Start free interview → Sign up
Legal

Privacy Policy

Last updated: May 31, 2026  ·  Effective: May 31, 2026

This Privacy Policy explains how SystemDesign.so (“SystemDesign.so,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use systemdesign.so, app.systemdesign.so, and our related services (collectively, the “Service”). It also describes the choices you have about your information. By using the Service, you agree to the practices described here.

SystemDesign.so is operated by Westbridge Technologies, a sole proprietorship registered in India.

This Policy is incorporated into our Terms of Service. Capitalized terms not defined here have the meaning given in the Terms.

1. Summary

  • We collect what we need to run the Service: account details, billing information, what you type and draw in an interview, the audio of your spoken answers, and a transcript of those answers.
  • Your interview audio and transcripts are private to you. They are stored under your account and are accessible only to you and to the limited SystemDesign.so personnel and processors needed to operate, support, and secure the Service. We do not share them with other users, recruiters, or employers.
  • We do not sell your personal information, and we do not use the substance of your interview answers, transcripts, audio, diagrams, or notes to train foundation models for third parties.
  • You can access, export, correct, or delete your information at any time by writing to privacy@systemdesign.so.

2. Information We Collect

2.1 Information you provide

  • Account information: name, email address, password (stored as a salted hash), profile preferences, and any optional information you add to your profile.
  • Payment information: when you purchase a subscription or credits, our merchant of record collects and processes your payment details directly. We receive a transaction record (such as plan, amount, country, last four digits of the card, and tax identifiers), but we do not store your full payment card number on our servers.
  • Communications: support requests, survey responses, waitlist sign-ups, and other messages you send us.

2.2 Interview content

When you use the Service to run an interview session, we collect and store the materials that make the session work end-to-end:

  • Voice audio. If you choose to speak during a session, we record the audio of your spoken answers and store it under your account so we can play it back to you, generate per-answer citations, and produce your post-interview report.
  • Transcripts. We transcribe your speech to text (via a speech-to-text processor) and store the transcript alongside the audio, time-aligned to the corresponding segments.
  • Other session content: the question you are working on, the messages you type to the interviewer, the diagrams and drawings on the design canvas, the notes you take in the notepad, the scores and feedback generated by the AI interviewer, and the resulting analysis report.

Privacy of interview content. Your audio, transcripts, diagrams, notes, and session metadata are private to your account. Other end users of the Service cannot access your sessions, your audio, or your reports. Access on our side is limited to the small number of SystemDesign.so personnel and trusted sub-processors who need it to run, support, secure, bill for, or debug the Service, in each case under written confidentiality obligations and on a least-privilege basis. We do not sell or share your interview content for advertising, and we do not provide it to any third-party recruiter or employer.

2.3 Information collected automatically

  • Device and log data: IP address, browser type and version, operating system, device identifiers, referring page, pages viewed, buttons clicked, timestamps, and crash diagnostics.
  • Cookies and similar technologies: we use a small number of first-party cookies and local-storage entries to keep you signed in, remember your theme preference, prevent fraud, and measure how the Service is used. See Section 7 for details and how to control these.
  • Analytics: we use product analytics (currently PostHog) to understand which features users rely on. Analytics events are tied to your account identifier when you are signed in, and to a randomly generated anonymous identifier before you sign in.

2.4 Information from third parties

If you sign in through a third-party identity provider, we receive the profile fields you authorize that provider to share (typically your name and email). If you contact us through a third-party form provider (for example, the waitlist form), we receive what you submit through that form.

3. How We Use Information

We use information to:

  • provide the Service, including running interview sessions, transcribing your speech, generating responses and reports, storing your past sessions, and letting you replay your audio;
  • create, secure, and authenticate your account, prevent fraud and abuse, and enforce our Terms of Service;
  • process payments, manage subscriptions and credits, and send you transaction receipts;
  • send you service-related communications (for example, account, billing, security, and policy notices) and, where permitted, occasional product updates from which you may unsubscribe;
  • measure, monitor, and improve the Service, including evaluating model quality and reliability, fixing bugs, and prioritizing features;
  • comply with legal obligations, respond to lawful requests, and exercise or defend legal claims.

4. Legal Bases for Processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process personal data on the following legal bases: (i) performance of a contract with you, to provide the Service; (ii) our legitimate interests in operating, securing, and improving the Service, provided those interests are not overridden by your rights; (iii) consent, where we ask for it (for example, for certain cookies or optional communications); and (iv) compliance with law, where we are required to process data.

5. How We Share Information

We share personal information only as described below. We do not sell your personal information.

