Privacy policy

Last updated: October 2025

Who we are

Supercandidate.io is operated by Memnto LLC, 102 Gold Ave SW, Albuquerque, NM 87102, USA (“we”, “us”). We act as the data controller for the processing described here. Contact: hello@supercandidate.io.

Scope

This policy explains how we collect, use, share, store, and protect personal data when you use our website and app that tailor résumés/CVs to job offers and generate PDFs (the “Service”).

What we collect

  • Account data: name, email, password hash, preferences.

  • User Content: CVs/résumés, job descriptions, notes, and related metadata (may include identity, contact, education, work history, skills, links).

  • Usage & device data: pages/features used, timestamps, IP address, device/browser, crash logs, diagnostics, cookies/SDK events.

  • Payments: billing info processed by our payment provider (we do not store card numbers).

  • Support: messages and attachments you send us.

How we collect it

  • Directly from you: account creation, uploads, support.

  • Automatically: cookies, local storage, SDKs, server logs.

  • From third parties: payment, hosting, analytics providers (acting under our instructions).

PII masking before any AI processing

Before processing uploaded résumés/CVs, we programmatically detect and mask personal identifiers (e.g., name, email, phone, address, social/profile links).

  • Masked text is used for analysis by our systems and any AI/ML processors.

  • Unmasked data is never shared with partners, AI providers, LLMs, or similar.

  • We re-apply your identifiers only in the final output visible to you.

  • We never sell personal information. Our business model is providing the Service, not selling data.

Why we use data & legal bases (GDPR)

  • Provide the Service (contract): generate tailored outputs, authenticate users, operate features, process payments.

  • Improve & secure (legitimate interests): analytics, debugging, fraud/abuse prevention, quality.

  • Communications (contract/consent): transactional emails; optional product updates/marketing only if you opt in.

  • Legal compliance (legal obligation): tax, accounting, regulatory requests.

AI processing

We may use vetted AI/ML processors to run the Service. User Content is processed in masked form. We do not use your User Content to train third-party models. Any broader training would be opt-in and off by default.

Sharing your data

We do not sell or “share” personal data (as defined by applicable laws). We disclose data only to:

  • Service providers (processors): hosting, AI inference (masked data only), email, analytics, payments, support—bound by data-processing agreements.

  • Legal/disclosure: when required by law or to protect rights, safety, or our systems.

  • Business transfers: in a merger/acquisition, with appropriate safeguards.

International transfers

Data may be processed outside the EEA (including the US). We use EU Standard Contractual Clauses and complementary measures, or other approved mechanisms, as required.

Cookies & short-term continuity

We use cookies and similar tech to run the Service, enhance security, analyze usage, and preserve your in-progress session for a seamless experience if you’re interrupted.

  • Session continuity data is kept anonymously for a few days and then deleted automatically if you don’t return.

  • If you consented to emails, we may send a one-time reminder to continue your session; if you don’t return, we delete this temporary data—including the email used for that reminder.

  • Manage preferences via your browser and (if available) our Cookie Settings.

Retention

  • Account data: kept while your account is active; deleted on request or account deletion, subject to minimal legal holds.

  • User Content: retained only as needed to provide the Service; you can delete uploads or request deletion.

  • Usage/logs: typically up to 12 months, then deleted or anonymized unless needed for security/compliance.

  • Payments: retained as required by tax/accounting laws.

Your rights (GDPR/EEA)

You may access, rectify, erase, restrict or object to processing, request portability, and withdraw consent at any time (where applicable). You can lodge a complaint with your local supervisory authority. Contact: hello@supercandidate.io. We respond within one month (extendable for complex requests).

Account & data deletion

You may delete your account at any time. When you do, we permanently delete your personal data and User Content without delay, except for minimal records we must retain by law (e.g., invoices/fraud-prevention logs), which are kept only for the legally required period and then deleted.

Security

We apply technical and organizational measures (encryption in transit, access controls, least-privilege, monitoring). No method is 100% secure; residual risk remains, but we work continuously to protect your data.

Children

The Service is for users 18+. We do not knowingly collect data from children.

Changes

We may update this policy. Material changes will be notified in-product or by email. Continued use after the effective date indicates acceptance.

Contact

Memnto LLC — Privacy
102 Gold Ave SW, Albuquerque, NM 87102, USA
hello@supercandidate.io