Version 2.0, Global privacy policy

Candoora Privacy Policy

Effective

April 2026

Registered

England and Wales

Privacy contact

privacy@candoora.io

1. Who We Are

Legal entity

Candoora Ltd, registered in England and Wales.

Registered address

To be confirmed on incorporation.

Company number

To be confirmed on incorporation.

Data Controller

Candoora Ltd for UK and EU data protection purposes.

EU Representative

To be appointed before EU resident data is processed.

Data Protection Officer

Appointed prior to launch. Contact: dpo@candoora.com.

Fairness or bias concerns

fairness@candoora.io.

AI system enquiries

ai@candoora.io.

2. Scope and Territorial Reach

This Privacy Policy applies to all Candoora users globally. Candoora processes personal data of individuals in the United Kingdom, the European Union and European Economic Area, the United States, Brazil, Canada, India, Singapore, Australia, and other jurisdictions. The policy is written to satisfy demanding applicable frameworks simultaneously, so every user receives the same baseline level of protection.

UK GDPR and the Data (Use and Access) Act 2025.

EU GDPR and EU AI Act transparency obligations.

CCPA/CPRA and other US state privacy laws.

Illinois AI employment and biometric privacy requirements.

Brazil LGPD.

Canada PIPEDA and Quebec Law 25.

India Digital Personal Data Protection Act 2023.

Singapore PDPA and Australia Privacy Act 1988.

3. Personal Data We Process

Candoora collects only what is necessary for defined purposes. Where we rely on legitimate interests, a Legitimate Interests Assessment has been conducted and is available on request.

Account and identity data

• Full name, email address, password hash, profile preferences, subscription status, and Stripe transaction references.
• Used for account creation, authentication, personalisation, billing access control, and statutory accounting obligations.
• Most account data is kept for the account duration plus 30 days. Billing references are kept for 7 years.

Career and resume data

• CV or resume content, job descriptions, analysis reports, fit scores, career milestones, certificate vault data, and Career OS data.
• Resume data receives the highest level of protection: AES-256 encryption at rest, TLS 1.3 in transit, and strict need-to-know staff access.
• Identifiable resume and career data is never used to train AI models without separate, explicit, granular consent.

Job search and matching data

• Saved jobs, application history, pipeline status, salary preferences, work-mode preferences, location preferences, search queries, and match interactions.
• Used to deliver the Fit Scorecard, job matching, hard filters, personalisation, and application tracking.
• Search interaction patterns are kept for 90 days on a rolling basis, then permanently deleted.

Interview preparation data

• Practice answers, stage breakdown scores, company names used for Insider Intel, and self-reported interview outcomes.
• Practice answers are used for STAR scoring and feedback, then deleted 30 days after submission.
• Insider Intel trigger data is session-only and is not persisted.

Referral Architect data

• LinkedIn OAuth connection graph data, manually entered third-party contact names and roles, target company names, referral package contents, and marketplace profile data where enabled.
• LinkedIn connection data is session-only by default, unless the user opts into 30-day persistence.
• Referral packages are transmitted only at the user’s explicit direction. Candoora does not retain a post-send copy.

Technical and platform data

• IP address, device type, browser, operating system, session logs, access timestamps, cookies, analytics events, and crash logs.
• Used for security, fraud prevention, geo-compliance routing, compatibility, analytics, and platform stability.
• Resume content is excluded from error and crash logs by design.

4. Special Category Personal Data

Candoora does not prompt for special category data. The only special category data we may process is what a user voluntarily includes in their own CV, such as health, disability, racial or ethnic origin, political opinions, religious beliefs, or trade union membership. This data is not extracted, separately scored, or used in analysis. Candoora does not collect biometric data or criminal conviction data. If biometric features are introduced in future, a separate DPIA and explicit consent mechanism will be implemented before launch.

Candoora’s AI systems do not score, penalise, or make recommendations based on special category data. Annual bias audits are conducted on Fit Scorecard and ATS simulation engines.

5. How We Use Artificial Intelligence

Candoora’s AI systems are classified as General Purpose AI applications. Candoora serves candidates exclusively. No employer, recruiter, or hiring manager has access to user data or AI-generated analysis through Candoora, and Candoora does not connect candidates to employers.

Resume parsing structures user-controlled analysis data.

Fit Scorecard is advisory and visible only to the candidate.

ATS compatibility simulation is advisory and does not reject users.

Seniority analysis and bullet rewrites are suggestions only.

Interview scoring is practice feedback only.

Referral drafts are never auto-sent. Users must review, edit, and send.

