Privacy Policy

Effective Date: January 1, 2025 | Last Updated: November 11, 2025

1. Information We Collect

1.1 Information You Provide to Us

We collect information you provide directly when you:

• Create an Account: Name, email address, password, company name, and job title
• Upload Candidate Materials: Resumes, cover letters, portfolios, and related employment documents
• Use Our Services: Job descriptions, evaluation criteria, hiring preferences, and assessment results
• Communicate with Us: Support requests, feedback, and correspondence
• Make Payments: Billing information processed through Stripe (we do not store full credit card numbers)

1.2 Candidate Information

When you upload candidate materials, we process:

• Candidate names, contact information, and employment history
• Education credentials, skills, and qualifications
• Work samples, portfolios, and references
• Any information contained in resumes or supporting documents

Important: You are responsible for ensuring you have proper authorization to upload and process candidate information. We recommend obtaining consent from candidates before using our services.

1.3 Automatically Collected Information

• Usage Data: Pages viewed, features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies and Tracking: We use essential cookies for authentication and session management. See our Cookie Policy below.

2. How We Use Your Information

2.1 Service Delivery

• Process and analyze candidate submissions using our AI evaluation system
• Generate hiring assessments and recommendations
• Maintain and improve our AI models and algorithms
• Provide customer support and respond to inquiries

2.2 AI Processing

Our AI-powered evaluation system uses:

• Large Language Models (LLMs): OpenRouter API with models from OpenAI, Anthropic, and other providers
• Document Processing: Automated resume parsing and content extraction
• Multi-Agent Analysis: Six specialized AI agents evaluate candidates from different perspectives

AI Transparency: Our AI agents provide advisory assessments only. All hiring decisions remain the sole responsibility of the hiring organization. Our system does not make autonomous hiring decisions.

2.3 Business Operations

• Process payments and maintain billing records
• Send service-related communications (account updates, security alerts)
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations and enforce our Terms of Service

2.4 Product Improvement

• Analyze usage patterns to improve features and user experience
• Conduct internal research and development
• Test new features and services

3. Information Sharing and Disclosure

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or candidate data to third parties for marketing purposes.

3.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

• Cloud Infrastructure: AWS (hosting, storage, compute)
• AI Services: OpenRouter, OpenAI, Anthropic (LLM processing)
• Payment Processing: Stripe (payment transactions)
• Email Delivery: Postmark (transactional emails)
• Database: Neon (PostgreSQL hosting)
• Analytics: Umami (privacy-focused analytics)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

3.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes (subpoenas, court orders)
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Candidate Audit, our users, or others
• Respond to government requests or investigations

3.4 Business Transfers

If we are acquired or merge with another company, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.

4. Data Retention

4.1 Account Data

We retain your account information for as long as your account is active or as needed to provide services.

4.2 Candidate Data

Candidate evaluation data is retained according to these policies:

• Active Campaigns: Retained for the duration of the hiring process
• Completed Campaigns: Retained for 2 years after campaign completion
• Deleted Campaigns: Permanently deleted within 30 days of deletion request

EEOC Compliance Note: If you are subject to EEOC recordkeeping requirements, you may need to retain candidate data longer than our default retention period. We recommend consulting with legal counsel regarding your specific obligations.

4.3 Backup Data

Deleted data may persist in backup systems for up to 90 days before permanent deletion.

5. Your Privacy Rights

5.1 Access and Correction

You have the right to:

• Access your personal information and candidate data
• Correct inaccurate or incomplete information
• Update your account settings and preferences

5.2 Data Deletion

You can request deletion of your data by:

• Deleting your account through account settings in your dashboard
• Emailing privacy@candidateaudit.com

We will respond to deletion requests within 30 days. Some information may be retained as required by law or for legitimate business purposes.

5.3 Data Export

You can request a copy of your data in a portable format:

• Using the "Export Data" feature in your account settings
• Emailing privacy@candidateaudit.com

We will provide your data in JSON or CSV format within 30 days.

5.4 State-Specific Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you have additional rights:

• California (CCPA/CPRA): Right to know, delete, correct, and opt-out of sale/sharing
• Virginia (VCDPA): Right to access, delete, correct, and opt-out of targeted advertising
• Colorado (CPA): Right to access, delete, correct, and opt-out of targeted advertising
• Connecticut (CTDPA): Right to access, delete, correct, and opt-out of targeted advertising
• Utah (UCPA): Right to access, delete, and opt-out of targeted advertising

To exercise these rights, contact us at privacy@candidateaudit.com.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Multi-factor authentication support and secure password requirements
• Access Controls: Role-based access control and least privilege principles
• Monitoring: Continuous security monitoring and threat detection
• Regular Audits: Periodic security assessments and vulnerability scanning

6.2 Data Breach Notification

In the event of a data breach that affects your information, we will:

• Notify affected users within 30 days of discovery
• Provide details about the breach and affected information
• Describe steps we are taking to address the breach
• Offer guidance on protective measures you can take
• Comply with applicable state data breach notification laws

7. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

Our services are operated in the United States. If you access our services from outside the US, your information will be transferred to, stored, and processed in the United States. By using our services, you consent to this transfer.

9. Cookies and Tracking Technologies

9.1 Essential Cookies

We use essential cookies that are necessary for our services to function:

• Authentication: Maintain your logged-in session
• Security: Prevent fraud and abuse (CSRF tokens)
• Preferences: Remember your settings and preferences

9.2 Analytics

We use Umami, a privacy-focused analytics tool that does not use cookies or collect personal information. Umami is GDPR-compliant and does not track individual users.

9.3 Third-Party Cookies

We do not use third-party advertising or tracking cookies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

12. Additional Resources

• Terms of Service