USER ACKNOWLEDGES AND AGREES THAT THE INFORMATION CANDLE AI PROVIDES DOES NOT CONSTITUTE LEGAL ADVICE, AND THAT CANDLE AI DOES NOT, AND DOES NOT INTEND TO, PROVIDE LEGAL ADVICE AND DOES NOT ACT AS YOUR ATTORNEY. YOU ARE ADVISED TO CONSULT WITH A LICENSED ATTORNEY REGARDING ANY IMMIGRATION LAW MATTER.
Candle AI Privacy Policy
Candle AI, Inc. ("Candle AI", "we", "our", or "us") provides AI-powered email composition, template management, and email insights tools for law firms and legal professionals. Our services are delivered through a browser extension (Chrome) and an Outlook add-in, as well as through our website at trycandle.ai.
This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our services. By using Candle AI, you agree to the practices described in this policy.
If you have questions, contact us at: privacy@trycandle.ai
Personal Information We Collect
We collect personal information relating to you (“Personal Information”) as follows:
Personal Information You Provide:
We collect Personal Information as follows if you create an account to use our Candle AI Services, use our Candle AI Services, or communicate with us:
Account registration: Name, email address, and professional details when you create an account.
Demo requests: If you submit a demo request through our website, we collect your name, email address, and law firm details via our scheduling form.
Integration credentials: When you connect third-party services, you may provide API keys, client credentials, or access tokens. These are stored securely and used solely to authenticate requests on your behalf.
Personal Information We Receive Automatically from Your Use of the Candle AI Services:
From Our Application (Extension / Add-in)
Email content and metadata: When you connect your email account, we access email threads, message metadata (sender, recipient, subject, timestamps), and message bodies to power features such as draft generation, summarization, and inbox insights.
Document content: If you connect a cloud document service, we read document content to generate document-based insights.
Usage data: Feature interactions, session duration, and in-app actions to improve the product.
Authentication tokens: OAuth tokens and session credentials required to maintain your connected integrations.
From Our Website (trycandle.ai)
Analytics data: We use web analytics services to collect information about how visitors interact with our website, including pages visited, time on site, browser type, device type, and approximate location derived from IP address. This data is aggregated and used to improve our website.
Advertising and retargeting data: We use social media advertising pixels to track website visits and serve targeted advertisements to people who have visited our website. These services may collect your IP address, browser identifiers, and browsing behavior.
Website visitor identification: We use website visitor identification services to identify companies visiting our website based on IP addresses and other signals. These services may collect IP address, company-level identifiers, and approximate location data.
Demo scheduling and CRM: Our demo scheduling form is powered by a third-party CRM platform, which collects your name, email address, and firm details when you submit a demo request. This platform may also set cookies to track your interactions with our website across sessions.
Log data: Server logs may include your IP address, browser type, referring URL, and timestamps.
2.3 Information from Third-Party Integrations
When you connect email, document, or case management services, we access data from those systems only as needed to deliver the specific features you have enabled.
How We Use Personal Information
We use the information we collect to:
Provide and operate the service: Process emails, generate AI-powered drafts, surface case information, and deliver inbox insights.
Authenticate and manage your account: Verify your identity and manage your connected integrations.
Improve the product: Analyze usage patterns (in aggregate) to identify bugs, improve features, and enhance performance.
Communicate with you: Send service-related notifications, product updates, and respond to support requests.
Marketing and advertising: Use website analytics and tracking data (as described in Section 2.2) to understand our audience and run targeted ad campaigns.
Legal compliance: Meet our legal obligations and enforce our terms of service.
We do not:
Use your email content, case data, or document content to train AI models.
Sell your personal data to third parties.
Use your Google user data for any purpose other than delivering the features you have enabled.
How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only in the followin circumstances:
3.1 Infrastructure Sub-Processors
We use a limited set of vetted cloud infrastructure providers to operate our service. These sub-
processors act under strict data processing agreements and handle data only as directed by us:
Cloud hosting and storage: We use cloud infrastructure providers for hosting, encrypted database storage, and compute. Data is stored in encrypted form at rest and in transit.
AI inference: We use AI model inference providers to generate email drafts and summaries. Only the minimum necessary content is sent for inference; data is not retained by these providers for model training.
3.2 Third-Party Website Tools
Our website uses third-party analytics, advertising, and CRM tools as described in Section 2.2.
Each provider operates under its own privacy policy. You can find links to those policies on the respective provider's website.
3.3 Legal Requirements
We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Candle AI, our users, or the public.
3.4 Business Transfers
If Candle AI is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
Your Rights
Depending on location, individuals may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:
Access your Personal Information and information relating to how it is processed;
Have your Personal Information deleted from our records;
Rectify or update your Personal Information;
Transfer your Personal Information to a third party (right to data portability);
Restrict how we process your Personal Information;
Withdraw your consent—where we rely on consent as the legal basis for processing at any time;
Object to how we process your Personal Information; and/or
Lodge a complaint with your local data protection authority.
You can exercise some of these rights through your Candle AI account. If you are unable to exercise your rights through your account, please submit your request to our customer service at contact@trycandle.ai.
Additional U.S. State Disclosures
The following table provides additional information about the categories of Personal Information we collect and how we disclose that information.
