Candle AI, Inc., its affiliates, and subsidiaries (“Candle AI” “we,” “our,” or “us”) values your privacy. We provide AI-powered email composition, template management, and email insights tools for law firms and legal professionals. Our services are delivered through a browser extension (Chrome) and an Outlook add-in, as well as through our website at trycandle.ai. This Privacy Notice (“Notice”) describes how Candle AI collects, uses, discloses, and otherwise processes personal information described in this Notice, as well as the rights and choices individuals may have regarding such personal information.
For additional information about the privacy choices you may have regarding your personal information, please review Section 6, Your Privacy Choices. If you are a resident of Canada, please see Section 12, “Additional Privacy Information for Residents of Canada” for information about the personal information that we may collect about you and your rights under Canadian Privacy Laws.
By using our Services (as defined below), you agree that your personal information will be handled as described in this Notice. Your use of our Services and any dispute over privacy, is subject to this Notice and our Terms of Use including their applicable terms governing limitations on damages and the resolution of disputes.
Except as otherwise described below, this Notice applies to our online and offline personal information processing activities including, but not limited to: visitors to our website where this Notice is posted, including trycandle.ai (the “Site”); individuals who create an account with us to access Services; individuals who register for or participate in our events, surveys, research, and promotions conducted by us; individuals who subscribe to receive news, information, and marketing communications and materials from us; current, former, and prospective business partners, and service providers; and individuals who communicate or otherwise interact or engage with us or the services available through our Site or other online services (collectively referred to as the “Services”).
We collect personal information directly from you, from third-party sources, and automatically through your use of the Services. To the extent permitted by applicable law, we may combine the personal information we collect from publicly available or third-party sources. The personal information we collect varies depending upon your use of our Services and our interactions with you.
Personal Information Collected Directly. We may collect the following personal information directly from you:
· Identifiers/Account Information. When you create an account in connection with our Services, sign up for a demo request, and/or otherwise engage with our Services, we may collect your name and email address.
· Communications and Interactions. When you communicate or interact with us or our Services, including if you complete forms on our Site, interact with our social media pages, post a review or testimonial, or otherwise engage with us, we may collect your name, email address, phone number, social media handle, or other similar identifiers, as well as your message, the nature of your inquiry, and any other information you choose to provide.
· Purchases and Payments. When you purchase our Services, we may collect email, payment information, including credit card details and billing information, and business name to allow our third-party payment providers to process such transactions.
· Promotional Information. If you agree to receive marketing communications from us, we may collect your contact details, preferences, and if relevant, information about your account including the Services and features you use.
· Responses and Feedback. If you participate in surveys, questionnaires, or research activities or initiatives conducted by us, such as for market research, user satisfaction, or other similar purposes, we may collect your responses and feedback, and any other information you choose to provide.
· Professional Information. We may collect certain contact details, job title, firm details, and other similar information.
· Preferences and Other Requests. We may collect information about your preferences, including communications preferences, preferences related to your use of our Services, and any other preferences or requests you provide when interacting with us.
· Google User Data. When you connect your Google account to Candle AI, we request a limited set of access scopes necessary to provide our core functionality. These include access to your basic profile for login, Gmail (read, modify, metadata) for email insights, Google Pub/Sub for real-time inbox notifications, and Google Drive (read) for document insights. Permissions are opt-in and are only requested when you choose to enable specific features. Access to your data is strictly limited to essential services.
· Integration Credentials. When you connect third-party services, you may provide API keys, client credentials, or access tokens. These are stored securely and used solely to authenticate requests on your behalf.
Personal Information Collected from Third Parties. We may collect and receive personal information from third-party sources, such as business partners, data analytics and marketing providers, operating systems, social media platforms, public databases, service providers or other third parties. We may collect the following information from third-party sources:
· Lead and Prospect Information.We may receive lead information from third parties about prospective firms that may be interested in our Services. We may also engage with third parties to enhance or update our customer information. For example, we may receive certain personal information from data analytics and marketing providers for marketing and advertising purposes, and for purposes of reaching new customers.
· Third-Party Integrations. When you connect email, document, or case management services, we access data from those systems only as needed to deliver the specific features you have enabled.
