Privacy Policy

CareerLinc Inc ("CareerLinc Inc," "us," "we," or "our") owns and operates LINC Pro, a career development and assessment platform (the "Services") made available to educational institutions, vocational rehabilitation agencies, workforce development programs, and other organizations ("Customers"). This Services Privacy Policy describes how we collect, use, and disclose Personal Information during your use of our Services, as well as your rights regarding your Personal Information.

In this Services Privacy Policy, users of the Services typically include students, job seekers, educators, career counselors, vocational rehabilitation counselors, and organizational administrators. We refer to all users collectively as "you" or "your." When we refer to "Personal Information," we mean information that identifies, describes, or relates to an identified or identifiable individual.

By accessing or using the Services, you acknowledge that you have read and understood this Services Privacy Policy. In addition to this Services Privacy Policy, your privacy is further governed by our Terms of Service.

1. Personal Information We Collect

Account Information

When you create an account or when a Customer creates an account on your behalf, we collect:

• First and last name
• Email address
• Password (encrypted and stored securely by our authentication provider)
• Organization affiliation (school, agency, or program name)

Assessment Data

When you complete career assessments through the Services, we collect:

• O*NET Interest Profiler responses and RIASEC scores (Realistic, Investigative, Artistic, Social, Enterprising, Conventional)
• Skills Inventory responses, including proficiency levels and enjoyment ratings
• Results from other career development assessments made available through the Services
• Assessment completion timestamps and session information

AI Coaching Conversations

When you interact with Linc, our AI career coaching assistant, we collect:

• Conversation messages (your questions and Linc's responses)
• Conversation timestamps
• Context references to your assessment results used to personalize responses

Career Exploration Data

As you explore careers through the Services, we collect:

• Saved careers and occupations of interest
• Saved insights from AI coaching conversations
• Career profile information you choose to provide

Automatically Collected Information

As you use our Services, we automatically collect certain technical information:

• Device information (browser type, operating system)
• Log data (access times, pages viewed, features used)
• Session cookies necessary for authentication and platform functionality
• Anonymous usage data (page views and navigation patterns) to improve the Services — this data is not linked to your identity or account

We use this information to maintain security, improve the Services, diagnose technical issues, and support platform functionality. Analytics data is used solely for product improvement and is not used for advertising or cross-site tracking.

2. Information We Do NOT Collect

LINC Pro is a career development platform, not a healthcare application. We explicitly do NOT collect:

• Protected Health Information (PHI) — We do not collect, store, or process medical records, health conditions, diagnoses, treatment plans, medication information, mental health records, or any other information that constitutes PHI as defined under HIPAA. The platform is not designed to create, receive, maintain, or transmit PHI.
• Social Security Numbers
• Financial account information (credit cards, bank accounts)
• Biometric data
• Precise geolocation data

If health-related information is shared during AI coaching conversations, our system is designed to redirect those conversations to appropriate professional resources rather than engage with such information.

3. Children's Privacy

The Services are intended for users who are at least 14 years of age. We do not knowingly collect Personal Information from children under 14. If you are under 14, you may not use the Services.

If we learn that we have collected Personal Information from a child under 14, we will take steps to delete that information as quickly as possible. If you believe we have inadvertently collected information from a child under 14, please contact us immediately at support@lincpro.app.

For users between 14 and 18 years of age, consent from a parent, guardian, or authorized educational institution is required prior to use of the Services. When the Services are provided through an educational institution, the institution is responsible for obtaining any required parental consent in accordance with applicable law, including FERPA.

4. Family Educational Rights and Privacy Act (FERPA)

When our Customers are educational institutions subject to the Family Educational Rights and Privacy Act ("FERPA"), they agree in their contract with CareerLinc Inc to designate us as a "school official" with a "legitimate educational interest" in providing the Services, as those terms are used in FERPA (34 CFR § 99.31(a)(1)).

In these contexts, we agree to:

• Use education records only for the purposes for which the disclosure was made;
• Not disclose education records to third parties except as required by law or authorized by the Customer;
• Comply with all applicable FERPA requirements regarding the protection of education records.

Parents or eligible students who wish to access, review, or request correction of education records should contact their educational institution directly.

5. How We Use Personal Information

We use the Personal Information we collect to:

• Provide the Services: Create and manage your account, deliver career assessments, generate personalized AI coaching responses, and enable career exploration features.
• Personalize your experience: Tailor career recommendations and coaching guidance based on your assessment results and expressed interests.
• Support Customers: Enable advisors and administrators to support your career development journey when authorized by your organization.
• Improve our Services: Analyze usage patterns (in aggregate) to enhance features and user experience.
• Communicate with you: Send service-related notifications, respond to inquiries, and provide technical support.
• Ensure security: Monitor for and prevent fraudulent, unauthorized, or illegal activity.
• Comply with legal obligations: Meet our contractual and legal requirements.

