top of page

Privacy Policy

Candid Sail — A Service of Bearzenker LLC

Effective Date: March 29, 2026 Last Updated: March 29, 2026

Introduction

Candid Sail ("we," "us," or "our") operates the website candidsail.com and provides AI-powered due diligence report services. This Privacy Policy describes how we collect, use, and protect your information when you use our services.

We believe in keeping things straightforward. We built this service to help you think through ideas, not to monetize your data.

Information We Collect

Account Information. When you create an account, we collect basic identifying information such as your name and email address. Account creation is facilitated through third-party authentication providers (e.g., Google, Facebook). We do not store your authentication credentials.

Report Request Data. When you submit a report request ("brief"), you provide a topic description and optional supporting details. This is the core data our service processes on your behalf.

Payment Information. We collect payment information solely to process your per-report transaction. Credit card data is handled by industry-standard third-party payment processors (e.g., Stripe, Wix Payments). We do not store credit card numbers, CVVs, or other sensitive payment details on our systems. Payment credentials are retained only for the duration of a single transaction and are not saved for future use.

Operational Data. We collect standard web server logs, session identifiers, and operational cookies necessary for the functioning of the site. We do not use tracking cookies, advertising cookies, or any analytics cookies beyond what is required for basic site operation.

How We Use Your Information

Report Generation. Your brief and supporting details are transmitted to third-party AI model providers (such as Anthropic, OpenAI, xAI, etc.) via their enterprise API services for the sole purpose of generating your report. We do not use your data to train AI models. The enterprise API agreements with our upstream providers include commitments not to use submitted data for model training. However, we cannot independently verify or guarantee the internal practices of these third-party providers.

Service Delivery. We use your email address to notify you when your report is ready for retrieval and to communicate about your account or transactions.

Failure Diagnostics. In the event of a system error during report generation, we may review technical failure metrics and error logs. We do not review the content of your brief or report data without your explicit consent. Diagnostic review is limited to operational metadata such as error codes, processing timestamps, and system state — not the substance of your submission.

Data We Do Not Collect or Use

We do not display advertising. Candid Sail does not serve advertisements of any kind. No cookies on this site exist for advertising or ad-targeting purposes. All cookies are strictly operational.

We do not sell your data. We will never sell, rent, or trade your personal information or report data to third parties for marketing, profiling, or any other commercial purpose.

We do not train AI models. Your submissions are not used to train, fine-tune, or improve any AI model, whether ours or any third party's.

Data Security

We take the security of your data seriously and implement the following measures:

Encryption in Transit. All data transmitted between your browser and our servers, and between our servers and third-party AI providers, is encrypted using industry-standard TLS/SSL protocols (end-to-end encryption).

 

Encryption at Rest. Data stored on our systems, including report files and account information, is encrypted at rest using standard encryption methods.

 

Infrastructure Security. Our processing infrastructure is hosted with major cloud providers that maintain SOC 2, ISO 27001, and other relevant security certifications. We apply security patches, restrict access to production systems, and follow established practices for key management and access control.

 

Honest Limitations. While we work to maintain strong cybersecurity practices, no system is perfectly secure. We cannot foresee or guarantee protection against all future threats, vulnerabilities, or attack methods. We commit to responding promptly and transparently in the event of any security incident that affects your data.

Third-Party Services

Our service relies on third-party providers to function. These include:

 

AI Model Providers. Your brief content is transmitted to AI providers via their enterprise APIs. These providers have their own privacy policies and data handling practices. While their enterprise API terms generally include commitments not to train on customer data, we are not in a position to guarantee the internal data practices of upstream services.

 

Payment Processors. Payment transactions are handled entirely by PCI-DSS compliant third-party processors. We do not have access to your full credit card details.

 

Website Platform. Our website is hosted on industry leading e-commerce provider, which has its own privacy practices governing the hosting infrastructure and authentication services.

We encourage you to review the privacy policies of these third-party services.

Data Retention

Report Data. We retain completed reports only long enough to facilitate your retrieval. Once you have downloaded your report, we do not maintain copies beyond standard backup cycles unless retention is required by applicable United States law.

 

Account Data. Basic account information is retained while your account remains active. You may request deletion of your account and associated data at any time.

 

Legal Requirements. We may retain certain data if required to do so by applicable U.S. federal or state law, regulation, or valid legal process. In such cases, retention is limited to what is legally required and for the minimum duration mandated.

Your Rights

You may, at any time:

  • Request a copy of the personal data we hold about you.

  • Request correction of inaccurate personal data.

  • Request deletion of your account and associated data.

  • Withdraw consent for any optional data processing.

 

To exercise any of these rights, contact us at the address below.

Children's Privacy

Candid Sail is a business-oriented service and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will take steps to delete that information promptly.

Prohibited Content Reminder

As a condition of using this service, you agree not to submit personally identifiable information (PII) about third parties, or content that is criminal, sexualized, or related to gambling or predictive markets. Detailed terms are provided in our Terms of Service.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of the service after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact: 

This privacy policy is provided for informational purposes and does not constitute legal advice. We recommend consulting with a qualified attorney for legal review of privacy policies and compliance obligations.

bottom of page