Personal Information Collected Automatically. We may automatically collect or derive personal information related to your use of our Services, including through the use of cookies, pixel tags, and other similar technologies. This may include:
· Device and Browsing Information. When you use our Services, we may collect browser type, domain name, page views, access times, date/time stamps, operating system, language, device type, unique ID, Internet service provider, referring and exiting URLs, clickstream data, and other similar device and browsing information.
· Activities and Usage. We may collect activity information related to your use of the Services, such as information about the links clicked, searches, features used, items viewed, time spent within the Services, your interactions with us within the Services, and other similar activity and usage information.
· Location Information. We may collect or derive general location information, such as through your IP address.
· From Our Application (Extension / Add-in)
- Email content and metadata: When you connect your email account, we access email threads, message metadata (sender, recipient, subject, timestamps), and message bodies to power features such as draft generation, summarization, and inbox insights.
- Document content: If you connect a cloud document service, we read document content to generate document-based insights.
- Usage data: Feature interactions, session duration, and in-app actions to improve the product.
- Authentication tokens: OAuth tokens and session credentials required to maintain your connected integrations.
For more information about our use of cookies and other similar technologies, please see the Cookies and Other Tracking Mechanisms section below.
Generally, we may collect, use, disclose and otherwise process the personal information we collect for the following purposes:
· Services and Support. To provide and operate our Services, communicate with you about your use of the Services, provide troubleshooting, technical support, and for similar support purposes, respond to your inquiries, fulfill your requests, and to otherwise run our day-to-day operations.
· Account Creation and Management. To enable account creation and management, including allowing you to set preferences and to verify your identity and manage your connected integrations.
· Analytics and Improvement. To better understand how users access and use the Services, and for other research and analytical purposes, such as to evaluate, develop, and improve our Services and business operations, and for internal quality control and training purposes.
· Google User Data. We use your data solely to deliver key features such as summarizing incoming emails, creating and saving draft responses, and extracting insights from documents.
· Communication. To respond to your questions, send you requested materials, including information and materials regarding our Services and our offerings. We may also use this information to send administrative information to you, for example, information regarding the Services and changes to our terms and policies.
· Customization and Personalization. To tailor content we may send, including to offer location customization and to otherwise personalize your experiences and offerings.
· Marketing and Advertising. For marketing, advertising, and promotional purposes. For example, to send you promotional information about our Services, including information about new offerings, as well any other information that you sign up to receive.
· Research and Surveys. To administer surveys and questionnaires, such as for market research or user satisfaction purposes.
· Security and Protection of Rights. To protect the Services and our business operations, and to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use.
· Compliance and Legal Process. To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority.
· Auditing, Reporting, and Other Internal Operations. To conduct financial, tax and accounting audits, audits and assessments of our operations, including our privacy, security and financial controls, as well as for risk and compliance purposes. We may also use personal information to maintain appropriate business records and enforce our policies and procedures.
· General Business and Operational Support. To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings, and to administer our business, accounting, auditing, compliance, recordkeeping, and legal functions.
· Consent. We may use your personal information for other purposes where you have provided your consent.
We may disclose the personal information we collect for the purposes described above with the following recipients and in the following circumstances:
· Vendors and Services Providers. We may disclose personal information we collect to our service providers, processors, and others who perform functions on our behalf. These may include, for example, IT service providers, cloud storage and hosting providers, AI model inference providers, analytics providers, consultants, auditors, and legal counsel.
· Marketing and Analytics Providers. We may make personal information available to third parties to support our marketing, analytics, advertising, and campaign management.
· Compliance and Legal Obligations. We may disclose personal information to third parties to comply with our legal and compliance obligations and to respond to legal processes. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements. This may include regulators, government entities, and law enforcement as required by law or legal process.
· Security and Protection of Rights. We may disclose personal information where we believe it is necessary to protect the Services, our rights and property, or the rights, property and safety of others. For example, we may disclose personal information in order to (i) prevent, detect, investigate and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) situations involving potential threats to the health, safety, or legal rights of any person or third party, or (iii) enforce, and detect, investigate and take action in response to violations of our Terms of Use. We may also disclose information, including personal information, related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
· In Support of Business Transfers. If we are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. We may also share certain personal information as necessary prior to the completion of such a transaction or corporate transactions such as financings or restructurings, to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence or as necessary to plan for a transaction.
· Aggregate and Deidentified Information. Notwithstanding anything else in this Notice, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services with third parties for quality control, analytics, research, development, and other purposes.
