Legal

Privacy Policy

Last updated: February 24, 2026

1. Introduction

Candyfloss ("we", "us", or "our") operates the website candy-floss.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture through our authentication provider, Clerk. If you sign up with Google, we receive your basic Google profile information.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, expiration date, or CVV. Stripe may collect billing details such as your name, address, and payment method. See Stripe's Privacy Policy.

Usage Data

We automatically collect information about how you interact with the Service, including search queries, pages visited, features used, and timestamps. This helps us improve the product and enforce usage limits.

3. Professional Profile Data

Candyfloss provides access to professional profile data sourced from publicly available information through licensed data providers. This data includes professional information such as job titles, employment history, skills, education, and publicly shared GitHub activity.

This data is collected and processed for the legitimate purpose of recruitment and talent intelligence. We do not collect sensitive personal data such as health information, religious beliefs, or political opinions.

4. How We Use Your Information

  • To provide and maintain the Service
  • To process your subscription and payments
  • To respond to your inquiries and support requests
  • To monitor usage and enforce plan limits
  • To improve our search algorithms and product features
  • To send service-related communications (e.g., billing receipts, security alerts)
  • To comply with legal obligations

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Clerk - authentication and account management
  • Stripe - payment processing
  • Hosting providers - to serve the application
  • Law enforcement - when required by law or to protect our rights

6. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or compliance purposes.

Professional profile data is retained and updated periodically to ensure accuracy and relevance for our users.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability

If you are a data subject whose professional profile appears on our platform and wish to request removal, please contact us at privacy@candy-floss.ai.

8. Cookies

We use essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Our authentication provider (Clerk) may set cookies necessary for sign-in functionality.

9. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), secure authentication, and access controls. However, no method of transmission over the Internet is 100% secure.

10. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at: privacy@candy-floss.ai