Start FREE
No credit card required
Privacy Policy — Sidecue

Privacy Policy

Sidecue — Chrome Extension & Web Dashboard

Effective: March 4, 2026

1 Who We Are

Sidecue is operated by MichaÅ‚ WÅ‚osik EFC, ul. PĂ³Å‚nocna 16/5, 54-105 WrocÅ‚aw, Poland (NIP: 8942747708). In this policy, "we", "us", and "our" refer to the operator. "You" and "your" refer to you, the user of the Sidecue browser extension and web dashboard (collectively, the "Service").

2 What Sidecue Does

Sidecue is a Chrome extension and companion web dashboard that provides real-time answer cues during conversations. When you start a session, the Extension captures audio from a browser tab and your microphone, transcribes it in real time, detects questions or talking points, and generates suggested responses displayed in a side panel or floating overlay.

The web dashboard allows you to manage your knowledge base (context text and uploaded files), review past session history, and manage your account. Knowledge base content syncs automatically between the dashboard and the Extension.

Audio is never recorded or stored on any server. Audio data is streamed to a third-party speech-to-text service for live transcription and is discarded immediately after processing.

3 Eligibility

Sidecue is intended for users aged 16 and older. By using the Service, you confirm that you are at least 16 years of age. We do not knowingly collect data from anyone under 16. If we learn that a user is under 16, we will promptly delete their account and associated data.

4 Data We Collect

4.1 Account Data

When you create an account, we collect:

  • Email address — used for authentication and account management.
  • Display name and profile photo — provided by Google if you sign in with Google OAuth; used for display purposes within the Service.
  • Authentication tokens — stored locally on your device and managed server-side via Supabase Auth to keep you signed in.

4.2 Knowledge Base Content

To personalise cue generation, you may provide:

  • Context text — free-text notes about your experience, skills, and the role you are interviewing for. This text is stored in our database and synced between your Extension and web dashboard.
  • Uploaded files — resumes, job descriptions, or notes in .txt, .md, .pdf, or .docx format. Files are uploaded to and stored in Supabase Storage under your user account. At the start of each session, files are temporarily transferred to Google's Gemini File API (see Section 6) to allow the AI to read their contents; these temporary copies expire automatically after 48 hours.

You control your knowledge base entirely. You can edit, delete, or clear it at any time from the Extension or web dashboard. Deleting a file removes it from our storage immediately.

4.3 Session Usage Data

When you start a session, our server records:

  • Session start and end timestamps — to calculate session duration.
  • Session duration — to meter usage against your plan's monthly quota.
  • Account tier (Free or Paid) — to enforce usage limits.

4.4 Session History

At the end of each session, the following content is saved to your account in our database:

  • Session title and platform — e.g. "Google Meet", derived from the captured tab title.
  • Conversation transcript — the full text transcript of the session, attributed to "You" and the other speaker.
  • Generated cues — the questions detected and the answer cues produced during the session.

Session history is visible to you in the web dashboard and is associated with your account. You may delete individual sessions or your entire account at any time.

4.5 Settings and Preferences

Your configuration choices (theme, language, response style, cue behaviour, speaker labels, etc.) are stored locally in the Extension's browser storage and are not transmitted to our servers.

4.6 Analytics

We use Google Analytics to collect anonymous, aggregated usage statistics such as page views and feature usage. Google Analytics may set cookies and collect information including your IP address, browser type, and interaction patterns. This data is processed by Google under its own privacy policy. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

5 How We Use Your Data

We use the data described above for the following purposes:

  • Provide the service — authenticate your account, manage sessions, enforce usage quotas, and sync your knowledge base across devices.
  • Generate real-time cues — relay the interviewer's transcribed speech and your knowledge base content to a large language model to produce answer suggestions. Prompts and responses are processed in real time via a server-side proxy and are not stored by us.
  • Transcribe audio — stream tab and microphone audio to a speech-to-text provider for live transcription. Audio is processed in real time and is not retained by us.
  • Session history — save your session transcript and generated cues so you can review them after the session.
  • Improve the product — analyse anonymous, aggregated usage patterns to understand how the Service is used and to guide development.
  • Customer support — respond to enquiries you send to our contact email.