· Other Disclosures. We may disclose personal information in other ways not described above, but will notify you and, if necessary, obtain your consent.
We may use cookies, pixels, local storage objects, log files, APIs, and other mechanisms to automatically collect browsing, activity, device, and similar information within our Services and to target advertising and content. We may also engage third parties or service providers to do the same. We may use this information to, for example, analyze and understand how visitors interact with our Services; identify and resolve bugs and errors in our Services; assess, secure, protect, optimize and improve the performance of our Services; conduct marketing and analytics activities; and personalize content in our Services. To manage your preferences regarding cookies, targeted advertising, and other tracking mechanisms within our Services, please see Your Privacy Choices below.
Cookies. Cookies are alphanumeric identifiers that we transfer to your device’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Services, while others are used to enable a faster log-in process, support the security and performance of the Services, or allow us to track activity and usage data within Service. You can view our Cookie Policyhere .
Pixel Tags. Pixel tags (sometimes called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. While cookies are stored locally on your device, pixel tags are embedded invisibly within web pages and online content. We may use these, in connection with our Services to, among other things, track the activities of users, help us manage content and compile usage statistics. We may also use these in HTML e-mails we send, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.
Local Storage Objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web servers to cache certain information in order to enable faster loading of pages and content when you return to our websites. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.
Third-Party Analytics and Tools. We may use third-party tools, such as Google Analytics, which are operated by third-party companies. These third-party analytics companies may use cookies, pixels, and other similar tools to collect usage data about our Services in order to provide us with reports and metrics that help us evaluate usage of our Services and improve performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Cross-Device Tracking. We and our third-party providers may use the information we collect within our Services and on other third-party sites and services to help us and these third parties to identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.).
Third-Party Advertising . We may work with third parties, such as ad networks, channel partners, mobile ad networks, analytics and measurement services and others (“third-party ad companies”) to personalize content and display advertising within our Services, as well as to manage our advertising on third-party sites, mobile apps and online services. We may share certain information with these third-party ad companies, and we and them may use cookies, pixels tags, and other tools to collect usage and browsing information within our Services, as well as on third-party sites, apps, and services, such as IP address, location information, device ID, cookie and advertising IDs, and other identifiers, as well as browsing information. We and these third-party ad companies use this information to provide you more relevant ads and content within our Services and on third-party sites and apps, and to evaluate the success of such ads and content.
Some of these third-party ad companies may also use the information they collect through our Services for their own independent purposes and subject to their own privacy policies, including to improve their own products and services, to build and maintain user profiles, to personalize advertisements they serve on behalf of other advertisers, and for their own analytics and market research. In such cases, these third parties act as independent controllers of your information rather than as service providers acting solely on our behalf.
These third-party ad companies include Meta, whose Meta pixels we use for the purposes described above, and Meta may use for its own purposes. Meta’s privacy policy for the processing of personal information in connection with this activity can be found here: www.facebook.com/privacy/policy/.
We make available several ways that you can manage your privacy choices and submit privacy requests related to your personal information. Some of these choices are browser and device specific, which means that you need to set the preference for each browser and device you use to access our Services. In addition, if you delete or block cookies, you may need to reapply these preferences to each browser and/or device used to access our Services.
These options include:
· Account Information. You can review and update some of the personal information we maintain about you by logging into your account and updating your information directly within our Services.
· Marketing Communications. We may send periodic promotional emails or other similar communications to you, in accordance with applicable law. You may opt out of these communications by following the instructions provided to you in the communication. If you opt out of receiving promotional content from us, we may still send you communications about your account or any services you have requested or received from us.
· Cookie Settings. To prevent cookies from tracking your activity on our Site or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. You can also manage cookies through our Cookie Settings feature on our Website. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function.
· Browser Signals/Do Not Track. Our site currently does not respond to “Do Not Track” signals.
· Industry Ad Choice Programs. You can also control how participating third-party ad companies use the information that they collect about your visits to our Site and those of third parties, in order to display more relevant targeted advertising to you. If you are in the U.S., you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks at aboutads.info/choices (Digital Advertising Alliance). Opting out of participating third-party ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Site. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
Our Service may contain links to third-party websites or features or provide certain third-party connections or integrated services. Any access to and use of such linked websites, features, or third-party services is not governed by this Notice. We are not responsible for the information practices of such third parties, including their collection, use, and disclosure of your personal information. You should review the privacy policies and terms for any third parties before proceeding to those websites or using those third-party features or services.
