Legal

Privacy Policy

Last updated 25 May 2026.

This policy explains what personal data CandidHQ processes, why, and the choices you have. It applies to candidhq.tech and the candidate portals we host on behalf of our recruiter customers.

Who we are

CandidHQ is operated by Candid HQ Limited, a company registered in Scotland (Companies House). We are registered with the UK Information Commissioner's Office under registration number C1941533 (verifiable on the ICO public register). You can reach us at privacy@candidhq.tech for any privacy question, data subject request, or breach notification.

How we relate to your data

We act in two different roles depending on whose data is involved:

  • Controller for the personal data of recruiters and team members who sign up for and operate a CandidHQ account, plus visitors to our marketing site. We decide what to collect and why.
  • Processor for the personal data of job candidates whose information our recruiter customers add to CandidHQ. The recruiter is the controller; we process that data only on their documented instructions, under our Data Processing Agreement.

What we collect

From recruiter account holders

  • Email address and password hash (Supabase Auth).
  • Name, role, and company-membership metadata.
  • Billing details and Stripe customer/subscription identifiers (no card numbers; those live in Stripe).
  • Audit log entries for actions taken inside the admin: IP address, user agent, action, target, timestamp.
  • Notification preferences and read state.

From candidates (processed on the recruiter's behalf)

  • Name and email address (entered by the recruiter when creating the portal).
  • Current stage in the hiring process.
  • Behavioural telemetry on portal visits: timestamps, sections viewed, bookmarks, current stage at view, IP address (recorded against audit and rate-limit infrastructure).
  • Notes you write inside the portal (stored against your portal, not shared).
  • Questions you ask the AI prep assistant, and the assistant's responses.
  • Email delivery records (subject, send time, status) for emails CandidHQ sends to you on the recruiter's behalf.

We do not collect CVs, résumés, phone numbers, postal addresses, date of birth, salary expectations, demographic data, right-to-work documentation, or any "special category" data (health, race, religion, biometric, sexual orientation, political opinions).

From marketing-site visitors

  • Standard server access logs (IP, user agent, request path) for security and abuse prevention.
  • Error reports via Sentry. Our Sentry integration scrubs email addresses and cookie values from events before they leave the browser/server, and rewrites portal URLs so candidate tokens are not transmitted.
  • We do not run third-party advertising, tracking, or fingerprinting cookies.

Why we use it (lawful basis)

  • Contract (Art. 6(1)(b) UK GDPR): operating the service for paying customers and the candidate portals they create.
  • Legitimate interests (Art. 6(1)(f)): securing the service, preventing abuse, generating error reports, sending operational email.
  • Legal obligation (Art. 6(1)(c)): retaining billing records and responding to lawful requests from authorities.
  • Consent (Art. 6(1)(a)): only where required (e.g. before adding non-essential cookies, none of which exist today).

Who we share it with

We use a small set of sub-processors to run the service. They process data on our documented instructions, under data processing terms with appropriate safeguards. The current list, with regions and roles, lives at candidhq.tech/subprocessors. We will update that page before adding any new sub-processor and you can subscribe to changes by writing to privacy@candidhq.tech.

Where it lives

Our primary database and file storage sit in the UK / EU(Supabase eu-west-2, London). Error reporting (Sentry) is hosted in the EU. The candidate AI prep assistant sends your typed question to Anthropic in the United States; that transfer is covered by Standard Contractual Clauses in the relevant sub-processor agreement. Stripe processes payment data globally under its own published safeguards.

How long we keep it

  • Candidate portal data is automatically purged 365 days after the portal's expiry, unless your recruiter sets a shorter window for their workspace.
  • Account data for recruiter users is retained for as long as the account is active, then deleted within 90 days of cancellation.
  • Audit logs are retained for 24 months for security and dispute investigation.
  • Billing records are retained for 7 years to meet UK tax obligations.

Your rights

Under the UK GDPR and EU GDPR you can:

  • Ask for a copy of the personal data we hold about you (access).
  • Ask us to correct inaccurate data (rectification).
  • Ask us to delete your data (erasure), subject to legal retention limits.
  • Object to or restrict processing in certain circumstances.
  • Request portability of data you have provided to us.

If you are a candidate, the fastest path is to email your recruiter (the controller of your data). They have a one-click tool inside CandidHQ to export or delete your record. You can also write to us at privacy@candidhq.tech and we will forward your request to them.

If you are a recruiter user, write to privacy@candidhq.tech. We will respond within 30 days.

You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk) or your local EU supervisory authority.

Cookies

We use a single first-party cookie (cdq_sidebar) to remember whether you collapsed the admin sidebar, plus the session cookie set by our authentication provider when you sign in. No third-party tracking, advertising, or analytics cookies are set.

Security

Practices and certifications are summarised at candidhq.tech/trust. In short: encryption in transit and at rest, row-level security on every tenant-scoped table, audited admin actions, a content security policy, and a documented incident-response process.

Children

CandidHQ is not directed at people under 16 and we do not knowingly collect their data. If you believe a candidate record concerns a minor, write to us and we will work with the controlling recruiter to remove it.

Changes

We will update this page when we change a sub-processor, add a category of data, or revise a retention period. The "last updated" date at the top reflects the most recent change. Material changes affecting recruiter customers will also be emailed to the account owner.

Contact

Candid HQ Limited, registered in Scotland.
Email: privacy@candidhq.tech