Privacy Policy



We are CandiFit — operated by Mohamed Elorabi Consultoria Unipessoal Lda.

Registered address:

Eduardo Cortesão 18

1600-615 Lisbon, Portugal

If you have any questions about this privacy notice or wish to exercise your legal rights, please contact us at info@candifit.ai

1. Who we are and what this policy covers

At CandiFit, we believe privacy builds trust.

This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website, use our platform, attend our events, or otherwise interact with us.

We act as a data controller for information related to our users and marketing activities.

When you use CandiFit to process candidate data, we act as a data processor on your behalf.

2. How we use your data

When you register for CandiFit

When you create an account, we collect your name, email, and password to establish a contract and give you access to the platform.If you subscribe to a paid plan, we collect payment details (billing address, credit card, VAT number if applicable) via our Merchant of Record, Stripe, to process your subscription securely.

We use analytics tools such as PostHog or Google Analytics to understand usage patterns and improve the user experience.

We do not use personal data — including recruiter or candidate data — to train or improve AI or machine learning models unless you explicitly opt in.You can delete your CandiFit account anytime from within the platform.

When you manage candidates

When you upload or manage candidate data (e.g., resumes, interview notes, assessments), we process this data only to support your recruitment workflows.

We do not sell, share, or reuse candidate data for unrelated purposes.Under GDPR, you are the data controller for this information, and we act as your data processor, following your instructions and the terms of our Data Processing Agreement (DPA).

When you contact us

When you reach out via email or through our website, we collect your name, email, and message to respond to your query or provide support.

When you attend a CandiFit event or demo

If you attend a CandiFit webinar, demo, or in-person event, we may collect your name, company, role, and contact details to follow up with materials, support, or product updates.

Events may be photographed or recorded; you can opt out at any time by notifying us before or during the event.

When you interact on social media

When you engage with us on LinkedIn, X (Twitter), or other platforms, we may process your profile handle, name, and any messages you send to us to respond and engage with our community.

When you receive updates from us

We may use your name and email to send updates, recruitment insights, or product announcements — but only when you’ve opted in or where we have a legitimate interest.

You can unsubscribe anytime using the link in our emails or by contacting info@candifit.ai

When you apply for a job with us

If you apply for a position at CandiFit, we process your CV, contact details, references, test results, and right-to-work documents to evaluate your application and comply with legal requirements.

3. Legal bases for processing

We process personal data based on one or more of the following lawful bases under GDPR:

To perform a contract with you

To comply with legal obligations

For our legitimate business interests

Based on your consent, where applicable

4. Third-party services and data sharing

We rely on trusted third-party providers to operate our business efficiently.

These include:

Hosting & infrastructure: e.g., AWS or similar EU-based cloud providers

Payments: Stripe

Analytics: PostHog, Google Analytics

We ensure all subprocessors comply with GDPR and only process data as instructed by us.

5. Data security

We apply appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction.

6. Data storage and international transfers

Your data is primarily stored in the European Union (EU).Where data is transferred outside the EU/EEA (for example, to the United States), we use Standard Contractual Clauses (SCCs) or equivalent legal safeguards to ensure protection.

7. Data retention

We keep personal data only as long as necessary to provide services, meet legal obligations, or resolve disputes.

Where feasible, we anonymize data for analytics and product improvement.

8. Your data protection rights

Depending on your location, you may have the right to:

Access the personal data we hold about you

Correct inaccurate or incomplete data

Request deletion of your personal data

Restrict or object to processing

Request data portability

Withdraw consent at any time

You can also lodge a complaint with your local data protection authority.

9. Children’s data

Our services are not intended for individuals under 16 years of age, and we do not knowingly collect their personal information.

10. Updates to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations.

The latest version will always be available at candifit.ai/privacy

11. Contact us

Questions, comments, or requests?

We’d love to hear from you — contact us at info@candifit.ai

Last updated: 07/09/2025