CandidAI

Privacy Policy

Effective date: April 7, 2026

CandidAI ("we", "us") is committed to protecting your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable US state privacy laws.

1. Information We Collect

  • Account data: name, email address, profile details you provide;
  • Submitted content: resumes and job descriptions you upload;
  • Usage data: feature usage, credit consumption, timestamps;
  • Payment data: billing processed by Stripe — we do not store card numbers.

2. Why We Collect It

  • To authenticate you and maintain your account;
  • To provide AI-powered analysis and matching features;
  • To process payments and manage credits;
  • To improve service reliability (aggregate, non-identifiable analytics).

3. Third-Party Processors

Your data may be processed by:

  • OpenAI — AI analysis (content is not used to train OpenAI models under our enterprise agreement);
  • Google — authentication via Google OAuth;
  • Stripe — payment processing;
  • Neon / Vercel — database and hosting infrastructure.

Each processor is bound by their own privacy policies. We do not sell your personal information to any third party.

4. Privacy Modes

When submitting resumes, you may choose Standard Privacy (name and contact stored in an encrypted vault) or Max Privacy (no PII stored on our servers). Max Privacy provides the highest level of protection for candidate identity.

5. Data Retention

We retain your data for as long as your account is active, or as needed to provide the Service. You may request deletion at any time. Following deletion, residual copies in backups are purged within 90 days.

6. Your Rights

Under PIPEDA and applicable law you have the right to:

  • Access the personal information we hold about you;
  • Correct inaccurate information;
  • Request deletion of your account and associated data;
  • Withdraw consent (which may affect your ability to use the Service);
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada.

US residents: additional rights may apply under your state's privacy law (e.g., CCPA/CPRA for California residents), including the right to opt out of the sale of personal information. We do not sell personal information.

7. Security

We use industry-standard security measures including encryption at rest and in transit, access controls, and PII vaulting. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Children

The Service is not directed to anyone under 18. We do not knowingly collect personal information from minors.

9. Changes to This Policy

We may update this Privacy Policy periodically. Continued use after changes are posted constitutes acceptance. Material changes will be communicated via email or in-app notice.

10. Contact

Privacy inquiries or rights requests: legal@candidai.ca

Also see our Terms of Service.