Privacy Policy
Last updated: February 24, 2025
This Privacy Policy explains how Stephane Moreau ("I", "me", "my"), operating Engineering Manager Tools (www.em-tools.io), collects, uses, shares, and protects your personal information when you visit or use the website and its services. By using Engineering Manager Tools, you agree to the practices described in this policy.
1. Information I Collect
1.1 Information You Provide Directly
- Account information: When you sign up, I collect your name and email address through the authentication provider (Clerk).
- Contact form submissions: Your name, email address, and message when you use the contact form.
- Interview prep data: Conversation transcripts, audio recordings, saved answers, and session feedback when you use the Interview Prep tool.
- Payment information: Billing details provided during checkout are collected and processed by Stripe. I do not store your full credit card number.
- Email address for downloads: When you request document downloads, I collect your email to send the download link.
- Newsletter subscription: Your email address when you subscribe to the newsletter via Substack.
- Uploaded images: Images you upload when using the image optimiser tool.
- Booking information: Name, email, and selected time when you book a coaching or consulting session through Cal.com.
1.2 Information Collected Automatically
- Usage data: Pages visited, features used, button clicks, and interactions with tools - collected via PostHog analytics (only with your consent).
- Performance data: Page load times and web performance metrics collected by Vercel Analytics and Vercel Speed Insights.
- Device information: Browser type, operating system, and screen resolution collected as part of analytics.
- Anonymous session tokens: If you use Interview Prep without an account, an anonymous token is assigned via a cookie to enable your free session.
2. How I Use Your Information
I use the information I collect to:
- Provide, operate, and improve the website and its tools.
- Process your interview practice sessions, including generating AI-powered responses and feedback.
- Process payments and manage your subscriptions.
- Send you transactional emails (e.g., welcome emails, session feedback, subscription confirmations).
- Respond to your contact form messages.
- Deliver document downloads you have requested.
- Analyse website usage to understand how visitors interact with the site and improve the experience.
- Detect and prevent abuse or misuse of the service.
3. Third-Party Services and Data Sharing
I do not sell your personal information. I share data with the following third-party service providers solely to operate and improve Engineering Manager Tools:
| Service | Purpose | Data Shared |
|---|---|---|
| OpenAI | AI-powered interview practice, feedback generation, speech-to-text, and text-to-speech | Conversation transcripts, audio recordings, text prompts |
| Clerk | User authentication and account management | Name, email address, sign-in activity |
| Supabase | Database hosting for user data and sessions | User profiles, interview sessions, saved answers, subscription status |
| Stripe | Payment processing and subscription management | Billing details, payment method, purchase history |
| Resend | Transactional email delivery | Email address, name, email content |
| PostHog | Website analytics (EU-hosted, consent required) | Page views, interactions, anonymised device info |
| Vercel | Website hosting, performance analytics, and speed insights | Performance metrics, page load data |
| Cloudinary | Image upload, processing, and storage | Uploaded images and metadata |
| Cal.com | Session scheduling and booking | Name, email, selected time slot |
| Substack | Newsletter delivery | Email address |
Each third-party service operates under its own privacy policy. I encourage you to review their policies for details on how they handle your data.
4. AI-Powered Features and Data Processing
Engineering Manager Tools uses OpenAI's API to power several features, including the Interview Prep tool and the AI response generator. When you use these features:
- Your conversation text and audio recordings are sent to OpenAI for processing.
- OpenAI may retain data for up to 30 days for abuse and safety monitoring, in accordance with their data usage policy.
- AI-generated feedback (including scores, strengths, and areas for improvement) is stored in the database and associated with your account.
- Anonymous users' session data is stored but is not linked to any personal identity.
5. Cookies and Local Storage
5.1 What Are Cookies?
Cookies are small data files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to the site owner.
5.2 Cookies I Use
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| cookie_consent | Functional | Stores your cookie consent preference | Persistent |
| ip_anon_token | Functional | Anonymous session identifier for interview practice (non-authenticated users only) | 7 days |
| ph_* | Analytics | PostHog analytics cookies for tracking sessions and interactions (only set with your consent) | Varies |
| __clerk_* | Authentication | Session and authentication tokens set by Clerk | Session / Persistent |
| __stripe_* | Payment | Fraud prevention cookies set by Stripe during checkout | Varies |
5.3 Local and Session Storage
I also use browser local storage to remember your cookie consent preference and session storage to track temporary UI state (e.g., whether you have dismissed the email subscription bar). This data stays on your device and is not transmitted to any server.
5.4 Managing Cookies
When you first visit the site, a cookie consent banner allows you to accept or decline analytics cookies. You can change your preference at any time by clearing your browser cookies and revisiting the site. Essential cookies (authentication, payment fraud prevention) cannot be disabled as they are necessary for the service to function. You can also manage cookies through your browser settings.
6. Data Retention
- Account data: Retained for as long as your account is active.
- Interview sessions and feedback: Retained for as long as your account is active so you can review past sessions and track your progress.
- Payment records: Retained as required by applicable tax and financial regulations.
- Contact form messages: Retained for as long as needed to respond to and resolve your enquiry.
- Analytics data: Retained in accordance with PostHog's and Vercel's data retention policies.
- Anonymous session data: Retained but not linked to any personal identity. Anonymous tokens expire after 7 days.
7. Data Security
I take reasonable measures to protect your personal information, including:
- All data is transmitted over HTTPS with TLS encryption.
- Sensitive API keys and secrets are stored server-side only and never exposed to the browser.
- Authentication is handled by Clerk with secure session management.
- Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider.
- Security headers are implemented (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) to protect against common web vulnerabilities.
- Uploaded images are automatically checked for inappropriate content.
While I strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. I cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data I hold about you.
- Correction: Request correction of inaccurate or incomplete personal data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Data portability: Request a copy of your data in a structured, machine-readable format.
- Objection: Object to the processing of your personal data for certain purposes.
- Withdraw consent: Withdraw your consent for analytics cookies at any time.
To exercise any of these rights, please contact me at stephane@em-tools.io. I will respond to your request within 30 days.
9. International Data Transfers
Your data may be processed in countries outside your country of residence. Some third-party services (e.g., OpenAI, Stripe, Vercel) are based in the United States. PostHog analytics data is processed on EU-hosted servers. Where data is transferred internationally, the relevant service providers maintain appropriate safeguards to protect your data.
10. Children's Privacy
Engineering Manager Tools is not intended for use by children under the age of 16. I do not knowingly collect personal information from children. If you believe a child has provided me with personal data, please contact me so I can take appropriate action.
11. Changes to This Privacy Policy
I may update this Privacy Policy from time to time to reflect changes in my practices, services, or legal requirements. The "Last updated" date at the top of this page indicates when the policy was last revised. I encourage you to review this policy periodically.
12. Contact
If you have any questions about this Privacy Policy or how your data is handled, please contact me at:
Stephane Moreau
Email: stephane@em-tools.io
Website: www.em-tools.io
