Skip to main content
CandidIA

Privacy policy

Last updated: June 2026

This translation is provided for information only. Only the French version is legally binding.

1. Data collected

We collect the following data:

  • First name, last name and email address (via Clerk)
  • Uploaded resumes and extracted data (skills, experience, contact details)
  • Selected job postings and generated documents
  • Payment data (handled exclusively by Stripe — we only have access to the last 4 digits of your card)
  • Anonymized navigation data (PostHog)

2. Use of data

Your data is used solely to:

  • Provide the application optimization service
  • Manage your subscription and payments
  • Send you transactional communications (confirmation, file ready)
  • Improve the service in an anonymized way

Your resumes are never used to train artificial intelligence models.

3. Retention period

  • Account data: until the account is deleted
  • Resumes and generated PDFs: 90 days after generation (automatic deletion)
  • Payment data: 5 years (legal obligation)
  • Navigation logs: 12 months

4. Data sharing

We share your data only with our subcontractors necessary for the operation of the service:

  • Anthropic (AI analysis) — session data only, not stored by Anthropic
  • Groq Inc. (voice transcription) — United States — Data Privacy Framework
  • Supabase (storage) — EU servers (Paris)
  • Clerk (authentication) — EU servers
  • Stripe (payment) — PCI DSS Level 1 certified
  • Resend (transactional emails)
  • PostHog (anonymized analytics) — subject to cookie consent

We never sell your data to third parties.

5. Your rights (GDPR)

In accordance with the GDPR, you have the following rights:

  • Right of access: access all of your data
  • Right of rectification: correct your data
  • Right of erasure: delete your account and all of your data from Settings > Delete account
  • Right of portability: export your data from Settings → Download my data
  • Right to object: object to processing for marketing purposes

To exercise these rights: candidia.heny@gmail.com

6. Cookies

We only use cookies strictly necessary for the operation of the service (authentication, session) and anonymized analytics cookies (PostHog). No third-party advertising cookies are used.

7. Hosting

The CandidIA service is hosted by:

  • Vercel Inc. — application hosting (340 Pine Street, Suite 1501, San Francisco, CA 94104, USA) — data in transit to EU regions
  • Supabase Inc. — database and file storage, region EU West (Paris)
  • Upstash Inc. — Redis cache, EU region

Personal data stored in the database and in file storage is located exclusively in European datacenters (Paris region).

8. DPO contact

Data Protection Officer: candidia.heny@gmail.com
Supervisory authority: CNIL — www.cnil.fr

Last updated: June 2026

Privacy policy — CandidIA | CandidIA