Privacy Policy
This Privacy Policy explains how the Candid mobile application (“Candid”, the “App”, “we”, “us”, or “our”) handles information when you use it. We have designed Candid to collect as little data as possible: it has no user accounts, requires no sign-in, and asks for no device permissions. The only information that ever leaves your device is a small amount of anonymous usage analytics, described in detail below.
By using Candid, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
1. Who we are (Data Controller)
The party responsible for your information (“data controller” under the EU/UK General Data Protection Regulation) is:
- Alicja Juntunen, an individual
- Contact: support@get-candid.com
If you have any questions about this policy or your data, you can reach us at the email address above.
2. Scope
This policy applies to the Candid iOS application distributed through the Apple App Store. It does not apply to any third-party services, websites, or apps that we do not operate, even if they are referenced here.
3. Information we collect
3.1 Information we do not collect
We want to be explicit about this. Candid does not collect, request, or store:
- Your name, email address, phone number, or any contact details
- Account credentials (there are no accounts and no login)
- Your photos, camera, microphone, or media library
- Your location
- Your contacts, calendar, or health data
- Any answers, responses, or content you say or share while playing the game (gameplay is verbal and in-person; nothing you answer is recorded or transmitted)
- Any advertising identifiers used for cross-app tracking
Candid requests no operating-system permissions to run.
3.2 Anonymous usage analytics we do collect
To understand how Candid is used and to improve it, the App sends a limited set of anonymous, aggregated usage events through a third-party analytics provider, TelemetryDeck (see Section 5). These events contain:
- Which question categories are selected at the start of a game session (e.g. “Icebreakers”, “Deep”)
- Question interactions — the category of a question viewed and the sequence number within a session (not the specific question text and not your answers)
- Session metrics — the number of questions viewed in a session and how long the session lasted
- A pseudonymous device identifier generated by the analytics SDK, used only to distinguish one device's anonymous usage from another's for counting purposes. This identifier is hashed/salted by the analytics provider and is not linked to your identity and not used to track you across other apps or services.
- Basic technical context automatically included with analytics signals, such as app version and device/OS type, used for diagnostics and aggregate statistics.
These analytics are not linked to any personal identity, are not used for advertising or cross-app tracking, and are used solely for product analytics.
4. How we use information and our legal basis
We use the anonymous analytics described above only to:
- Understand which features and question categories are used
- Measure engagement (such as session length and number of questions viewed)
- Diagnose problems and improve the App's quality and stability
We do not sell your information, we do not share it for advertising, and we do not use it to build a profile about you.
Legal basis (EU/UK GDPR). To the extent any of the anonymous analytics data constitutes personal data under applicable law, we process it on the basis of our legitimate interests (Article 6(1)(f) GDPR) in understanding and improving the App. We have assessed that this processing has a minimal impact on your privacy because the data is anonymous/pseudonymous, is not used for tracking, and is not combined with identifying information. Where local law requires consent for such analytics, we will rely on consent instead.
5. Third-party service providers
We use one third-party service provider to deliver the analytics described above:
TelemetryDeck — a privacy-focused analytics service operated by TelemetryDeck GmbH (Germany). TelemetryDeck is designed to collect anonymous usage signals without tracking individual users; identifiers are hashed/salted so that individuals are not identifiable. Analytics data is processed on infrastructure located in the European Union.
- TelemetryDeck Privacy Policy: telemetrydeck.com/privacy
TelemetryDeck acts as our data processor for analytics. We do not use any other analytics, advertising, crash-reporting, or tracking SDKs.
6. Data sharing and selling
We do not sell or rent your personal information. We do not share it with third parties except for the analytics processor named in Section 5, which acts on our behalf and only as needed to provide its service.
We may disclose information if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of our users or others.
7. Data retention
Because Candid stores no personal data on your device beyond what is needed to run the current session, and because all gameplay is ephemeral, there is no personal data stored locally between sessions.
Anonymous analytics data is retained by our analytics provider for the period described in their policy. Because the analytics data is anonymous, it cannot be associated with you and is retained in aggregate to support historical usage statistics.
8. International data transfers
Our analytics provider processes data within the European Union. If you use Candid from outside the EU, your anonymous analytics signals may be processed on servers located in the EU. Where required, such transfers are protected by appropriate safeguards (for example, the European Commission's Standard Contractual Clauses).
9. Your privacy rights
Depending on where you live, you may have rights regarding your personal data. Because Candid collects only anonymous data and holds no information that identifies you, in most cases we are unable to associate any stored data with a specific individual, which can limit our ability to act on certain requests. Nonetheless, we are committed to honoring applicable rights.
9.1 EU/UK (GDPR) rights
You may have the right to: access your personal data; request correction or deletion; restrict or object to processing; data portability; and to lodge a complaint with your local data protection authority.
9.2 California (CCPA/CPRA) rights
If you are a California resident, you may have the right to know what personal information is collected, to request deletion, to correct inaccurate information, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under California law, and we do not use your data for cross-context behavioral advertising.
9.3 Exercising your rights
To make a request, contact us at support@get-candid.com. We will respond as required by applicable law. We will not discriminate against you for exercising any of these rights.
10. Children's privacy
Candid is intended for adults aged 18 and older, as some question categories contain mature themes. Candid is not directed to children or minors, and we do not knowingly collect personal information from anyone under 18. We do not collect data that would allow us to determine a user's age. If you believe someone under 18 has provided us with personal information, please contact us and we will take appropriate steps.
11. Security
We rely on Apple's platform protections and on our analytics provider's security measures. Analytics signals are transmitted over encrypted connections (HTTPS). Because we collect no accounts, passwords, or identifying personal data, there is no such information to be exposed. No method of transmission or storage is completely secure, but the minimal, anonymous nature of the data we handle substantially limits any risk.
12. Apple App Store privacy information
In line with Apple's requirements, the App's App Store listing includes a privacy summary (“nutrition label”) describing the data collected. The categories disclosed there — Usage Data (product interaction) and Identifiers (a device identifier) — are collected for analytics only, are not linked to your identity, and are not used to track you. This is consistent with the App's bundled privacy manifest.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be reflected in an updated version distributed with a new release of the App. We encourage you to review this policy periodically.
14. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact:
- Alicja Juntunen
- support@get-candid.com