Our Services are not designed for individuals under 18, and we do not knowingly collect personal information from minors under 18. If you are a parent or legal guardian and you believe we have collected your minor’s information, please contact us using the contact information in the Contact Us section below.
We have implemented safeguards intended to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Please be aware that despite our efforts, no data security measures can guarantee security.
This Notice is current as of the effective date set forth above. We may change this Notice from time to time, so please be sure to check back periodically. We will post any updates to this Notice on this page. If we make material changes to how we collect, use, or disclose the personal information we have previously collected, we will endeavor to provide you prior notice, such as by emailing you or posting prominent notice on our website or within the Services.
If you have any questions or concerns regarding this Notice or our privacy practices, you may contact us at contact@trycandle.ai.
12. Additional Privacy Information for Residents of Canada
This section contains supplemental information for residents of Canada, except those in the Province of Quebec. To the extent that this section and the broader language of the Notice conflict, the provisions of this section will prevail for Canadian residents only. You may have different rights depending on your province or territory of residence within Canada.
For the purposes of this section, “personal information” includes “personal information” and any other equivalent or similar expression under applicable Canadian federal and provincial privacy laws.
A. Personal Information We Process
Unless otherwise permitted by the laws applicable in your province or territory of residence, and despite anything to the contrary in the Notice above, we will only collect, use and disclose information about you in accordance with Canadian law. In particular, we will only collect, use and disclose the personal information identified in Section 2, Personal Information Collected, with your consent unless otherwise required or permitted by Canadian law.
You are generally not obliged to provide your personal information to us, but we may be unable to provide Services to you if you refuse to provide certain personal information.
B. Purposes for Processing Your Personal Information
In general, we process your personal information for the purposes identified in Section 3, Purposes for Collecting and Processing Personal Information, to the extent permissible under Canadian law.
Despite anything to the contrary in the Notice, and subject to applicable laws, we may collect, use, disclose and otherwise process your personal information for the purposes set out above and as otherwise required or permitted by law. Unless otherwise permitted by the laws applicable in your province or territory of residence, we will only collect, use or disclose your personal information with your consent.
C. Sharing of Personal Information
We will only share your personal information as required or authorized by applicable Canadian law.
Your personal information may be disclosed, stored and processed outside of your province or territory of residence, in any jurisdiction where we have facilities or in which we engage service providers. Your information will be transferred to jurisdictions outside of your place of residence and outside of Canada, including the United States. Applicable laws in those jurisdictions might permit local governments, courts, law enforcement or regulatory agencies to access the personal information. In these cases, we will comply with local law requirements relating to access and disclosure of personal information.
D. Retention of Personal Information
We retain the personal information we collect as reasonably necessary for the purposes described in Section 3, Purposes for Collecting and Processing Personal Information (or as otherwise disclosed to you at the time of collection) or for our reasonable business and legal purposes. Where permitted by applicable law, we may de-identify or aggregate your personal information, rather than delete your personal information, and use it in compliance with applicable Canadian law. If we use your personal information to make a decision that affects you, we will retain your personal information for at least one year except as otherwise required or authorized by applicable law.
E. Withdrawal of Consent
You have the right to withdraw consent to use or disclosure of your personal information at any time. Please see Section 6, Your Privacy Choices. You may also email us at contact@trycandle.ai.
We may be unable to provide you with certain aspects, features or functionality of our Services if you withdraw your consent. Withdrawing your consent will not affect the lawfulness of any processing that happened before that withdrawal, nor does it create an obligation for us to delete personal information that we are otherwise allowed or required to retain under applicable law.
F. Your Rights
Depending on your province or territory of residence, you can request access to or correction of the personal information we have collected about you.
Your right to access or correction of the personal information that we hold about you is not absolute. Applicable laws may allow or require us to refuse to provide some or all of the personal information that we hold about you. If we refuse a request to access your personal information, we will notify you in writing, advise you of the reasons for refusal, and outline further steps which are available to you. If we refuse a request for correction of your personal information, we will annotate our records to show that the correction was requested but not made.
For further information regarding your rights, to exercise any of your requests, or to ask any questions about the processing of your personal information, please contact us at contact@trycandle.ai.