Legal

Privacy Policy

Last updated: March 1, 2026

1. Introduction

CandiRank ("we", "us", or "our") is committed to protecting your personal information and the privacy of candidates whose resumes you process. This Privacy Policy explains how we collect, use, disclose, safeguard, and delete information when you use our AI-powered resume screening service ("Service").

Key Privacy Commitment: We automatically delete all uploaded resumes after 90 days to protect candidate privacy and comply with data protection regulations (GDPR, CCPA).

2. Information We Collect

  • Account information: Username, email address, and encrypted password when you register.
  • Resume data (limited retention): PDF files and extracted text you upload for screening. Automatically deleted after 90 days.
  • Candidate personally identifiable information (PII): Names, emails, phone numbers extracted from resumes. Deleted along with resumes after 90 days.
  • Analysis results: AI-generated scores, skills assessments, and summaries (anonymized, no PII after resume deletion).
  • Job descriptions: Text content of job postings you create within the platform.
  • Usage data: Log files, IP addresses, browser type, pages visited, and API token usage.
  • Payment information: Processed securely via Stripe or PayPal; we do not store raw card details.

3. How We Use Your Information

  • To provide, maintain, and improve the Service.
  • To process AI scoring of resumes you upload using the DeepSeek API.
  • To generate ranked candidate lists and skills analysis.
  • To send transactional emails (account confirmation, password reset, billing receipts).
  • To respond to support inquiries.
  • To monitor usage patterns, track API costs, and prevent abuse.
  • To comply with legal obligations and enforce our Terms of Service.

4. Data Sharing

We do not sell, rent, or trade your personal data or candidate resume data. We may share information with:

  • AI processing providers (DeepSeek API) – Resume text is sent for scoring; no data is retained by DeepSeek beyond processing.
  • Payment processors (Stripe, PayPal) – Transaction data is processed under their own privacy policies.
  • Legal obligations: If required by law, court order, or valid legal process.
  • Service providers: Hosting, email delivery, and analytics services under strict confidentiality agreements.

Note: We never share candidate resume data with third parties for marketing purposes.

5. Data Retention & Automatic Deletion

Your Control, Your Data: We believe in transparent data retention policies and give you full control.

Uploaded Resumes (PDF Files)

  • Automatically deleted after 90 days from upload date.
  • You can manually delete resumes anytime before 90 days via your dashboard.
  • Deletion includes physical PDF files and all extracted text.

Candidate Personal Information (PII)

  • Names, emails, phone numbers are deleted along with resumes after 90 days.
  • After deletion, only anonymized analysis scores and summaries remain.

Analysis Results (Scores & Summaries)

  • AI-generated scores, skills assessments, and summaries are retained indefinitely (unless you delete the job or account).
  • After resume deletion, these results contain no personally identifiable information.
  • You can export analysis results to Excel before deletion.

Your Account Data

  • Profile, job postings, and settings remain active until you delete your account.
  • You can request account deletion anytime from Account Settings or by contacting us.
  • Account deletion permanently removes all data (jobs, candidates, analysis results).

Payment & Transaction Data

  • Transaction records retained for 7 years for tax and legal compliance.
  • Full payment details (cards, accounts) are stored by Stripe/PayPal, not by us.
🔒 Privacy by Design: Our 90-day automatic deletion policy ensures candidate privacy is protected even if you forget to manually delete old resumes.

6. Your Data Control & Rights

You have full control over your data:

  • Delete individual resumes: Remove specific files from any job page.
  • Delete all resumes per job: Bulk delete via "Delete All Resumes" button on job pages.
  • Clean up old data: One-click cleanup of resumes older than 90 days in Account Settings → Data & Privacy.
  • Export before deletion: Download analysis results as Excel to keep records without storing PII.
  • Delete your account: Permanently remove all data from Account Settings → Security.

GDPR & CCPA Rights

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate information.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Portability: Export your data in machine-readable format (Excel).
  • Restrict processing: Limit how we use your data.
  • Object: Opt-out of certain data processing activities.

To exercise these rights, contact us at [email protected] with "Privacy Rights Request" in the subject line.

7. Security Measures

We implement industry-standard security practices to protect your data:

  • Encryption: All data transmitted via SSL/TLS encryption (HTTPS).
  • Password security: Passwords hashed using bcrypt with salt.
  • Access controls: Role-based permissions; admin panel requires separate authentication.
  • File storage: Resume PDFs stored in secure server directories with restricted access.
  • API security: DeepSeek API keys encrypted at rest.
  • Regular backups: Encrypted database backups with access logs.

⚠️ Important: No method of internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies & Tracking

  • Essential cookies: Session cookies to keep you logged in (required for functionality).
  • Functional cookies: Remember your preferences and settings.
  • No advertising cookies: We do not use third-party advertising or cross-site tracking.
  • No data selling: We never sell cookie data to advertisers.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect information from children. If you believe a child has provided us with data, contact us immediately at [email protected].

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place (standard contractual clauses, Privacy Shield frameworks where applicable).

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be notified via:

  • Email to your registered address
  • Prominent notice in the Service dashboard
  • Updated "Last updated" date at the top of this page

Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

Questions, concerns, or requests about this Privacy Policy? We're here to help:

  • Email: [email protected]
  • Subject line: "Privacy Policy Inquiry"
  • Response time: Within 48 hours

This Privacy Policy is legally binding. By using CandiRank, you agree to the collection, use, and retention practices described herein. For service terms, see our Terms of Service.