CandleKeep

Privacy Policy

Last updated: March 2026

1. Data Controller

CandleKeep is operated by Sahar Carmel as a sole proprietorship based in Israel. For any privacy-related questions or requests, you can reach our data protection contact at [email protected].

As a small company, we do not have a designated Data Protection Officer. For all data protection inquiries, contact our data protection lead at [email protected].

2. What We Collect

We collect the following categories of personal data:

  • Account data — provided via our authentication provider (Clerk): name, email address, and profile image.
  • Uploaded documents — PDFs, EPUBs, and Markdown files you add to your library, along with associated metadata.
  • Usage data — page views, feature usage, and interaction events. Client-side analytics (PostHog) are collected only with your consent. Certain server-side events (e.g., onboarding steps, subscription changes, desktop downloads) are logged under our legitimate interest in operating and improving the service, regardless of cookie consent.
  • Device & browser info — browser type, operating system, and screen resolution, collected only when client-side analytics consent is granted.
  • Technical identifiers — IP addresses and user agent strings may be collected for download tracking, abuse prevention, and analytics. IP addresses are not displayed in our admin interface and are used only for deduplication and security purposes.
  • Billing data — email address and subscription status, processed by our billing provider (Polar). We do not store payment card details directly; these are handled by Polar's payment processor.
  • Service usage logs — records of which library items you access, pages read, and API calls made. These are used to enforce usage limits, provide reading history, and improve the service.

3. Lawful Basis for Processing (GDPR Art. 6)

  • Contract performance — processing your account data and documents is necessary to provide the CandleKeep service you signed up for.
  • Legitimate interest — security monitoring and service improvement, balanced against your privacy rights.
  • Consent — client-side analytics cookies are only activated when you explicitly opt in via our consent banner.
  • Legitimate interest — server-side event logging (onboarding, subscriptions, downloads) is necessary for operating the service, enforcing usage limits, and preventing abuse.

4. How We Use Your Data

  • To provide and maintain the CandleKeep service
  • To authenticate you and manage your account via Clerk
  • To process, store, and serve your uploaded documents
  • To monitor and protect the security of our infrastructure
  • To improve the product through analytics (client-side tracking requires your consent; server-side operational events are processed under legitimate interest)
  • To enforce usage limits and subscription tiers
  • To track downloads and prevent abuse

5. Cookies & Analytics

Essential cookies — authentication session cookies are always active as they are required for the service to function. These cannot be disabled.

Analytics cookies (client-side) — we use PostHog for product analytics. Client-side tracking is disabled by default and only activated if you explicitly accept cookies via our consent banner. Withdrawing consent is as simple as changing your cookie preferences — no account changes required. If you reject non-essential cookies, no client-side analytics data is collected.

Server-side event logging — certain events are logged server-side regardless of cookie consent, under our legitimate interest in operating the service. These include: subscription changes, onboarding steps, desktop app downloads, CLI token generation, and try-flow funnel events. These events are tied to your user ID (when authenticated) or IP address (for anonymous downloads) and are sent to PostHog for analysis.

You can change your cookie preferences at any time using the cookie preferences link in the site footer.

6. Automated Decision-Making

CandleKeep does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you. Document processing (e.g., PDF text extraction) is purely mechanical and does not involve profiling or algorithmic decision-making about individuals.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or a jurisdiction that grants equivalent rights, you have the following rights under the General Data Protection Regulation:

  • Access (Art. 15) — request a copy of the personal data we hold about you.
  • Rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
  • Restriction (Art. 18) — request that we limit the processing of your data.
  • Portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — object to processing based on legitimate interests.
  • Withdraw consent (Art. 7(3)) — withdraw consent for analytics at any time via the cookie preferences link in the footer.
  • Lodge a complaint — you have the right to lodge a complaint with your local supervisory authority. For users in Israel, this is the Privacy Protection Authority (PPA). For EU residents, you may contact your national data protection authority.

We will respond to all data subject requests within one calendar month. In complex cases, this may be extended by up to two additional months, in which case we will inform you of the extension and the reasons for the delay.

To exercise any of these rights, contact us at [email protected].

8. Your Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act grants you the following rights:

  • Right to know — request details about the categories and specific pieces of personal data we have collected.
  • Right to delete — request deletion of personal data we have collected from you.
  • Right to opt-out of sale — we do not sell your personal data to third parties.
  • Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
  • Right to correct — request correction of inaccurate personal information we hold about you.

9. Data Retention

We retain your data only as long as necessary to provide the service and comply with legal obligations. Here is our general approach:

  • Your documents and account data — retained while your account is active.
  • Usage and analytics data — managed by our analytics provider (PostHog) according to their retention policies. You can opt out at any time.
  • Server and access logs — infrastructure logs are retained according to our hosting provider's (Railway) retention policies. Application-level access logs are deleted when your account is deleted.
  • Deleted accounts — when you delete your account via Clerk, we immediately delete your documents from storage and cascade-delete your personal data (items, access logs, API usage, subscriptions, sessions) from our database. Note: anonymized or session-based analytics records (e.g., try-flow events, download tracking) that are not linked by a database relation may persist, but these do not contain identifying information beyond an optional IP address.
  • DMCA records — records of copyright takedown notices and counter-notices are retained for a minimum of 3 years to support repeat infringer tracking and legal compliance.

As we mature, we will implement more granular automated retention controls and update this section accordingly.

10. International Data Transfers

Your data may be processed outside your country of residence. We ensure appropriate safeguards are in place for all international transfers:

  • PostHog — EU (Frankfurt). Data stays within the EEA.
  • Clerk — US. Transfers are subject to Clerk's data processing terms and transfer mechanisms.
  • Railway — US. Transfers are subject to Railway's data processing terms and transfer mechanisms.
  • Polar — EU (Sweden). Subscription billing.
  • Cloudflare — Global. DNS and email routing.
  • Resend — US. Transactional email delivery.

International transfers are governed by each provider's standard transfer mechanisms, including the EU-US Data Privacy Framework where applicable. For details, contact [email protected].

11. Data Storage & Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption in transit — all data is transmitted over TLS 1.2 or higher.
  • Encryption at rest — uploaded documents are encrypted using AES-256 via SSE-S3. Database encryption is managed by our hosting provider (Railway).

For more details on our security practices, see our Security page.

12. Third-Party Processors

We share data with a limited number of third-party service providers who process data on our behalf. Each processor is subject to their standard data processing terms.

For the full list of sub-processors, including their purposes and locations, see our Sub-processors page.

13. Children's Privacy

CandleKeep is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email before the changes take effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.

15. Data Provision Requirements

Providing your name and email address is a contractual requirement necessary to create and maintain your CandleKeep account. Without this data, we cannot provide the service. Document uploads are entirely voluntary. Analytics data collection requires your explicit consent and is never required to use the service.

16. Contact

For any privacy-related questions, data requests, or concerns, contact us at [email protected].