How does AI Career Mentor work?

You set up your practice session by entering your target role, experience level and interview type. AI Career Mentor generates tailored questions, plays them as natural audio, and scores your answers on content, clarity, structure, confidence and delivery. You receive feedback, a model answer and a 7-day improvement plan.

Does AI Career Mentor record my voice or camera?

Voice recording and camera access are only activated when you choose to enable them in a practice session. Voice transcripts are processed to generate feedback. Camera video is analysed locally in your browser and never sent to our servers.

Is AI Career Mentor free to use?

AI Career Mentor offers a free tier for interview practice. Paid plans provide additional coaching features and session limits. See the pricing page for current plan details.

Who is AI Career Mentor for?

AI Career Mentor is built for graduates entering the job market, career changers preparing for new roles, and experienced professionals facing leadership or senior interviews. It adapts questions to your role, level and interview type.

Can I delete my interview data?

Yes. You can delete individual sessions, all saved sessions, or your full candidate profile (including CV context and role details) from the profile page at any time.

Is AI Career Mentor better than a human interview coach?

AI Career Mentor gives you unlimited, on-demand practice at a fraction of the cost of a human coach. It scores answers objectively across multiple dimensions every time, without scheduling. For targeted feedback on specific areas, a human coach adds value — but for volume practice and delivery coaching, AI Career Mentor is purpose-built for it.

Do you offer a university or campus licence?

Yes. AI Career Mentor offers campus licences for universities and careers services, giving unlimited student access under a single annual fee. Contact universities@aicareermentor.co.uk to discuss pricing.

Security

Security & data protection

How we protect your data — from the moment you start a practice session to long after you’ve landed the job.

Security controls

Transport encryption

All traffic served over HTTPS with HSTS enforced (max-age 63072000, includeSubDomains, preload). TLS 1.2+ enforced at the CDN layer.

Data at rest

All database data encrypted at rest by Neon (AES-256). Clerk session tokens stored encrypted. No sensitive data stored in plain text.

Authentication

Managed by Clerk — industry-standard OAuth2/OIDC flows, brute-force protection, and session expiry. We never handle raw passwords.

Camera data

Camera video is processed entirely in your browser using MediaPipe. No video frames are sent to our servers. No video is stored.

Voice/audio

Voice transcripts are generated in-browser via the Web Speech API and sent for AI analysis only. Raw audio is never stored or transmitted.

Access controls *

Protected API routes require authenticated Clerk session tokens. Unauthenticated requests to protected endpoints return 401. Rate limiting applied to all AI endpoints.

Security headers

HSTS, X-Frame-Options (SAMEORIGIN), X-Content-Type-Options (nosniff), Referrer-Policy, Permissions-Policy (camera/microphone self-only), X-XSS-Protection enforced on all responses.

Dependency management

Dependencies reviewed regularly. Production build runs against locked package versions. Critical CVEs addressed as a priority.

* Two endpoints are intentionally public by design: /tools/star-scorer (free STAR answer scorer, IP-rate-limited to 5 requests per hour) and /api/assessment/[token] (assessment invites issued by hiring teams using single-use cryptographic tokens). Neither endpoint exposes personal candidate data.

Sub-processors

We use the following third-party services to operate the platform. Each is bound by a Data Processing Agreement where required under UK GDPR.

Processor	Purpose	Location
Clerk	Authentication and session management	US (EU data stored in EU region)
OpenAI	AI analysis of interview answers and transcripts	US
Neon	PostgreSQL database (candidate profiles, sessions)	EU (AWS eu-west-1)
Vercel	Hosting and edge delivery	Global CDN, origin EU/US
Resend	Transactional email (assessment invites)	US

Your rights under UK GDPR

You have the right to access, correct, export, and delete your data at any time. Most of these actions are available directly from your profile page. For requests we cannot fulfil automatically, contact us at privacy@aicareermentor.co.uk and we will respond within 30 days.

Responsible disclosure

If you discover a security vulnerability, please report it to security@aicareermentor.co.uk with a clear description and reproduction steps. We will acknowledge receipt within 48 hours and work to resolve critical issues as a priority. We ask that you do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them.

Need a DPA or security review?

Enterprise customers can request a Data Processing Agreement, our security questionnaire responses, or a compliance call with our team.

Contact enterprise team →