  • Service providers (sub-processors). We share the minimum information necessary with vendors that help us run the Service under written confidentiality and security obligations. Current categories include:
    • Cloud hosting and storage — Amazon Web Services (United States), where we store account data, interview content, audio, and transcripts.
    • Payments — a third-party merchant of record, for subscription and credit purchases, refunds, taxes, and invoices.
    • Speech-to-text — transcription providers (such as Deepgram) that convert your audio into text in near real time. Audio is transmitted for the sole purpose of transcription and is not used by the provider to train its models on terms incompatible with this Policy.
    • Large-language-model providers — AI model providers (such as Anthropic and OpenAI) that generate the interviewer’s responses and your analysis report from your inputs. We send these providers the content needed to produce a response (such as your transcript, diagram state, and the session context). We use providers that contractually agree not to train their general models on the content we send through their API.
    • Email delivery — providers that send transactional and security emails.
    • Product analytics and error monitoring — providers (such as PostHog) that help us understand product usage and diagnose errors.
    • Customer support tools — systems we use to triage and respond to your support requests.
  • Legal and safety. We may disclose information when we believe in good faith that disclosure is required by law, legal process, or government request, or is necessary to protect the rights, property, or safety of SystemDesign.so, our users, or others.
  • Business transfers. If SystemDesign.so is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in control of your personal information.
  • With your consent. We may share information for any other purpose with your consent or at your direction.

6. AI Training and Model Improvement

We do not use the substance of your individual interview content — your audio, transcripts, diagrams, or notes — to train foundation or large-language models for third parties. We may use aggregated, de-identified data that cannot reasonably be used to re-identify you to evaluate and improve the Service (for example, to measure how often a feature succeeds or to compare scoring versions). If we ever offer a feature that would use your identifiable content to train models, it will be opt-in and clearly labeled.

7. Cookies and Tracking

We use first-party cookies and similar technologies for the following purposes:

  • Strictly necessary: to keep you signed in, secure sessions, remember your theme preference (sd_theme), and prevent abuse.
  • Analytics: to measure feature usage and product performance.

We do not use third-party advertising cookies and we do not engage in cross-context behavioral advertising. You can control cookies through your browser settings; blocking strictly necessary cookies may break parts of the Service. We respect the “Global Privacy Control” (GPC) signal sent by your browser where required by applicable law.

8. Data Retention

We retain personal information for as long as your account is active and as needed to provide the Service. Specifically:

  • Account and billing records: for the life of your account and for up to seven (7) years after closure to meet tax, accounting, and legal obligations.
  • Interview audio, transcripts, and reports: retained under your account so you can revisit and replay past sessions. You may delete individual sessions, or your entire account, at any time. After you delete, we remove the content from active systems within 30 days, and from encrypted backups in the ordinary course (typically within 90 days).
  • Server logs and analytics: retained for a rolling window (typically up to 13 months) for security and product analysis, then deleted or de-identified.

We may retain information for longer if required by law or to resolve disputes, enforce our agreements, or protect against fraud and abuse.

9. Security

We use administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS), encryption at rest for stored audio and account data, least-privilege access controls, audit logging, multi-factor authentication on administrative systems, and routine vulnerability management. No system is perfectly secure; if we learn of a security incident affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

10. International Data Transfers

SystemDesign.so is operated from India. To run the Service, information you provide may be stored and processed in the United States and other countries where our service providers operate (for example, Amazon Web Services). These countries may have data-protection laws different from your own. Where required, we rely on lawful transfer mechanisms such as the European Commission’s Standard Contractual Clauses, and we apply supplementary safeguards as appropriate.

11. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights with respect to your personal information:

  • Access — request a copy of the information we hold about you.
  • Correction — ask us to fix inaccurate information.
  • Deletion — ask us to delete your information.
  • Portability — receive a machine-readable copy of the information you provided.
  • Objection or restriction — object to, or ask us to restrict, certain processing.
  • Withdrawal of consent — where processing is based on consent.
  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

To exercise any of these rights, write to privacy@systemdesign.so from the email address on your account, or use the in-product controls in your account settings. We will verify your identity before fulfilling the request and will respond within the time periods required by applicable law (typically within 30–45 days).

11.1 California residents (CCPA/CPRA)

If you are a California resident, you have the rights described above, including the rights to know, delete, correct, and to opt out of the “sale” or “sharing” of your personal information and the use of sensitive personal information for purposes beyond what is necessary to provide the Service. We do not sell or share personal information as those terms are defined under California law, and we do not use sensitive personal information for advertising or profiling. You may designate an authorized agent to submit requests on your behalf. The categories of personal information we collect and disclose are described in Sections 2 and 5; we collect and disclose these categories for the business purposes described in Section 3.

11.2 EEA, UK, and Swiss residents

If you are in the European Economic Area, the United Kingdom, or Switzerland, the data controller is Westbridge Technologies, the sole proprietorship that operates SystemDesign.so. You may lodge a complaint with your local supervisory authority, but we encourage you to contact us first at privacy@systemdesign.so so we can try to resolve your concern.

11.3 Other U.S. state residents

Residents of states with comprehensive privacy laws (such as Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and others) may have similar rights of access, correction, deletion, portability, and opt-out of targeted advertising or profiling. We do not engage in targeted advertising or selling of personal information. To exercise any rights, contact privacy@systemdesign.so.

12. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it. If you believe a child under 13 has provided us personal information, contact privacy@systemdesign.so.

13. Third-Party Links

The Service may link to third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy notices of any third-party site you visit.

14. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice (for example, by email or in-product notice) before the changes take effect. The “Last updated” date at the top of this Policy indicates when it was most recently revised. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact

For any privacy question, request, or complaint, contact us at:

SystemDesign.so — operated by Westbridge Technologies (India)
Email: privacy@systemdesign.so
Support: support@systemdesign.so