No solely automated legal decisions

Candoora does not engage in solely automated processing that produces legal effects or similarly significant effects. All AI outputs require explicit human action before any consequence follows.

6. Data Sharing and Third Parties

Candoora shares personal data with sub-processors under binding Data Processing Agreements and remains responsible for their compliance.

Anthropic, Inc.

Claude AI API for resume content, job description content, and active-session draft inputs. API data is contractually prohibited from training use.

Stripe, Inc.

Payment processing. Card data is held by Stripe only. Candoora stores transaction references.

Pinecone Systems, Inc.

Vector database for skill matching. Stores vectorised skill embeddings without raw personal identifiers.

Cloud hosting provider

Infrastructure for platform data, with primary storage intended for the UK/EU region.

Analytics platform

Anonymised usage event data only, with no resume content and no identifiers.

LinkedIn Corporation

Read-only OAuth connection graph data for Referral Architect session use.

Candoora does not and will never sell, rent, trade, or share personal data with third parties for commercial purposes. This applies to resume data, career history, AI analysis outputs, behavioural data, and all other personal data categories.

7. International Data Transfers

International transfers are protected by appropriate legal mechanisms, including EU Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions where available, Transfer Impact Assessments, and applicable local requirements. Users may request information about the specific transfer mechanisms applicable to their data by contacting privacy@candoora.io.

8. Your Rights

You can exercise rights via Account Settings > Data & Privacy or by emailing privacy@candoora.io. Response commitments include 30 days under GDPR/UK GDPR, 45 days under CCPA, and 15 days under LGPD.

Access a copy of the personal data Candoora holds about you.

Correct inaccurate profile or account data.

Delete your account and associated personal data.

Restrict processing while a dispute is being resolved.

Export your data in a structured, machine-readable format.

Object to legitimate-interests processing including personalisation and analytics.

Opt out of AI-powered processing, noting that this substantially limits platform functionality.

Exercise California, Brazil, India, Singapore, Australia, UK, and EU privacy rights where applicable.

9. India-Specific Provisions

For Indian residents, Candoora processes personal data as a Data Fiduciary under the Digital Personal Data Protection Act 2023. Consent is obtained at account creation and is not bundled with optional analytics processing. Candoora prohibits use by anyone under 18 and will seek verifiable parental consent where required before any processing continues. Indian users may direct grievances to privacy@candoora.io.

10. Retention Schedule

Account and identity data

Account duration plus 30 days.

Resume and career data

Account duration plus 30 days.

Analysis reports and fit scores

Account duration plus 30 days.

Practice interview answers

30 days from submission, then permanently deleted.

Insider Intel trigger data

Session only.

Job description content

30 days from submission, then permanently deleted.

LinkedIn OAuth connection data

Session only by default, or 30 days with explicit opt-in.

Payment and billing records

7 years for statutory accounting obligations.

Security and access logs

12 months.

IP addresses

90 days, then permanently deleted.

Encrypted backups

Purged within 60 days of account deletion.

11. Security

AES-256 encryption at rest for personal data in databases and backups.

TLS 1.3 for communications between users, Candoora, and sub-processors.

Role-based access control and the principle of least privilege.

MFA available to users and mandatory for administrative access.

Only data required for the active function is included in each AI API call.

Annual third-party penetration testing, with critical findings remediated within 30 days.

Breach notification within 72 hours for qualifying supervisory authority notifications.

Application-layer log sanitisation to exclude resume content from error and crash logs.

12. Employment Agency Status

Candoora is a career intelligence platform and does not act as an employment agency. Candoora does not introduce candidates to employers, does not receive fees for placing candidates in employment, and is not a party to any employment, contracting, or referral relationship between a user and any third party.

13. Children

Candoora is a professional career platform with a minimum age of 18 globally. We do not knowingly collect personal data from anyone under 18. If we discover that a user is under 18, we will terminate the account and delete associated data.

14. Policy Changes

Material changes to this Policy will be communicated to registered users by email at least 14 days before they take effect. Non-material changes, such as updated contact details or corrected typographical errors, may be applied without separate notification.

15. Contact and Regulatory Complaints

Primary contact: privacy@candoora.io. Candoora aims to respond to general privacy queries within 5 business days, with statutory timeframes applying to formal requests. Users may also complain to their relevant supervisory authority, including the ICO in the UK, national EU data protection authorities, the California Privacy Protection Agency, Brazil’s ANPD, Canada’s privacy commissioners, India’s Data Protection Board once operational, Singapore’s PDPC, or Australia’s OAIC.