6. How We Share Personal Information

We may share Personal Information in the following circumstances:

• With your Customer organization: When you use the Services through an educational institution, agency, or other organization that has a direct agreement with us ("Customer"), any information you share with us — including assessment results, AI coaching conversations, career exploration data, and work-based learning records — may be viewable by authorized advisors, educators, counselors, and administrators within that organization. If you are an advisor, educator, or staff member using the Services through a Customer, other authorized staff members within your organization may see your professional information (such as your name, role, email address, and caseload assignments) to facilitate coordination and communication within the organization. The scope of visibility is determined by the role-based access controls configured by your organization's administrator.
• With service providers: We share information with trusted third-party vendors who assist us in operating the Services (see Section 7 below).
• For legal compliance: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: Your Personal Information may be transferred to a third party in the event that CareerLinc Inc: (i) merges with or is acquired by another business entity; (ii) sells all or substantially all of its assets; (iii) is adjudicated bankrupt; or (iv) is liquidated or otherwise reorganized. In such an event, we will notify affected Customers and, where required by law, provide you with the opportunity to consent to or opt out of the transfer of your Personal Information.
• With researchers: On occasion, we may work with qualified researchers to analyze the impact and effectiveness of our programs (for example, measuring career development outcomes for workforce or educational initiatives). Prior to providing any researcher or research partner with any Personal Information, we will: (a) obtain written assurances that they will safeguard it in accordance with this Privacy Policy and applicable law; (b) anonymize or de-identify Personal Information whenever possible so that individuals cannot be identified; and (c) seek your opt-in consent if we are required to disclose identifiable Personal Information to researchers. Research partners are prohibited from using any data for purposes unrelated to the approved research scope, and from attempting to re-identify de-identified data.
• With your consent: We may share information for other purposes with your explicit consent.

We do not sell, rent, or trade your Personal Information to third parties for marketing, advertising, or any other commercial purpose unrelated to providing the Services.

7. Service Providers

We work with the following categories of service providers who may process Personal Information on our behalf:

• Clerk — Authentication and user account management
• Neon (PostgreSQL) — Database hosting and data storage
• Anthropic — AI services for the Linc career coaching assistant (configured with zero data retention)
• ElevenLabs — Text-to-speech voice synthesis for interactive learning games (e.g., HireQuest). Only the text necessary for game audio narration and character dialogue is shared with ElevenLabs; no Personal Information is transmitted. Read-aloud features in assessments and other areas of the platform use your browser's built-in speech synthesizer, which runs locally on your device and does not send data to any external service.
• OpenAI — Text-to-speech voice synthesis for Linc's guided audio mode. Only the text of Linc's responses is sent to OpenAI for voice generation; no Personal Information is transmitted.
• Resend — Transactional email delivery
• Netlify — Web hosting and content delivery
• Wasabi Storage — Secure document and form storage
• Cloudflare R2 — Media and portfolio file storage for learning management features

We maintain appropriate contractual safeguards with service providers who process data on our behalf. For providers that store or process Personal Information (including our database and AI services), these agreements establish security standards that meet or exceed requirements under applicable privacy regulations, including FERPA where applicable.

8. AI Services and Data Processing

Our AI career coaching assistant (Linc) is powered by Anthropic's Claude AI. We have configured our integration with Anthropic to use zero-retention settings, meaning:

• Your conversation data is processed by Anthropic solely to generate responses during your session
• Anthropic does not retain your conversation data after processing
• Your conversations are not used to train AI models

We store conversation history in our own database to provide continuity in your career coaching experience and to enable advisors to support your development when authorized.

9. Cookies and Browser Storage

We use cookies and browser storage technologies for authentication and platform functionality. We do not use cookies for advertising, cross-site tracking, or analytics purposes. Our product analytics operate in anonymous, memory-only mode and do not set persistent cookies.

Authentication Cookies

Our authentication provider (Clerk) sets HTTP-only, Secure cookies that are required for:

• Session authentication: Maintaining your logged-in state as you navigate the platform
• CSRF protection: Preventing cross-site request forgery attacks
• User identification: Associating your browser session with your authenticated account

These cookies are classified as "strictly necessary" and cannot be disabled without preventing access to the Services. They do not track you across other websites or for advertising purposes.

