Australia and the United States. We take steps designed to protect information consistent with applicable law.

If you are in the UK or EU, the legal basis for international transfers (where required) is one of the following: standard contractual clauses, an adequacy decision, or your explicit consent. Contact info@konfidence.ai for transfer mechanism specifics.

14) Security

We use safeguards designed to protect information, including encryption in transit (HTTPS) and access controls. No system is 100% secure, and we cannot guarantee absolute security against all threats.

If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify you and any applicable supervisory authority in line with applicable law.

15) Your rights

Depending on where you live, you may have rights to:

  • access your information
  • correct inaccurate information
  • delete your information ("right to erasure" / "right to be forgotten")
  • port a copy of your information to another service
  • object to or restrict certain processing
  • withdraw consent where processing is based on consent
  • lodge a complaint with a supervisory authority

To exercise rights, contact info@konfidence.ai. We aim to respond to verified requests within 30 days. We may ask for additional information to verify your identity before acting on a request.

Supervisory authorities you may contact:

  • United Kingdom: Information Commissioner's Office (ICO), ico.org.uk
  • Australia: Office of the Australian Information Commissioner (OAIC), oaic.gov.au
  • European Union: your local Data Protection Authority

16) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post updates here and revise the effective date. For material changes, we will provide reasonable additional notice where practicable.

17) Contact

Privacy questions or requests: info@konfidence.ai Company: Innovationera Pty Ltd (Australia)

Terms of ServiceMobile appMobile privacy policy
We use cookies for analytics (Google Analytics) to improve Konfidence AI. Privacy Policy.