6 Third-Party Services

Sidecue relies on the following third-party services to function:

Deepgram — Speech-to-Text
  • Tab audio and microphone audio are streamed via WebSocket to Deepgram's servers for real-time transcription.
  • Audio is processed on the fly and is not stored by Deepgram under our configuration.
  • Privacy policy: deepgram.com/privacy
Google Gemini — Cue Generation
  • The interviewer's recent transcribed speech and your knowledge base context text are sent to Google's Gemini API via our server-side proxy to generate answer cues.
  • If you have uploaded files, those files are temporarily uploaded to the Gemini File API at session start so the AI can read their contents. Temporary file copies on Google's servers expire automatically after 48 hours.
  • Prompts and responses are processed in real time. We do not log or store them on our servers.
  • Terms: ai.google.dev/terms
Supabase — Backend Infrastructure
  • Handles user authentication (email/password and Google OAuth).
  • Stores account data, session usage records, knowledge base content (context text and file metadata), uploaded files (via Supabase Storage), and session history (transcripts and cues).
  • Provides real-time sync of knowledge base changes between the Extension and the web dashboard.
  • Hosted in the EU West region.
  • Privacy policy: supabase.com/privacy
Google Analytics — Usage Analytics
Polar.sh — Payment Processing
  • If you subscribe to a paid plan, payment processing is handled by Polar.sh. We do not receive or store your payment card details.
  • Privacy policy: polar.sh/legal/privacy

7 Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

  • Third-party service providers — as described in Section 6, strictly to operate the Service's core functionality.
  • Legal obligations — if required by applicable law, regulation, or valid legal process.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

8 Data Retention

  • Account data — retained for as long as your account exists. If you delete your account, your data is removed within 30 days.
  • Knowledge base content and uploaded files — retained until you delete them or delete your account. You can remove individual files or clear your context text at any time from the Extension or web dashboard.
  • Session history (transcripts and cues) — retained until you delete the session or your account.
  • Session usage records — retained for billing and quota enforcement for the duration of your account.
  • Temporary Gemini file copies — automatically deleted by Google after 48 hours.
  • Audio — never stored on any server. Processed in real time and immediately discarded.
  • Settings and preferences — stored locally in the Extension's browser storage. Uninstalling the Extension removes all locally stored data.

9 Data Security

We implement the following measures to protect your data:

  • All communication between the Extension, dashboard, and our servers uses HTTPS/TLS encryption.
  • Audio streams to Deepgram use encrypted WebSocket (WSS) connections.
  • API keys for third-party services are stored server-side in environment variables and are never exposed in the Extension's client code.
  • Authentication tokens are securely managed via Supabase Auth with automatic refresh.
  • Uploaded files in Supabase Storage are accessible only to the authenticated user who uploaded them, enforced via row-level security policies.
  • The Supabase backend is hosted in the EU West region.

No system is perfectly secure. While we take reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet.

10 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your account and associated data.
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing of your data for certain purposes.
  • Restriction — request that we limit how we process your data.

To exercise any of these rights, contact us at contact@sidecue.app. We will respond within 30 days, or within the timeframe required by applicable law.

11 International Data Transfers

Our authentication and storage infrastructure is hosted in the EU (West region) via Supabase. However, third-party services including Deepgram and Google Gemini may process data in the United States or other regions. Uploaded files are temporarily transferred to Google's Gemini File API (hosted by Google) for AI processing at session start. By using the Service, you acknowledge that your data may be transferred to and processed in countries outside your country of residence, which may have different data protection standards.

12 Browser Permissions

The Extension requests the following Chrome permissions, each used for a specific purpose:

  • Tab capture — to capture audio from a browser tab containing your meeting or conversation.
  • Microphone — to capture your voice for speaker separation (distinguishing you from the other speaker).
  • Offscreen document — to process audio in the background without interfering with the visible browser interface.
  • Side panel — to display the cue cards, transcript, and settings interface.
  • Storage — to save your settings and authentication session locally.
  • Active tab and scripting — to inject the floating overlay onto the meeting tab when requested.

The Extension only captures audio when you explicitly start a session. No audio is captured in the background or without your action.

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" at the top of this document and, where feasible, notify you via the Extension or our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14 Contact

If you have questions or concerns about this Privacy Policy or your data, please contact us:

Michał Włosik EFC

ul. PĂ³Å‚nocna 16/5, 54-105 WrocÅ‚aw, Poland

Email: contact@sidecue.app

Web: www.sidecue.app

© 2026 Sidecue. All rights reserved. · sidecue.app

Real-time AI cues for every interview question.
Product