Privacy Policy — CareerTryOut

Last updated: 2026-05-07

CareerTryOut is a career-exploration game for users aged 14 and older. We take privacy seriously, especially for our youngest users — most of whom are minors in their jurisdictions. This page explains, in plain language, what we collect, why, who we share it with, and how you control it.

If you have questions, email contact@careertryout.com.

1. Who we are

KDEP Enterprise, LLC is a Florida-based company focused on building innovative experiences across gaming, education, and entertainment. We combine creativity, technology, and artificial intelligence to develop engaging digital products that inspire learning, creativity, collaboration, and fun for people of all ages.

Our mission is to create modern interactive platforms, mobile applications, games, and intelligent digital experiences that empower users to explore, learn, create, and connect in meaningful ways. We believe technology should not only entertain, but also educate and unlock human potential.

KDEP Enterprise, LLC operates at the intersection of:

Interactive Gaming
Educational Technology (EdTech)
Digital Entertainment
Artificial Intelligence
Mobile and Cloud Applications
Creative Media and Storytelling

We are passionate about designing experiences that are immersive, scalable, inclusive, and future-ready. Our vision includes developing next-generation gaming platforms, educational simulations, AI-powered learning experiences, creator ecosystems, and entertainment applications that blend creativity with emerging technologies.

As a Florida company, KDEP Enterprise, LLC is committed to innovation, integrity, continuous learning, and delivering high-quality digital solutions that positively impact users, communities, and businesses worldwide.

For the purposes of GDPR, KDEP Enterprise, LLC acts as the data controller for the data described below. We host all application data in AWS us-east-1.

2. What we collect

We only collect data that the app needs to function. Below is the full inventory by category, derived directly from our database schema.

2.1 Account & identity

When you sign in via Google, Facebook, or Apple, we receive and store:

Your OAuth provider name (google, facebook, or apple) and the provider-issued subject identifier (a stable opaque ID — not your Google/Facebook/Apple password)
Your email address (from the OAuth provider, if you grant the scope). For Apple Sign-In, this may be a private relay address (*.privaterelay.appleid.com) if you chose "Hide My Email" — Apple forwards mail to your real address without revealing it to us
Your display name (provider-supplied) and avatar URL for Google and Facebook. Apple does not provide an avatar URL and only shares the name on your first sign-in
A randomly-generated internal player id (CUID), distinct from any provider id
An age band you self-select at onboarding (14–17, 18–23, 24–30, 31+) — never an exact birthdate
An auto-generated friend code so other users can connect to you

We never receive or store your Google, Facebook, or Apple password.

2.2 Authentication

A session key (random opaque string, hashed before storage) issued on sign-in
A refresh token that lets the app silently re-issue session keys without re-prompting you
An optional device id the app sends so you can list and revoke individual devices
The timestamp of your last activity, for security monitoring

We never see or store the contents of your device's keychain or biometric data.

2.3 Gameplay & progress

Which careers you explore and which you favorite
Which missions you start, complete, or drop, and the scores you achieve
XP, badges, and skill points you earn
Daily / weekly / monthly challenge participation and rankings
A streak counter (consecutive days played)

2.4 Activity logs

We log specific in-app events — for example mission completions, badge unlocks, friend additions, and login events — with a timestamp, the event type, and a small numeric score. These logs power the activity timeline on your dashboard, your level progression, and the leaderboards.

We do not log every screen you view, every tap, or your scroll behavior.

2.5 Social

If you use the friends feature, we store the link between your player id and your friends' player ids, plus the request status (pending / accepted). This is the only social data we collect — there is no chat, no comments, no public profile beyond your display name and avatar.

2.6 App diagnostics

When the app encounters a non-fatal background error (e.g. a sync failure), it sends us a diagnostic report containing:

The app version
The platform (iOS / Android)
A short error message and stack trace
Optionally, your player id (so we can correlate the report to your account if you ask for help)

These reports go to our server-side logs (CloudWatch) and are retained for 30 days.

2.7 Local-only data

The app stores a read-only catalog cache (career and mission content) and your session tokens in the device's secure storage. This data stays on your device and is wiped when you uninstall the app or sign out.

