Plain English summary: We collect your email when you sign up and basic usage data when you use the copilot. We don't sell your data. We don't show you ads. We will never share your information with employers without your explicit consent. Candid is built for candidates — that principle applies to your data too.
Who We Are
Candid ("Candid," "we," "us," or "our") operates the website candidhiring.com and the Candid job search copilot. We are an independent company building tools for job seekers.
If you have any questions about this policy, contact us at privacy@candidhiring.com.
What We Collect
We collect the following categories of information:
- Email address — when you join our waitlist or create an account. Required to send you product updates and your welcome sequence.
- Usage data — which features you use, how often, and approximate response times. This is anonymized and used to improve the product.
- IP address — logged automatically on each request for security purposes (rate limiting, abuse prevention). Not shared with third parties.
- Job descriptions and prompts — text you paste into the copilot is sent to our AI provider to generate your analysis. We may store this data in anonymized form for product improvement and market research. See Section 5 for details on our AI provider.
- Local storage — your current role, years of experience, and skills are saved in your browser's local storage so you don't have to retype them. This data never leaves your device unless you use the copilot.
We do not collect: payment information, social security numbers, government IDs, or sensitive personal data.
How We Use It
We use the information we collect to:
- Operate and improve the Candid platform
- Send you transactional emails (welcome sequence, product updates)
- Protect the service against abuse, fraud, and unauthorized access
- Analyze anonymized usage patterns to understand what's working
- Generate aggregate market research (e.g. most in-demand skills by role) — this data is never personally identifiable
We will never use your data to:
- Show you advertisements
- Share your profile or activity with employers without your explicit consent
- Sell your personal information to any third party
- Train AI models on your personal data without your consent
Data Storage & Security
Your data is stored on AWS infrastructure in the United States (us-east-1 region). We use industry-standard security practices including encrypted connections (HTTPS/TLS), encrypted database storage, and access controls that limit who can see your data.
We retain your email address and account data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days. Anonymized usage data may be retained indefinitely as it cannot be linked back to you.
While we take security seriously, no system is completely secure. If you discover a security issue, please report it to security@candidhiring.com.
Third Parties
We use a small number of third-party services to operate Candid:
- Anthropic — our AI provider. When you use the copilot, your prompt (job description + your background) is sent to Anthropic's API to generate your analysis. Anthropic's privacy policy is available at anthropic.com/privacy. We do not send your name or email address to Anthropic.
- Amazon Web Services (AWS) — our cloud infrastructure provider. Your data is stored and processed on AWS servers. AWS's privacy policy is available at aws.amazon.com/privacy.
- Amazon SES — used to send transactional emails. Your email address is processed by SES for delivery purposes only.
We do not use advertising networks, social media trackers, or analytics platforms that share data with third parties.
Your Rights
Regardless of where you live, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — ask us to correct inaccurate information
- Deletion — ask us to delete your personal data
- Portability — receive your data in a machine-readable format
- Opt out — unsubscribe from emails at any time using the link in any email we send
To exercise any of these rights, email privacy@candidhiring.com. We will respond within 30 days.
Cookies
Candid uses minimal cookies. Specifically:
- Session cookies — used only on the admin panel to maintain your authenticated session. These are deleted when you close your browser.
- No tracking cookies — we do not use Google Analytics, Facebook Pixel, or any third-party tracking cookies.
- Local storage — as described above, we use your browser's local storage (not cookies) to save your copilot preferences. You can clear this at any time through your browser settings.
Because we do not use tracking or advertising cookies, a cookie consent banner is not required. If this changes, we will update this policy and add appropriate consent mechanisms.
CCPA — California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information.
We do not sell personal information. Under the CCPA, "selling" includes sharing data for advertising purposes. We do not do this.
You have the right to:
- Know what personal information we collect and how we use it
- Request deletion of your personal information
- Opt out of the sale of your personal information (though we do not sell it)
- Non-discrimination for exercising your CCPA rights
To submit a CCPA request, email privacy@candidhiring.com with the subject line "CCPA Request."
GDPR — European Residents
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) applies to how we handle your data.
Legal basis for processing: We process your personal data based on:
- Consent — you provide your email address voluntarily when joining our waitlist
- Legitimate interests — security logging, abuse prevention, and product improvement
- Contract — processing necessary to provide the service you've requested
Data transfers: Your data is stored in the United States. We rely on Standard Contractual Clauses where required for international data transfers.
Data Protection Officer: Given our current size, we do not have a formal DPO. All data protection inquiries should be directed to privacy@candidhiring.com.
You have the right to lodge a complaint with your local supervisory authority if you believe we have not handled your data appropriately.
Contact Us
If you have questions about this privacy policy or how we handle your data, we're easy to reach.
Candid
Email: privacy@candidhiring.com
Website: candidhiring.com
We aim to respond to all privacy inquiries within 5 business days.
This policy was last updated on March 7, 2026. We will notify registered users of any material changes via email before they take effect.