Privacy Policy

Last updated: March 2026

Our Privacy Promise

Candor is built on a foundation of privacy. Honest coaching requires genuine confidentiality. Your individual sessions, journal entries, and personal data are private by design — not just by policy, but by architecture.

Three-Space Privacy Model

Candor uses a three-space privacy architecture:

• Your Individual Space — Only you can access your check-ins, journal entries, individual sessions, and personal growth data. This data is protected at the database level using Row Level Security, meaning even our own servers cannot show it to your partner.
• Your Partner's Individual Space — Completely separate and inaccessible to you, just as yours is to them.
• Your Shared Couple Space — Contains only data that both partners have explicitly chosen to share. Couples sessions, shared challenges, and relationship health scores live here.

The Consent Bridge

After individual sessions, you may choose to share specific insights with your partner for your couples sessions. This is always opt-in — you select what to share, how it should be brought up, and you can revoke shared insights at any time. Nothing crosses from your individual space to the shared space without your explicit action.

Data We Collect

• Account information (email, display name)
• Coaching profile (attachment style, goals, boundaries, coaching style preference)
• Session data (messages, mood/stress ratings, session summaries)
• Gamification data (XP, streaks, challenge completions)
• Health and growth scores (calculated from session data)
• Pattern reports (generated from aggregated session data)

How We Use Your Data

• To provide coaching sessions personalized to your needs
• To track your mood, stress, and growth over time
• To detect relationship patterns and generate insights
• To assign personalized challenges and homework
• To improve our coaching approach (aggregated, anonymized data only)

AI Processing

Candor is AI-powered. Your session messages are processed by Anthropic's Claude AI to generate coaching responses. Messages are sent to Candor via our secure server (Supabase Edge Functions) — your app never communicates with the AI engine directly. Candor does not retain conversation history between API calls. Individual session content is never included in couples session context.

Data Storage and Security

• All data is stored on Supabase (hosted on AWS) with encryption at rest
• Row Level Security enforces privacy at the database level
• API communications are encrypted via TLS
• Input sanitization prevents prompt injection attacks
• Rate limiting protects against abuse (60 messages per hour per user)
• Edge Functions are ephemeral — no persistent storage of session content on our servers

Data Sharing

We do not sell your data. We do not share your individual data with your partner. We share data with:

• Anthropic (Claude AI) — session messages for generating responses (not retained by Anthropic)
• Supabase — our infrastructure provider (data at rest)
• No other third parties

Your Rights

• Access your data at any time through the app
• Export your session history
• Delete your account and all associated data
• Revoke shared insights at any time
• Update your boundaries and coaching preferences
• Opt out of pattern detection

Account Deletion

You can delete your account from Settings. This permanently removes all your individual data, session history, and profile information. Shared couple session data that both partners participated in will be anonymized but retained for your partner's session history.

Crisis Situations

Candor is not a substitute for professional mental health care. If Candor detects indicators of self-harm, abuse, or severe crisis, it will provide crisis resources (National DV Hotline: 1-800-799-7233, Crisis Text Line: text HOME to 741741). We do not report session content to authorities unless required by law.

Contact

For privacy questions or data requests: privacy@candorapp.com