Transparency

We publish what we can. We tell you when we cannot.

Trust requires accountability. This page documents Candidfy's legal request history, our disclosure protocol, and our warrant canary. It is updated every six months.

Warrant Canary — May 2026

As of May 2026, Candidfy has not received any national security letters, gag orders, or secret court orders that would prevent us from disclosing the existence of government surveillance. We have not been compelled to modify our systems to facilitate surveillance. We have not been subject to any order that prohibits us from publishing this statement.

This canary is updated monthly. If it is not updated or is removed, it signals that we have received such an order and are legally prevented from disclosing it. This page was last updated: May 13, 2026.

Legal requests — cumulative record

Period	Requests received	Complied with	Challenged	User data disclosed
Launch – May 2026	0	0	0	0

Next update: November 2026.

Our disclosure protocol

When Candidfy receives a legal request for user data, we follow this process without exception:

Legal review

Every request is reviewed by qualified legal counsel. We verify jurisdiction, specificity, proportionality, and legal authority before taking any action.

User notification

Where legally permitted, we notify the affected user before complying. Where notification is legally prohibited, we log the prohibition and include it in our next transparency report.

Challenge where appropriate

We challenge requests that are overbroad, lack proper jurisdiction, or seek bulk data rather than specific individuals.

Dual-key authorisation

Disclosure requires simultaneous authorisation from two independent Candidfy officers. No single person can complete a disclosure alone.

Minimum disclosure

We disclose only the specific data required by the legal order — nothing more.

Permanent audit log

Every disclosure is immediately recorded in an append-only, tamper-evident audit log that cannot be modified or deleted.

What we will not do

Candidfy will never voluntarily disclose sender identity without valid legal process. We will never comply with informal requests from law enforcement. We will never comply with civil litigation requests without a court order. We will never disclose data in bulk. We will never build backdoors or weaken our encryption at the request of any government.

Data retention

Raw message contentDeleted immediately after AI processing

Rewritten message contentDeleted 30 days after recipient reads it

Recipient contact (email/phone)Deleted after delivery confirmation

Account email/phoneRetained while account is active; deleted on account deletion request

Delivery logsRetained 90 days for abuse prevention; pseudonymous only

IP address logsRetained 7 days; gateway level only

Audit logsRetained indefinitely; append-only, tamper-evident

Contact

Legal requests: legal@candid.app
Privacy enquiries: privacy@candid.app
Security concerns: security@candid.app