Privacy Policy

Account information: When you install Candio via the HubSpot Marketplace, we receive your HubSpot portal ID, user name, and email address through the OAuth authorisation flow.

Candidate data: Candidate information (names, email addresses, resumes, application responses) is stored within your HubSpot portal as native CRM records. Candio reads and writes this data on your behalf but does not independently store copies outside of HubSpot.

Usage data: We collect anonymised analytics about how you interact with Candio — such as features used, pages visited, and actions taken — to improve our product.

Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card details.

We use the data we collect to:

• Provide, maintain, and improve the Candio platform
• Authenticate your sessions and manage your account
• Process payments and manage subscriptions
• Send transactional emails (application confirmations, interview invites, etc.) on your behalf
• Provide customer support
• Monitor system performance and security

Candidate and hiring data resides in your HubSpot portal. Our application infrastructure runs on Amazon Web Services (AWS) in the EU (Ireland) region. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

We implement industry-standard security measures including access control, audit logging, and regular vulnerability assessments.

We share data only with third-party services necessary to operate Candio:

• HubSpot: CRM platform where your data is stored
• Stripe: Payment processing
• AWS: Cloud infrastructure
• Zoom: Video interview scheduling (optional, user-enabled)

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Our website uses essential cookies for authentication and session management. We may use analytics cookies (such as privacy-respecting analytics) to understand website usage. You can control cookie preferences through your browser settings.

If you are located in the European Economic Area, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your personal data
• Portability: Request a machine-readable export of your data
• Restriction: Request that we limit processing of your data
• Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@candio.com.

We retain account data for as long as your Candio subscription is active. When you uninstall Candio, we delete our application data within 30 days. Candidate data stored in your HubSpot portal remains in your control and is not affected by uninstalling Candio.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our website. Your continued use of Candio after changes take effect constitutes acceptance of the updated policy.