Legal Document

Privacy Policy

Last Updated: June 25, 2026

At hcalls, we value your privacy above all else. This Privacy Policy describes how we handle information in connection with our desktop client application, web services, and website.

1. Core Architecture: Local-First Privacy

Unlike traditional cloud-based systems, hcalls is designed with a strict **local-first privacy architecture**:

  • No Audio Logging: Conversation audio captured by our system-level loopback is processed in real time and is never stored, recorded, or uploaded to our servers.
  • Resume Context Parsing: Resumes you paste or upload are processed client-side and saved exclusively in secure browser cookies/local storage. We do not store your resumes on our database.
  • Stealth Integration: Our desktop client overlays run locally, generating zero visible window tags or system footprints on external video platforms (Zoom, Google Meet, Teams).

2. Data We Do Collect

To provide services and manage accounts, we collect minimal operational details:

  • Account Registration: Your name, email address, and hashed passwords when registering an account.
  • Credits & Usage: Timestamps of session start/stop events and remaining credit balances. We track credits consumed (1 credit = 1 minute of active copilot) to manage billing.

3. Third-Party Service Providers

We use enterprise-grade endpoints for audio transcription and response streaming:

  • Deepgram: Real-time streaming audio is transcribed using Deepgram API. Under our enterprise data processing addendum, zero voice data is retained or used for model training.
  • AI Model Hosts (Groq, Anthropic, OpenAI): Text prompts are dispatched anonymously to AI hosts. Under these agreements, 100% of data processed is excluded from AI model training and retained for a maximum of 30 days strictly for trust and safety audits before deletion.

4. Security Measures

All network communication between your device and our endpoints is encrypted using SSL (Secure Sockets Layer). Local data stored in browser environments is sandboxed and secure.

5. Chrome Extension Privacy

This section describes how the hcalls Chrome Extension ("Extension") handles information. It supplements the rest of this Privacy Policy and applies when you install and use the Extension from the Chrome Web Store.

What the Extension Does

The Extension helps you run live interview coaching sessions by:

  • Capturing audio from your active browser tab (e.g. Google Meet, Zoom, Microsoft Teams)
  • Capturing audio from your microphone
  • Pairing with the hcalls mobile companion app via QR code
  • Streaming captured audio in real time to hcalls servers for transcription and AI coaching

Capture only starts after you sign in, create or select a session, and explicitly begin a live session. The Extension does not capture audio in the background without your action.

Information We Collect Through the Extension

  • Account information: When you sign in through the Extension, we collect your email and password to authenticate your hcalls account. Your session token is stored locally in the Extension and synced with hcalls.com cookies so you remain signed in across the Extension and website.
  • Session information: When you create or select an interview session, we collect session details you provide, such as role, company name, language, and AI model preference.
  • Audio data: During an active session, the Extension captures:
    • Tab audio — audio from your active meeting tab (interviewer/other participants)
    • Microphone audio — audio from your microphone (candidate/you)
    This audio is processed locally in your browser, converted to a low-latency audio stream, and transmitted in real time to gateway.hcalls.com over encrypted WebSocket connections. Audio is used for live transcription and coaching and is not stored as a recording by hcalls after processing is complete.
  • Screen snapshots (on request only): If you or your paired mobile companion requests a screen capture during a session, the Extension may capture a single JPEG frame from the active meeting tab and send it to hcalls servers to support AI analysis. This occurs only when explicitly requested during an active session.
  • Device identifier: The Extension generates a random local device ID (extension_device_id) stored in Chrome local storage. This ID is used to associate your Extension with your paired mobile device during a session. It is not used for advertising or cross-site tracking.
  • Technical and usage data: We collect minimal operational data needed to run sessions, including: Session start and stop timestamps, connection status and heartbeat signals, and credit usage (1 credit = 1 minute of active copilot time). We do not use the Extension to collect browsing history, keystrokes, or data from tabs other than the active tab you are using for your interview session.

Information Stored Locally on Your Device

The Extension stores the following in Chrome local storage on your device:

  • Authentication token and basic user profile
  • Active session ID and session state
  • Extension device ID
  • Optional backend configuration (production users connect to hcalls.com by default)

When you sign out or stop a session, session-related data is cleared from local storage.

Cookies

The Extension uses the Chrome cookies API to read and write authentication cookies on hcalls.com (ctl_token and ctl_user) so your login state is shared between the Extension and the hcalls website. These cookies are removed when you sign out of the Extension.

Permissions We Request and Why

  • Tab capture: Capture audio (and video frames when requested) from your active meeting tab during a session.
  • Microphone: Capture your voice during a session.
  • Storage: Save login state and active session configuration locally.
  • Cookies: Keep you signed in to your hcalls account.
  • Active tab: Identify the meeting tab you are using when starting capture.
  • Host access (Meet, Zoom, Teams, hcalls.com): Support interview sessions on supported platforms and connect to hcalls services.

Third-Party Services

Audio and text processed through the Extension may be handled by the same third-party providers described elsewhere in this policy, including Deepgram (real-time speech transcription) and AI model providers (Groq, Anthropic, OpenAI) for coaching responses. Under our agreements, this data is not used for model training and is retained only for a limited period for trust and safety purposes. All communication between the Extension and hcalls servers is encrypted using TLS/WSS (Secure WebSockets).

Data Retention

  • Audio streams: Processed in real time during active sessions; not stored as recordings after processing.
  • Session metadata: Retained as needed for account management, billing/credits, and service operation.
  • Local Extension data: Cleared when you sign out or stop a session; persists only while you remain signed in.

Your Choices and Controls

You can control Extension data by declining microphone access, stopping a session (ends audio capture and streaming), signing out (clears local data and authentication cookies), or uninstalling the Extension.

6. Contact Information

If you have questions about this policy, data deletion requests, or our privacy architecture, please contact us at:

contact@hcalls.com