Privacy & Security at Peatch AI
Your interview data deserves the highest level of protection. We've built Peatch AI with enterprise-grade security from the ground up.
Our Security Philosophy
At Peatch AI, we believe that trust is earned through transparency and robust technical measures. We handle sensitive career data—resumes, interview transcripts, voice recordings, and feedback—and we take that responsibility seriously.
Our security architecture follows the principle of defense in depth: multiple layers of protection ensure that even if one layer is compromised, your data remains safe.
Field-Level Encryption at Rest
We don't just encrypt your database—we encrypt individual sensitive fields using AES-256-GCM, the same encryption standard used by banks and government agencies.
What We Encrypt
- Resume Content: The full text of your uploaded resumes is encrypted with a unique key derived for each candidate.
- Interview Transcripts: Every message in your mock interviews is encrypted with session-specific keys.
- Voice Recordings: Audio data from your practice sessions is encrypted before storage.
- AI Feedback: Personalized feedback and performance analysis is encrypted per session.
How It Works
We use HKDF (HMAC-based Key Derivation Function) to generate unique encryption keys for each piece of data. This means:
- Each interview session has its own encryption key
- Each candidate's resume has a unique key
- Compromising one key doesn't expose other data
- Keys are derived from a master secret using cryptographic best practices
Technical Details
Our encryption uses:
- Algorithm: AES-256-GCM (Galois/Counter Mode)
- Key Derivation: HKDF with SHA-256
- Nonce: 12-byte random nonce per encryption operation
- Authentication: Built-in authentication tag prevents tampering
Email Pseudonymization
To protect your identity even in our operational systems, we use SHA-256 pseudonymization for email addresses.
How It Works
When you sign up, we generate a one-way hash (pseudonym) of your email address. This pseudonym:
- Cannot be reversed to reveal your actual email
- Allows us to identify returning users without storing plaintext emails in logs
- Enables analytics and debugging without exposing PII
- Is consistent—the same email always produces the same pseudonym
Your actual email is only stored in secure, encrypted user records and is never logged or transmitted to third-party analytics services.
Strict Access Control
We enforce rigorous access controls to ensure only authorized users can view sensitive data.
Session Ownership Verification
- Candidates can only access their own interview sessions
- Hiring Managers can only view sessions from candidates they've invited
- Share Tokens provide time-limited, scoped access for specific sessions
Role-Based Permissions
Every API endpoint verifies user identity and role before returning data. Cross-user data access is technically impossible—not just policy-prohibited.
Rate Limiting & Abuse Prevention
We implement endpoint-specific rate limiting to prevent abuse and protect against brute-force attacks.
Protected Endpoints
| Endpoint | Limit | Purpose |
|---|---|---|
| Password Reset | 3 requests/hour | Prevents email flooding |
| Magic Link Login | 5 requests/hour | Prevents account enumeration |
| Share Token Validation | 10 requests/minute | Prevents token guessing |
| Interview Conversation | 60 requests/minute | Fair usage enforcement |
| Resume Upload | 10 requests/hour | Prevents storage abuse |
| Account Creation | 5 requests/hour | Prevents spam signups |
Implementation
Our rate limiter uses a fixed-window algorithm with proper HTTP headers:
X-RateLimit-Limit: Maximum requests allowedX-RateLimit-Remaining: Requests remaining in windowX-RateLimit-Reset: When the limit resets (Unix timestamp)Retry-After: Seconds until retry is allowed (when limited)
Comprehensive Audit Logging
Every access to sensitive data is logged for security monitoring and compliance.
What We Log
- Who accessed the data (user ID and type)
- What was accessed (resource type and ID)
- Which fields were retrieved
- When the access occurred (timestamp)
- Request metadata (anonymized IP, request ID)
What We Don't Log
- The actual content of encrypted fields
- Plaintext email addresses (pseudonyms only)
- Full IP addresses (truncated for privacy)
Privacy-Preserving Analytics
We use PostHog for product analytics, but with strict privacy controls.
Our Configuration
- Memory-only persistence: No analytics data stored in localStorage or cookies
- Property denylist: Fields like email, name, phone, resume, password, and API keys are automatically excluded from all events
- No cross-session tracking: Each session is independent
Blocked Properties
The following properties are never sent to analytics:
- email, name, phone
- resume, password, token
- api_key, credit_card, ssn
- address, candidate_name, candidate_email
- hiring_manager_email
Data Retention Policies
We only keep your data as long as necessary, and we're transparent about our retention periods.
Retention Periods
| Data Type | Retention | Action |
|---|---|---|
| Interview Audio | 90 days | Permanently deleted |
| Resume Content | 1 year | Anonymized |
| Password Reset Tokens | 1 day | Permanently deleted |
| Session Transcripts | Account lifetime | Deleted on account deletion |
GDPR-Ready Architecture
We've built our platform with GDPR compliance in mind, ready for EU expansion.
Your Rights
- Right to Access: Export all your data in a machine-readable format
- Right to Rectification: Update or correct your personal information
- Right to Erasure: Request complete deletion of your account and data
- Right to Portability: Download your data to take elsewhere
Data Minimization
We only collect data necessary for providing our service:
- Email address for account management
- Resume content for interview personalization
- Interview recordings for playback and feedback
- Usage data for service improvement (anonymized)
Infrastructure Security
Our infrastructure is designed with security as a first principle.
Deployment
- Platform: Fly.io with isolated containers
- Database: Managed PostgreSQL with automatic backups
- TLS: All connections encrypted in transit (TLS 1.3)
- Secrets: Environment variables stored in secure vault
Startup Validation
Our application validates security configuration on every startup:
- Encryption key length and format verification
- Required secret presence checks
- Database connection security validation
Third-Party Services
We carefully select partners who share our commitment to security.
Service Providers
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude) | AI interviews & feedback | Interview context (encrypted in transit) |
| Deepgram | Speech-to-text | Audio streams (not stored) |
| ElevenLabs | Text-to-speech | AI responses only |
| Resend | Transactional email | Email address only |
| PostHog | Product analytics | Anonymized usage data |
Security Reporting
We take security vulnerabilities seriously and appreciate responsible disclosure.
Report a Vulnerability
If you discover a security issue, please email us at security@peatch.ai. We commit to:
- Acknowledging your report within 48 hours
- Providing regular updates on our investigation
- Crediting you (if desired) when the issue is resolved
- Not pursuing legal action for good-faith security research
Questions?
If you have questions about our privacy practices or security measures, contact us:
- Email: privacy@peatch.ai
- Security issues: security@peatch.ai
Last updated: February 2026