Browser Local Storage

We use your browser's local storage to save non-sensitive user interface preferences, including:

• View mode preferences (e.g., grid vs. list layout)
• Collapsed or expanded states of interface sections
• Notification prompt dismissal status

This data remains on your device, is not transmitted to our servers, and contains no Personal Information.

Offline Storage

For work-based learning features, we use your browser's IndexedDB to enable offline functionality. Data stored offline (such as hour logs and reflections) is synced to our servers when your internet connection is restored and is subject to the same protections as all other data in the Services.

What We Do NOT Use

• No advertising or tracking pixels
• No social media tracking cookies
• No cross-site tracking technologies
• No cookies for targeted advertising or behavioral profiling

10. Data Retention

We retain Personal Information according to the following schedule:

User and Educational Data

• Account information: Retained while your account is active or as needed to provide Services.
• Assessment results and sessions: Retained for the duration of the account as educational records.
• AI coaching conversations: Retained for the duration of the account to support career development continuity.
• Career exploration data: Retained for the duration of the account.
• Work-based learning hour logs: Retained for the duration of the account as workforce compliance records.
• Learning management activity: Retained for the duration of the account as educational records.

Operational Data

• Audit logs: Retained for 2 years (730 days), then automatically deleted.
• Security event logs: Retained for 2 years (730 days), then automatically deleted.
• Email delivery logs: Retained for 1 year (365 days), then automatically deleted.
• Expired invitations: Retained for 1 year after expiration, then automatically deleted.
• Rate limiting records: Retained for 60 minutes, then automatically deleted.
• Temporary caches: Retained for up to 90 days, then automatically deleted.
• Billing event records: Retained permanently as required for financial audit purposes.

Data Deletion

• Customer-directed deletion: We delete user Personal Information within 30 days of a written request from the Customer.
• Contract termination: Upon termination of a Customer's agreement, we will return or delete Customer data as directed, typically within 90 days.
• De-identified data: We may retain de-identified, aggregated data for research and service improvement purposes.

11. Security

We implement industry-standard security measures to protect your Personal Information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest (AES-256)
• Secure authentication with encrypted password storage
• Role-based access controls
• Rate limiting across all API endpoints
• Automated security event monitoring and brute-force detection
• Regular security assessments
• Comprehensive audit logging of data access

Our database infrastructure employs encryption, access controls, and security protocols consistent with industry best practices. Our AI services are configured with zero data retention to minimize data exposure. Financial data stored in our systems is encrypted at the application level using industry-standard cryptographic methods.

While we strive to protect your information, no method of transmission over the Internet is completely secure. If you suspect a security incident or believe your credentials have been compromised, please contact us immediately at support@lincpro.app.

12. Your Rights

Depending on your location, you may have certain rights regarding your Personal Information:

• Right to Access: Request a copy of the Personal Information we hold about you.
• Right to Correction: Request correction of inaccurate Personal Information.
• Right to Deletion: Request deletion of your Personal Information, subject to legal retention requirements.
• Right to Portability: Request your data in a machine-readable format.
• Right to Restrict Processing: Request that we limit how we use your data (this may affect your ability to use the Services).

How to Exercise Your Rights

If you are using the Services through an educational institution or organization, please contact your school or organization to exercise your rights, and we will work with them to fulfill your request.

You may also contact us directly at the information provided below. We will respond to requests within the timeframes required by applicable law.

13. State Privacy Laws

This section provides additional disclosures and rights for residents of states with comprehensive privacy legislation. These disclosures supplement the information provided elsewhere in this Privacy Policy.

13.1 California (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

• Right to Know: You may request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of your Personal Information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate Personal Information.
• Right to Opt-Out of Sale or Sharing: You have the right to opt out of the "sale" or "sharing" of your Personal Information for cross-context behavioral advertising. However, we do not sell or share your Personal Information as those terms are defined under the CCPA/CPRA.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive Personal Information. We only use sensitive Personal Information for purposes permitted under the CCPA/CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of Personal Information:

• Identifiers: Name, email address, account credentials, organization affiliation
• Internet or network activity: Log data, pages viewed, features used, browser type, and anonymous navigation patterns
• Professional or employment-related information: Career interests, skills assessments, work-based learning records
• Education information: Assessment results, learning management activity, career exploration data
• Inferences: Career interest profiles (RIASEC scores) derived from assessment responses

Categories of Personal Information Disclosed

In the preceding 12 months, we have disclosed the following categories of Personal Information to service providers for business purposes:

• Identifiers — shared with our authentication provider, database host, and email delivery service to operate the Services

Personal Information is shared only with service providers acting on our behalf (see Section 7) and with Customer organizations as described in Section 6. We have not disclosed Personal Information to third parties for any purpose other than providing and improving the Services.

