Privacy Policy
Effective: June 11, 2026 · Last updated: June 11, 2026
Your privacy is important to us. This Privacy Policy explains how ProductMicrobe BV(“we”, “us”, “our”) — Adolf Baeyensstraat 109, 9040 Sint-Amandsberg, Belgium (VAT BE0729995472) — collects, uses, and protects personal information in connection with the Deliberate Play platform (“Service”) at app.deliberate-play.com.
We comply with the General Data Protection Regulation (GDPR) and applicable Belgian law. If you follow a link to a third-party site, their privacy policy applies, not this one.
Information We Collect
Voluntarily provided
Information you knowingly give us when you sign up, contact us, or use the Service:
- Name, email address
- Phone / mobile number (if provided)
- Payment details — collected and stored by Paddle (our Merchant of Record); we receive only a transaction reference, not your full payment credentials
Automatically collected
Information your browser or device sends when you access the Service:
- IP address, browser type and version
- Pages visited, time on page, referring URL
- Device type and operating system
- Approximate geo-location
Voice session data
When you run a practice interview session the Service:
- Streams your microphone audio in real time to Deepgram for speech-to-text transcription. Audio is not stored by us; transcripts are stored in your account.
- Sends transcript text to Anthropic to generate AI responses.
- Synthesises AI responses to speech via Cartesia.
Why We Collect It
We collect and use personal information to:
- provide and operate the Service’s core features (accounts, sessions, scoring);
- contact and communicate with you about your account;
- process payments and manage credits;
- improve the Service through product analytics;
- comply with legal obligations and resolve disputes.
We do not use your data for unrelated purposes without additional consent.
Sub-processors and Third Parties
We disclose personal information to the following trusted service providers strictly to deliver the Service. International transfers (EEA → USA) are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
| Provider | Purpose | Region |
|---|---|---|
| Supabase (Supabase Inc.) | Authentication, database, storage | USA (SCC) |
| Vercel (Vercel Inc.) | Hosting and edge delivery | USA / EU (SCC) |
| LiveKit (LiveKit Inc.) | Real-time audio transport | USA (SCC) |
| Deepgram (Deepgram Inc.) | Speech-to-text transcription | USA (SCC) |
| Cartesia (Cartesia AI Inc.) | Text-to-speech synthesis | USA (SCC) |
| Anthropic (Anthropic PBC) | LLM responses during sessions | USA (SCC) |
| PostHog (PostHog Inc.) | Product analytics | EU |
| Paddle (Paddle.com Market Ltd) | Payments / Merchant of Record | UK / EU |
Paddle acts as an independent data controller for payment data they collect. We may also disclose information to courts, regulators, or law enforcement as required by law, or to a successor entity in a business transfer. We do not sell personal information to third parties.
How Long We Keep Your Data
We retain your data for as long as your account is active and as necessary to fulfil the purposes above. If you close your account, we delete or anonymise your data within 90 days unless we are required to retain it for legal or compliance purposes (e.g. VAT records for 7 years under Belgian law).
Security
We protect personal information using commercially reasonable technical and organisational measures (encryption in transit and at rest, access controls, audit logging). No method of electronic transmission or storage is 100% secure; we cannot guarantee absolute security.
Children
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13.
Your GDPR Rights
As a resident of the EEA you have the right to:
- Access— request a copy of the personal information we hold about you;
- Rectification— ask us to correct inaccurate or incomplete data;
- Erasure(“right to be forgotten”) — ask us to delete your data, subject to legal retention obligations;
- Restriction— ask us to pause processing in certain circumstances;
- Portability— receive your data in a machine-readable format;
- Objection— object to processing based on legitimate interests;
- Withdrawal of consent— where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any right, contact us at info@productmicrobe.com. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit): dataprotectionauthority.be.
Legal Bases for Processing
| Processing activity | Legal basis |
|---|---|
| Creating and managing your account | Contract (Art. 6(1)(b) GDPR) |
| Processing payments | Contract (Art. 6(1)(b) GDPR) |
| Delivering voice sessions (Deepgram, Anthropic, Cartesia) | Contract (Art. 6(1)(b) GDPR) |
| Product analytics (PostHog) | Legitimate interest (Art. 6(1)(f) GDPR) |
| Legal compliance and record-keeping | Legal obligation (Art. 6(1)(c) GDPR) |
Data Controller
ProductMicrobe BV · Adolf Baeyensstraat 109, 9040 Sint-Amandsberg · Belgium
info@productmicrobe.com· +32 486 965 980
Cookies
We use cookies and similar technologies to operate the Service and collect analytics data. Strictly necessary cookies (session authentication) cannot be opted out of. Analytics cookies (PostHog) may be controlled via your browser settings.
Changes to This Policy
We may update this policy to reflect changes in our practices or applicable law. We will post changes at this URL. If a change materially affects how we use your personal information, we will notify you by email or in-app notice before the change takes effect.
Contact
ProductMicrobe BV · Adolf Baeyensstraat 109, 9040 Sint-Amandsberg · Belgium
info@productmicrobe.com· +32 486 965 980