3. What we don't collect

We deliberately do not collect:

Your exact location or GPS coordinates
Your contacts, photos, microphone, camera, or any device sensors
Your browsing history outside the app
Behavioural advertising profiles
Biometric data
Health, financial, or any "special category" personal data under GDPR

4. How we use your data

We use the data above only to:

Authenticate you — keep you signed in, let you sign out everywhere
Run the game — track your progress, unlock content, calculate leaderboards
Connect you with friends — only after you both opt in
Diagnose issues — read error reports to find and fix bugs
Comply with the law — respond to lawful requests when required

We do not use your data to:

Train AI models
Build advertising profiles
Sell to third parties
Target you across other apps or websites

5. Who we share it with

Recipient	What	Why
Google (sign-in only)	Your Google account email + name + avatar	OAuth handshake when you choose "Continue with Google"
Facebook (Meta) (sign-in only)	Your Facebook account email + name + avatar	OAuth handshake when you choose "Continue with Facebook"
Apple (sign-in only)	Your Apple ID subject identifier + email (real or private-relay) + name on first sign-in	OAuth handshake when you choose "Sign in with Apple"
AWS (US East 1)	All app data, encrypted at rest	Hosts our database and API servers
Expo	Build artifacts and crash diagnostics for the app itself	App build infrastructure and over-the-air updates

We do not share your data with any other third parties. We never sell or rent personal data.

6. Children & teens (14–17 band)

Users in our 14–17 age band are minors in most jurisdictions and we apply extra protections:

No advertising of any kind in the current release. When ads are added in a future release, they will be contextual only — based on the app context, not on profiles built from past behavior — and child-directed flags will be enabled for users in the 14–17 band. This privacy policy will be updated before any ad code ships.
No public profiles, chat, or open social discovery. Friends must be added by mutual consent via friend code. There is no public username search.
Parental rights. A parent or legal guardian of a 14–17-year-old user may email us at the address above to (1) review their child's data, (2) ask for it to be corrected, or (3) ask for the account to be deleted. We respond within 30 days.
GDPR-K (EU/UK). In the EU and UK we treat consent as parentally approved when the user is under 16 (or the local cut-off — Germany 16, France 15, etc.). The age band you select determines which path applies.
COPPA (US). The app is not directed at children under 13 and we do not knowingly collect data from children under 13. If we discover such data we delete it immediately.

We are not in Apple's "Made for Kids" category or Google's "Designed for Families" program because our youngest users are 14, not 12.

7. How long we keep it

Data	Retention
Account & profile	Until you delete the account
Session keys / refresh tokens	Auto-expire after 30 days of inactivity
Gameplay progress	Until you delete the account
Activity logs	90 days, then aggregated and source rows deleted
Diagnostic error reports	30 days
Anonymized aggregate statistics	Indefinitely (no personal data)

When you delete your account we delete all rows tied to your player id in the same database transaction. The deletion cascades to sessions, refresh tokens, friendships, social accounts, mission progress, badges, skills, favorites, and activity logs.

8. Your rights

Wherever you are, you may:

Access — get a copy of all data we hold about you
Correct — fix inaccurate data
Delete — close your account and have your data deleted
Export — receive your data in a machine-readable format (JSON)
Object — refuse processing for any reason

In the EU, UK, and California you also have the right to lodge a complaint with your local supervisory authority (e.g. ICO in the UK, CNIL in France, your state attorney general in the US).

To exercise any of these, email contact@careertryout.com with the email address tied to your account. We respond within 30 days.

9. Security

All traffic to our servers uses HTTPS / TLS 1.2+ with valid Let's Encrypt certificates
Session keys are hashed before storage (we never see the plaintext)
Refresh tokens use a rotation chain — reusing a stolen token invalidates the entire session family
Database encryption at rest (AES-256, AWS-managed keys)
The app refuses to talk to non-HTTPS endpoints in production builds

No system is perfectly secure. If we learn of a breach affecting your data, we notify affected users within 72 hours by email and post a notice in the app.

10. International transfers

Our servers are in the United States (AWS us-east-1). If you are in the EEA, UK, or Switzerland, your data is transferred to the US under the appropriate Standard Contractual Clauses (SCCs) with our processors (AWS, Google, Facebook).

11. Changes to this policy

We may update this page when our data practices change (e.g. new features, new processors). The "Last updated" date at the top changes when we do. Material changes will trigger an in-app notice the next time you open the app.

12. Contact

Email: contact@careertryout.com
Apple Developer Team: KDEP Enterprise, LLC
Bundle ID / Package: com.careertryout.app

This policy is provided as a starting point. Have it reviewed by a qualified privacy lawyer in your jurisdiction before public release. GDPR / COPPA / CCPA enforcement decisions are jurisdiction-specific.