Privacy Policy

1. Who We Are

Candor ("Candor," "we," "us," or "our") operates the deception analysis API and website at getcandor.polsia.app. This Privacy Policy explains how we collect, use, store, and protect information when you use the Service.

2. Information We Collect

We collect two categories of data:

A. Data You Submit

When you submit text to the Candor API for analysis, we store the following:

Data Element	What We Store	Purpose
Input text	First 500 characters of submitted text	Audit trail, quality assurance, abuse prevention
Input length	Character count of full submission	Usage statistics
Analysis result	Deception score, confidence, signal breakdown, verdict	Usage history, model improvement

We do not store the full text of submissions beyond the first 500 characters.

B. Automatically Collected Data

When you access the Service, we automatically collect:

• IP address — Used for rate limiting and abuse prevention. Stored with each request record.
• User agent string — Browser or API client identifier. Used for analytics and debugging.
• Request timestamp — Date and time of each API call.
• Anonymous visitor identifier — A UUID stored in your browser's localStorage, used to count unique visitors in aggregate. This is not linked to any personal account.

3. How We Use Your Information

We use the data we collect for the following purposes:

• Providing the Service: Processing your text submissions and returning analysis results.
• Rate limiting and abuse prevention: Enforcing usage limits per IP address to ensure fair access.
• Usage analytics: Computing aggregate statistics (total analyses run, average score distributions, verdict breakdowns) displayed on the homepage.
• Quality assurance and debugging: Identifying errors, improving analysis accuracy, and diagnosing technical issues.
• Legal compliance: Retaining records as required by applicable law or in response to valid legal process.

We do not use your submitted text to train machine learning models for sale to third parties, nor do we use it for behavioral advertising.

4. Data Retention

We retain analysis records (input text snippet, score, metadata) for 90 days from the date of submission. After 90 days, records are deleted from our database.

Aggregate, anonymized statistics (total request counts, score distributions) are retained indefinitely as they contain no personally identifiable information.

IP addresses are stored with request records and deleted on the same 90-day schedule.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Service providers: We use third-party infrastructure providers (cloud hosting, database services) that process data on our behalf under data processing agreements. These providers are not permitted to use your data for their own purposes.
• AI processing: Text submitted for analysis is sent to a third-party AI model provider (OpenAI) solely for the purpose of generating the deception analysis. OpenAI processes this data in accordance with their API data usage policies. We recommend you review OpenAI's API data usage policies before submitting sensitive text.
• Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights or the safety of others.
• Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred as part of that transaction. We will notify users via this page in advance.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS) for all communications
• Access controls limiting database access to authorized personnel
• Regular security reviews of our infrastructure

No method of transmission over the Internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of data transmitted to or stored by our Service.

7. Cookies and Tracking

Candor does not use tracking cookies. The only client-side storage we use is a localStorage item (polsia_vid) that stores a randomly generated anonymous UUID to count unique visitors in aggregate. This identifier is not linked to any personal account and cannot be used to identify you. You can clear it at any time by clearing your browser's local storage.

We do not use third-party advertising trackers, social media pixels, or behavioral retargeting.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has submitted data through our Service, contact us at the address below and we will delete it promptly.

9. Your Rights

Depending on your location, you may have rights regarding your personal data, including the right to access, correct, or request deletion of data we hold about you. Because we do not collect accounts or link requests to individual identities, the most effective way to exercise these rights is to contact us with your IP address and approximate date/time of submissions.

For users in the European Economic Area (EEA) or California, additional rights under GDPR or CCPA may apply. Contact us to submit a data request.

10. International Users

The Service is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US, which may have different data protection laws than your jurisdiction. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised effective date. Continued use of the Service following an update constitutes acceptance of the new policy.

12. Contact

For privacy-related inquiries, data requests, or concerns, contact us at: privacy@getcandor.com