Sale and Sharing of Personal Information

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization through a signed written authorization or a power of attorney. We may also require you to verify your own identity directly.

13.2 Virginia (VCDPA)

If you are a Virginia resident, you have the following rights under the Virginia Consumer Data Protection Act ("VCDPA"):

• Right to Access: Confirm whether we are processing your Personal Information and access that data.
• Right to Correct: Correct inaccuracies in your Personal Information.
• Right to Delete: Delete your Personal Information.
• Right to Data Portability: Obtain a copy of your Personal Information in a portable, readily usable format.
• Right to Opt Out: Opt out of the processing of your Personal Information for targeted advertising, sale, or profiling. We do not engage in any of these activities.

To appeal a decision regarding your privacy rights request, contact us at support@lincpro.app with the subject line "VCDPA Appeal."

13.3 Colorado (CPA)

If you are a Colorado resident, you have the following rights under the Colorado Privacy Act ("CPA"):

• Right to Access: Confirm whether we are processing your Personal Information and access that data.
• Right to Correct: Correct inaccuracies in your Personal Information.
• Right to Delete: Delete your Personal Information.
• Right to Data Portability: Obtain a copy of your Personal Information in a portable format.
• Right to Opt Out: Opt out of the processing of your Personal Information for targeted advertising, sale, or certain profiling. We do not engage in any of these activities.

To appeal a decision regarding your privacy rights request, contact us at support@lincpro.app with the subject line "CPA Appeal."

13.4 Connecticut (CTDPA)

If you are a Connecticut resident, you have the following rights under the Connecticut Data Privacy Act ("CTDPA"):

• Right to Access: Confirm whether we are processing your Personal Information and access that data.
• Right to Correct: Correct inaccuracies in your Personal Information.
• Right to Delete: Delete your Personal Information.
• Right to Data Portability: Obtain a copy of your Personal Information in a portable format.
• Right to Opt Out: Opt out of the processing of your Personal Information for targeted advertising, sale, or profiling. We do not engage in any of these activities.

To appeal a decision regarding your privacy rights request, contact us at support@lincpro.app with the subject line "CTDPA Appeal."

13.5 Other States

Additional states, including Texas, Oregon, Montana, Utah, Iowa, Indiana, Tennessee, and others, have enacted or are enacting consumer privacy legislation. While specific requirements vary, we are committed to honoring the spirit of these laws. If you are a resident of any state with applicable privacy legislation, you may exercise your rights by contacting us at the information provided in Section 17.

13.6 How to Submit a Request

To exercise any of the rights described in this section, you may contact us at:

• Email: support@lincpro.app
• Mail: CareerLinc Inc, 1350 Avenue of the Americas, 2nd Floor, New York, NY 10019

We will verify your identity before processing your request. If you are using the Services through an organization, we may direct you to your organization to fulfill your request. We will respond to verified requests within the timeframes required by applicable law (typically 45 days, with extensions available where permitted).

14. Where Is Your Data Stored?

Our Services are designed for users located in the United States, and we maintain our primary operations in the United States. Personal Information collected through the Services is processed and stored in databases located in the United States.

Our third-party service providers may process or store data in locations outside the United States (for example, content delivery networks that operate globally, or service providers with infrastructure in the European Union) when providing services on our behalf. All such providers are subject to the contractual safeguards described in Section 7.

If you are accessing the Services from outside the United States, please be aware that your Personal Information will be transferred to, stored, and processed in the United States. The data protection and privacy laws of the United States may differ from those in your country of residence. By accessing or using the Services, you consent to the transfer and processing of your Personal Information in the United States.

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, we will ensure that any cross-border transfers of your Personal Information are conducted in compliance with applicable data protection laws, including the use of appropriate safeguards such as Standard Contractual Clauses where required.

15. Third-Party Links

Our Services may contain links to third-party websites, including career information resources such as O*NET. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites you visit.

16. Updates to This Privacy Policy

We may update this Services Privacy Policy from time to time. If we make material changes, we will notify Customers and, where required by law, request consent. The "Last Updated" date at the top of this policy indicates when it was last revised.

17. Contact Us

If you have questions about this Services Privacy Policy, want to exercise your rights, or have concerns about our privacy practices, please contact us: