privacy policy

candid is an AI-powered conversation preparation tool. this policy explains what data we collect, how we use it, and your rights. we take your privacy seriously — nothing you share with candid is sold or used for advertising.

we collect the following categories of information:

• account information: when you sign up, we collect your name and email address to create and manage your account.
• conversation content: the situations, messages, and context you provide when using candid to prepare for conversations. this content is processed by AI and stored to provide you with your history.
• usage data: information about how you use the product — pages visited, features used, session duration — collected to improve the service.
• payment information: billing details processed by DodoPayments. we do not store full card numbers; payment data is handled entirely by our payment processor.
• device and technical data: browser type, IP address, and operating system, used for security and debugging purposes.

• authentication: to verify your identity and keep your account secure.
• product delivery: to generate AI responses and maintain your conversation history.
• billing: to process subscription payments, send receipts, and manage renewals.
• product improvement: anonymized, aggregated usage patterns help us improve features and fix bugs. we do not use individual conversation content to train AI models without explicit consent.
• support: to respond to questions, bug reports, or account requests you send to us.

candid uses the following third-party services to operate:

• Supabase — our database and authentication provider. your account data and conversation history are stored in Supabase's infrastructure. Supabase is SOC 2 compliant. see supabase.com/privacy.
• DodoPayments — our payment processor. when you subscribe, billing and payment data is handled by DodoPayments. we receive a transaction confirmation and subscription status, not raw card data.
• Anthropic — the AI provider powering candid's conversation analysis. content you submit is sent to Anthropic's API for processing. Anthropic does not use API data to train their models by default. see anthropic.com/privacy.

candid uses cookies for the following purposes:

• session cookies: to keep you logged in during and across sessions. these are required for the service to function.
• analytics cookies: to understand how users interact with the product. you can decline analytics cookies via the cookie banner shown on your first visit.

you can control cookies through your browser settings. disabling session cookies will prevent you from staying logged in.

we retain your account data and conversation history for as long as your account is active. if you delete your account, your data is permanently removed within 30 days. anonymized, aggregated analytics data may be retained indefinitely.

you have the right to:

• access: request a copy of the data we hold about you.
• deletion: request that we delete your account and all associated data.
• correction: request corrections to inaccurate personal data.
• portability: request your conversation history in a machine-readable format.
• opt-out: opt out of analytics tracking via the cookie banner or by contacting us.

to exercise any of these rights, email us at support@candid.app. we will respond within 30 days.

all data is encrypted in transit via TLS and at rest. we follow industry-standard security practices and perform regular reviews of our data handling. in the event of a data breach affecting your personal data, we will notify you within 72 hours.

candid is not directed at children under 13. we do not knowingly collect personal data from children. if you believe a child has provided us with data, please contact us and we will delete it promptly.

we may update this policy as the product evolves. if changes are material, we will notify you by email or via an in-product notice. the effective date at the top of this page reflects the most recent update.

questions about this policy? reach us at support@candid.app.