Candorings
Start a study
Privacy

Your data, and your buyers’ candor, protected.

Candorings handles two kinds of people’s data: the team who runs a study, and the buyers who answer it. This statement explains what we collect, why, and how it’s protected.

Working draft · last updated 2026-06-11

Note. This is a working draft of our privacy approach intended to describe how the product handles data. It is not legal advice and will be reviewed with counsel before launch.

Who this covers

Two groups: the sponsor (a revenue, product, or customer-success leader) who creates an account and runs a study, and respondents — the buyers, champions, and users on a deal — who are invited to a confidential interview. Respondents do not create an account; they enter through a single-use link.

What we collect

  • Sponsor account data: email address and the product, competitor, and hypothesis context you provide to scope a study.
  • Roster data: the email addresses and optional segment metadata (deal or account, outcome, deal-role, competitor) you upload, or sync from your CRM, to invite respondents.
  • Respondent answers: the interview responses and ratings a buyer provides. These are sensitive personal data and are treated accordingly.
  • Operational data: minimal logs and AI-usage metering needed to run, secure, and bill the service.

How we use it

  • To design and run the study you configure.
  • To deliver invitations and the respondent interview experience.
  • To synthesise responses into a segmented readout and a drafted set of revenue actions.
  • To secure the service, prevent abuse, and meter usage.

Confidentiality of respondent answers

This is the heart of the product. Your team never sees an individual buyer’s answers — unless that buyer explicitly opts in to be quoted. Responses are aggregated into segments, and any segment too small to protect a person is suppressed or merged before anything is shown. Roster identity is used only to deliver invitations and is never joined to response content in any sponsor-facing view.

Legal basis

We process personal data on the bases permitted under the GDPR, typically the performance of a contract (running the study) and legitimate interests (securing and improving the service), with consent captured from respondents before an interview begins. Your organisation is generally the data controller for respondent data; we act as a processor on your instructions.

Where your data lives

All data stores and sub-processors operate in the EU region. Data is encrypted in transit and at rest.

Sub-processors

  • Supabase (EU): managed database, authentication, and storage.
  • Anthropic: AI models under zero-retention, no-training terms.
  • Resend (EU): transactional email delivery.

Retention

We keep personal data for as long as needed to run an engagement and meet legal obligations, then delete or anonymise it. You can request deletion of an engagement’s data at any time (see your rights below).

Your rights

Subject to applicable law, you may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. To exercise any of these, email privacy@candorings.com and we’ll respond within the timeframes the GDPR requires.

Cookies

We use only the cookies strictly necessary to keep you signed in and to keep the service secure. We do not use advertising cookies.

Changes

We’ll update this statement as the product matures and post the revised date at the top. Material changes will be communicated to account holders.

Contact

Questions about privacy? Email privacy@candorings.com.