Privacy Policy

Last updated: February 2026

1. Information We Collect

When you create an account, we collect your email address and password (stored securely via Supabase Auth). If you request access to a paid plan, we also collect your full name, organization, and role. Candidate data uploaded by your organization is stored per-tenant and isolated via row-level security.

2. How We Use Your Data

We use your information to provide and improve the CandiMatch screening platform, including: authenticating your account, processing candidate scoring, sending transactional emails (invitations, password resets), and providing customer support. We do not sell your personal data to third parties.

3. Data Storage & Security

All data is stored in Supabase-managed PostgreSQL databases with encryption at rest and in transit. Candidate data is isolated per tenant using row-level security policies. We implement industry-standard security measures including HTTPS, secure cookie-based authentication, CSRF protection, and rate limiting on sensitive endpoints.

4. Data Sharing

We share data only with service providers necessary to operate CandiMatch: Supabase (database and authentication), Vercel (hosting), and Resend (transactional email). These providers are bound by their own privacy policies and data processing agreements. We do not share candidate data between tenants.

5. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us. Organization administrators can export and delete candidate data through the platform. Upon account deletion, all associated data is permanently removed.

6. Cookies

We use essential cookies for authentication session management. We use Vercel Analytics for anonymous usage statistics. We do not use advertising or tracking cookies.

7. Changes to This Policy

We may update this policy from time to time. We will notify registered users of significant changes via email. Continued use of the platform after changes constitutes acceptance.

8. Contact

For privacy-related inquiries, contact us at support@candimatch.com.