Category of Personal Information
Disclosure of Personal Information
Identifiers, such as your name, contact details, IP address, and other device identifiers
We may disclose this information to our affiliates, vendors, and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; to parties involved in Transactions; to corporate administrators of enterprise or team accounts; and to other users and third parties you choose to share it with.
Commercial Information, such as your transaction history
We may disclose this information to our affiliates, vendors, and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; to parties involved in Transactions; and to corporate administrators of enterprise or team accounts.
Network Activity Information, such as User Content and how you interact with our Candle AI Services
We may disclose this information to our affiliates, vendors and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; to parties involved in Transactions; and to other users and third parties you choose to share it with.
Geolocation Data
We may disclose this information to our affiliates, vendors and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; and to parties involved in Transactions.
Your account login credentials and payment card information (Sensitive Personal Information)
We disclose this information to our affiliates, vendors and service providers, law enforcement, and parties involved in Transactions
You can read more about the Personal Information we collect in “Personal information we collect” above, how we use Personal Information in “How we use personal information” above, and how we retain Personal Information in “Security and Retention” below.
To the extent provided for by local law and subject to applicable exceptions, individuals may have the following privacy rights in relation to their Personal Information:
The right to know information about our processing of your Personal Information, including the specific pieces of Personal Information that we have collected from you;
The right to request deletion of your Personal Information;
The right to correct your Personal Information; and
The right to be free from discrimination relating to the exercise of any of your privacy rights.
We don’t “sell” Personal Information or “share” Personal Information for cross-contextual behavioral advertising (as those terms are defined under applicable local law). We also don’t process sensitive Personal Information for the purposes of inferring characteristics about a consumer.
Exercising Your Rights. To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request through our customer service at contact@trycandle.ai.
Verification. In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.
Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted to our customer service at contact@trycandle.ai.
Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request to our customer service at contact@trycandle.ai.
California Privacy Rights.If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit: California Consumer Privacy Act (CCPA).
California’s “Shine the Light” law (Civil Code § 1798.83) permits users of our Website or App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to contact@trycandle.ai.
Children
Our Candle AI Services are not directed to children under the age of 18. Candle AI does not knowingly collect Personal Information from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Information to Candle AI through the Candle AI Services, please email us at our customer service at contact@trycandle.ai. We will investigate any notification and if appropriate, delete the Personal Information from our systems. If you are 13 or older, but under 18, you must have permission from your parent or guardian to use our Candle AI Services.
California residents under 18 years of age may have additional rights regarding the collection and sale of their personal information. Please see California Privacy Rights above for more information.
Links to Other Websites
The Candle AI Services may contain links to other websites not operated or controlled by Candle AI, including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
Security and Retention
We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Candle AI Services or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Candle AI Services, or third-party websites.
If you discover or believe you have found a security vulnerability in our systems, please report it responsibly by contacting us at security@trycandle.ai.
We’ll retain your Personal Information for only as long as we need in order to provide our Candle AI Services to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.
Google User Data
When you connect your Google account to Candle AI, we request a limited set of access scopes necessary to provide our core functionality. These include access to your basic profile for login, Gmail (read, modify, metadata) for email insights, Google Pub/Sub for real-time inbox notifications, and Google Drive (read) for document insights. Permissions are opt-in and are only requested when you choose to enable specific features.
We use your data solely to deliver key features such as summarizing incoming emails, creating and saving draft responses, and extracting insights from documents. We do not use your data for advertising, model training, or resale. Access to your data is strictly limited to essential services and is shared only with a small set of vetted infrastructure sub-processors operating under strong confidentiality and data security agreements.
Any data derived from your Gmail or Drive (e.g., summaries, metadata) is stored in encrypted form and retained only while your Candle AI account remains active to ensure fast performance and continuity. If you choose to disconnect your account or request deletion, all associated Google data is permanently purged within 30 days.
Candle AI’s use of Google user data fully complies with the Google API Services User Data Policy, including its Limited Use requirements.
International Users
Your Personal Information will be processed in the United States but may be subject to laws of other jurisdictions depending on your location.
By using our Candle AI Services, you understand and acknowledge that your Personal Information will be processed and stored in our facilities and servers in the United States and may be disclosed to our service providers and affiliates in other jurisdictions.
Legal Basis for Processing. Our legal bases for processing your Personal Information include:
Performance of a contract with you when we provide and maintain our Candle AI Services. When we process Account Information, User Content, and Technical Information solely to provide our Candle AI Services to you, this information is necessary to be able to provide our Candle AI Services. If you do not provide this information, we may not be able to provide our Candle AI Services to you.
Our legitimate interests in protecting our Candle AI Services from abuse, fraud, or security risks, or in developing, improving, or promoting our Candle AI Services, including when we train our models. This may include the processing of Account Information, User Content, Social Information, and Technical Information.
Your consent when we ask for your consent to process your Personal Information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
Compliance with our legal obligations when we use your Personal Information to comply with applicable law or when we protect our or our affiliates’, users’, or third parties’ rights, safety, and property.
Data Transfers. Where required, we will use appropriate safeguards for transferring Personal Information outside of certain countries. We will only transfer Personal Information pursuant to a legally valid transfer mechanism.
Data Protection Officer. You can contact our data protection officer at contact@trycandle.ai in matters related to Personal Information processing.
Changes to the Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.
How to Contact Us
Please contact us if you have any questions or concerns not already addressed in this Privacy Policy.