Privacy Policy
Last updated: July 6, 2026
Candio ("we," "our," or "us") is an AI-powered editorial tool for manuscript critique, structured feedback, and personalized mastery roadmaps. This Privacy Policy explains how we collect, use, and protect your information when you use our application.
Information We Collect
Account information. When you sign up, we collect your email address and display name through our authentication provider, Clerk. We do not store passwords — authentication is handled entirely by Clerk.
Content you create. We store the manuscripts and essays you write, the AI-generated feedback and learning paths produced from your submissions, and your associated preferences.
Usage data. We automatically collect IP addresses for rate limiting and security purposes. We do not use analytics tracking cookies or third-party analytics services.
How We Use Your Information
- To provide and maintain the Candio service, including manuscript storage and AI-powered analysis
- To authenticate your account and manage your session
- To generate personalized feedback and mastery roadmaps from your writing submissions
- To enforce rate limits and protect against abuse
- To communicate with you about your account or service updates
Third-Party Services
Your data is processed by the following third-party services:
- Clerk — handles user authentication. Receives your email and display name. See Clerk's Privacy Policy.
- NVIDIA NIM — processes your essay text to generate AI feedback and learning paths. Your submissions are sent to NVIDIA's API for analysis. See NVIDIA's Privacy Policy.
- Supabase — stores your manuscripts, feedback, and learning paths in a PostgreSQL database. See Supabase's Privacy Policy.
- Vercel — hosts the application infrastructure. See Vercel's Privacy Policy.
Data Sharing
We do not sell your personal information. We do not share your data with third parties except as described above to provide the service, or when required by law.
Data Retention
We retain your account information and content for as long as your account is active. Session cookies expire after 7 days. You may request deletion of your data at any time by contacting us.
Data Security
We use industry-standard security measures, including encrypted transmission (HTTPS), JWT-based authentication, CSRF protection, and strict CORS policies. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate data
- Request deletion of your personal data
- Object to or restrict processing of your data
- Data portability — receive your data in a structured, machine-readable format
To exercise these rights, please contact us through the Candio application.
Children's Privacy
Candio is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of Candio after any changes constitutes acceptance of the updated policy.
Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out through the Candio application.