Use code COIN50 to get 50% off any token or subscription. Prayers ๐Ÿ™ for those laid off from Coinbase and other companies.

Privacy Policy

Last Updated: April 10, 2026

This page describes what data OnsiteToOffer collects, why we collect it, who can access it, and how we keep it safe. If you use the platform, these terms apply to you.

The Short Version

We collect what we need to run the product โ€” your account info, payment status, and practice data. We never sell your data. We never share it for marketing. Your practice code, drawings, and session transcripts are private to you. The only outside services that touch your data are the ones powering the platform itself (auth, payments, AI, hosting).

What We Store

Account basics

Your email, display name, and โ€” if you sign in with Google or GitHub โ€” the profile info those providers share (name, avatar). If you use email/password sign-up, your password is hashed by Supabase; we never see it in plaintext.

Purchase records

We keep track of your token balance, subscription status, and Stripe transaction IDs. Your card number, CVV, and billing address live entirely within Stripe โ€” we do not receive or store them.

Session data

Secure cookies hold session tokens so you stay logged in. We also store basic metadata like token expiry times to manage authentication.

Practice and usage data

Everything you produce while practicing โ€” code, system design diagrams, AI conversation logs, evaluation scores โ€” is saved under your account so you can review it later. Forum posts and bug reports you submit are also stored. Your practice content is private to you; we don't read it, publish it, or feed it into anything outside your own sessions.

Why We Use It

In brief: to make the product work and to keep it running smoothly.

  • Letting you log in and keeping your session alive
  • Processing purchases and tracking token balances
  • Running AI interview sessions and generating feedback
  • Saving your practice history so you can revisit it
  • Identifying bugs, preventing abuse, and improving performance

Who Else Touches Your Data

Nobody buys, rents, or receives your personal information for their own purposes. The following services process limited data strictly to deliver the features you use:

  • Supabase โ€” handles authentication and hosts the database
  • Stripe โ€” processes payments
  • OpenAI โ€” powers the AI interviewer and evaluation engine
  • Vercel โ€” hosts the web application

Each provider receives only the minimum data required for its role (e.g., Stripe gets payment info, OpenAI gets conversation text). None of them use your data for their own marketing or model training beyond what their own published policies describe.

Cookies and Browser Storage

We use a small number of cookies for authentication โ€” they keep you logged in as you navigate. We also use your browser's local storage to auto-save code and drawings so you don't lose work, and to remember preferences like your chosen programming language. There are no third-party tracking or advertising cookies.

How We Protect It

All traffic is encrypted with TLS. Authentication relies on OAuth 2.0 and bcrypt-hashed passwords. Access to production data is tightly restricted. Infrastructure is hosted on Vercel and Supabase, both of which maintain their own security certifications.

That said, no system is perfectly secure. We take reasonable precautions, but we can't make absolute guarantees.

How Long We Keep It

Your data stays as long as your account is active. If you ask us to delete your account, we'll remove or anonymize your personal data โ€” with the exception of financial records we're legally required to retain (e.g., for tax purposes).

Your Rights

Depending on where you live, you may be entitled to access, correct, delete, or restrict processing of your personal data. If you want to exercise any of these rights, reach out through the feedback form in the footer. We aim to respond within 30 days.

For California residents (CCPA)

You can ask what data we hold, request deletion, and opt out of any sale โ€” though we don't sell personal data in the first place.

For EEA/UK residents (GDPR)

We process data under contractual necessity and legitimate interest. Your data may be transferred to the United States where our infrastructure runs. You may lodge a complaint with your local data protection authority if you believe we've mishandled your information.

Age Requirement

OnsiteToOffer is designed for adults preparing for professional interviews. You must be at least 18 to create an account. We do not knowingly collect data from anyone under 18.

A Note on the Questions

The interview questions on this platform are contributed by users based on their own experiences. OnsiteToOffer has no relationship with any of the companies referenced. Company names appear only to identify the reported source of each question โ€” not to imply endorsement or partnership.

Policy Changes

If we update this policy, we'll change the date at the top. For significant changes, we'll make a reasonable effort to let you know. Using the platform after an update means you accept the new version.

Questions?

Use the feedback form at the bottom of any page if something here is unclear or if you need help with a data request.

By using OnsiteToOffer, you confirm that you've read and understood this policy.