Privacy Policy for Candibase

Effective date: October 29, 2025

Candibase (“Candibase,” “we,” “us,” or “our”) operates https://candibase.io
 (the “Site”) and provides a platform where founders and recruiters can find the perfect developer in seconds without scrolling LinkedIn (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with the Services.

If you do not agree with this Policy, do not use the Services. You may also wish to review our Terms of Service.

Contact: mike@candibase.io

1) Who is the controller

Candibase is the data controller for personal data processed via the Services.

2) What data we collect

Account & profile data (candidates): name, email, CV/resume information, and any details you add to your profile (skills, links, work history, preferences, etc.).

Recruiter/founder data: name, email, company details, role, communications with candidates.

Usage & device data: IP address, device and browser type, pages viewed, referring/exit pages, timestamps, and similar diagnostic data.

Cookies and similar technologies: we use web cookies and similar tools for essential functions, analytics, and improving the Services. See Cookies below.

We do not intentionally collect special categories of data (e.g., health, biometric, racial/ethnic origin) through the Services. Please do not include such data in your profile or CV.

3) How we use your data (purposes & legal bases)

We process personal data for the following purposes and legal bases under the EU GDPR:

Provide and operate the Services (create profiles, enable search/matching, enable messaging/contact): performance of a contract and legitimate interests.

Account administration (authentication, security, fraud prevention, troubleshooting, support): legitimate interests and legal obligations.

Communications (service notices, updates, responses): performance of a contract or legitimate interests; marketing communications where applicable: consent or legitimate interests with opt-out.

Analytics and product improvement (measure usage, improve relevance and performance): legitimate interests.

Compliance (enforce Terms, respond to lawful requests, regulatory obligations): legal obligations.

Cookies/trackers not strictly necessary: consent.

4) Candidate profiles, visibility, and deletion

Candidates own their profile and can delete it at any time from account settings.

Candidate profiles are visible to registered recruiters/founders within the Services. When a recruiter accesses your profile or downloads your CV, they may retain a copy.

After deletion, we remove your profile from recruiter view and our active systems within a reasonable period. Limited data may remain in backups/logs for a time as required for security, fraud prevention, or legal obligations.

5) Sharing your data

We share personal data only as needed to provide the Services or as required by law:

With recruiters/founders: Candidate profile and contact details are shared to enable outreach for legitimate hiring purposes. Recruiters/founders act as independent controllers for the copies they receive and must comply with applicable law (including giving you their own privacy notices and honoring your rights).

Service providers (processors): hosting, analytics, communications, security, and support vendors under contracts that require confidentiality and GDPR-compliant processing.

Legal and safety: to comply with laws, regulations, legal process, or to protect rights, safety, and the integrity of the Services.

Business transfers: in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards.

We do not sell personal data.

6) International transfers

If we transfer personal data outside the EEA/UK, we use appropriate safeguards such as EU Standard Contractual Clauses and conduct transfer risk assessments where required.

7) Data retention

We keep personal data for as long as your account is active or as needed to provide the Services, resolve disputes, enforce agreements, and comply with legal obligations. Profiles and CVs are deleted upon account deletion, subject to backup and legal retention requirements.

8) Your rights (EU/EEA, including Greece)

Subject to legal limits, you have the right to access, rectify, erase, restrict, object to certain processing (including where based on legitimate interests), and data portability. Where processing is based on consent, you may withdraw consent at any time (this does not affect prior processing).
To exercise rights, contact mike@candibase.io.

You also have the right to lodge a complaint with the Hellenic Data Protection Authority.

9) Cookies

We use:

Essential cookies (required for login, security, and core features).

Analytics/performance cookies (to understand usage and improve the Services).

Where required, we request your consent for non-essential cookies via a banner or settings. You can manage cookies through browser settings and our on-site controls. Disabling certain cookies may impact functionality.

10) Security

We implement technical and organizational measures designed to protect personal data (encryption in transit, access controls, monitoring, secure development practices). No method of transmission or storage is 100% secure.

11) Children

The Services are not directed to individuals under 16. Do not use the Services or submit personal data if you are under 16.

12) Third-party links

The Services may contain links to third-party sites. We are not responsible for their privacy practices. Review their policies before providing personal data.

13) Automated decision-making

We do not perform decisions based solely on automated processing that produce legal or similarly significant effects about you.

14) Your responsibilities (recruiters/founders)

If you access candidate data, you must: (i) use it only for legitimate hiring purposes; (ii) provide any required privacy notices to candidates; (iii) implement appropriate security; (iv) honor candidate rights requests you receive regarding data you hold; and (v) comply with all applicable laws (including anti-spam, equality, and data protection laws).

15) Changes to this Privacy Policy

We may update this Policy from time to time. The updated version will be indicated by an Effective date and will be posted on https://candibase.io/privacy-policy
 (or successor page). Where required by law, we will notify you of material changes and/or request consent.

Questions or requests? Email mike@candibase.io