Privacy Policy — CareerTryOut
Last updated: 2026-05-07
CareerTryOut is a career-exploration game for users aged 14 and older. We take privacy seriously, especially for our youngest users — most of whom are minors in their jurisdictions. This page explains, in plain language, what we collect, why, who we share it with, and how you control it.
If you have questions, email contact@careertryout.com.
1. Who we are
KDEP Enterprise LLC is a Florida-based company focused on building innovative experiences across gaming, education, and entertainment. We combine creativity, technology, and artificial intelligence to develop engaging digital products that inspire learning, creativity, collaboration, and fun for people of all ages.
Our mission is to create modern interactive platforms, mobile applications, games, and intelligent digital experiences that empower users to explore, learn, create, and connect in meaningful ways. We believe technology should not only entertain, but also educate and unlock human potential.
KDEP Enterprise LLC operates at the intersection of:
- Interactive Gaming
- Educational Technology (EdTech)
- Digital Entertainment
- Artificial Intelligence
- Mobile and Cloud Applications
- Creative Media and Storytelling
We are passionate about designing experiences that are immersive, scalable, inclusive, and future-ready. Our vision includes developing next-generation gaming platforms, educational simulations, AI-powered learning experiences, creator ecosystems, and entertainment applications that blend creativity with emerging technologies.
As a Florida company, KDEP Enterprise LLC is committed to innovation, integrity, continuous learning, and delivering high-quality digital solutions that positively impact users, communities, and businesses worldwide.
For the purposes of GDPR, KDEP Enterprise LLC acts as the data controller for the data described below. We host all application data in AWS us-east-1.
2. What we collect
We only collect data that the app needs to function. Below is the full inventory by category, derived directly from our database schema.
2.1 Account & identity
When you sign in via Google, Facebook, or Apple, we receive and store:
- Your OAuth provider name (
google,facebook, orapple) and the provider-issued subject identifier (a stable opaque ID — not your Google/Facebook/Apple password) - Your email address (from the OAuth provider, if you grant the scope). For Apple Sign-In, this may be a private relay address (
*.privaterelay.appleid.com) if you chose "Hide My Email" — Apple forwards mail to your real address without revealing it to us - Your display name (provider-supplied) and avatar URL for Google and Facebook. Apple does not provide an avatar URL and only shares the name on your first sign-in
- A randomly-generated internal player id (CUID), distinct from any provider id
- An age band you self-select at onboarding (14–17, 18–23, 24–30, 31+) — never an exact birthdate
- An auto-generated friend code so other users can connect to you
We never receive or store your Google, Facebook, or Apple password.
2.2 Authentication
- A session key (random opaque string, hashed before storage) issued on sign-in
- A refresh token that lets the app silently re-issue session keys without re-prompting you
- An optional device id the app sends so you can list and revoke individual devices
- The timestamp of your last activity, for security monitoring
We never see or store the contents of your device's keychain or biometric data.
2.3 Gameplay & progress
- Which careers you explore and which you favorite
- Which missions you start, complete, or drop, and the scores you achieve
- XP, badges, and skill points you earn
- Daily / weekly / monthly challenge participation and rankings
- A streak counter (consecutive days played)
2.4 Activity logs
We log specific in-app events — for example mission completions, badge unlocks, friend additions, and login events — with a timestamp, the event type, and a small numeric score. These logs power the activity timeline on your dashboard, your level progression, and the leaderboards.
We do not log every screen you view, every tap, or your scroll behavior.
2.5 Social
If you use the friends feature, we store the link between your player id and your friends' player ids, plus the request status (pending / accepted). This is the only social data we collect — there is no chat, no comments, no public profile beyond your display name and avatar.
2.6 App diagnostics
When the app encounters a non-fatal background error (e.g. a sync failure), it sends us a diagnostic report containing:
- The app version
- The platform (iOS / Android)
- A short error message and stack trace
- Optionally, your player id (so we can correlate the report to your account if you ask for help)
These reports go to our server-side logs (CloudWatch) and are retained for 30 days.
2.7 Local-only data
The app stores a read-only catalog cache (career and mission content) and your session tokens in the device's secure storage. This data stays on your device and is wiped when you uninstall the app or sign out.
3. What we don't collect
We deliberately do not collect:
- Your exact location or GPS coordinates
- Your contacts, photos, microphone, camera, or any device sensors
- Your browsing history outside the app
- Behavioural advertising profiles
- Biometric data
- Health, financial, or any "special category" personal data under GDPR
4. How we use your data
We use the data above only to:
- Authenticate you — keep you signed in, let you sign out everywhere
- Run the game — track your progress, unlock content, calculate leaderboards
- Connect you with friends — only after you both opt in
- Diagnose issues — read error reports to find and fix bugs
- Comply with the law — respond to lawful requests when required
We do not use your data to:
- Train AI models
- Build advertising profiles
- Sell to third parties
- Target you across other apps or websites
5. Who we share it with
| Recipient | What | Why |
|---|---|---|
| Google (sign-in only) | Your Google account email + name + avatar | OAuth handshake when you choose "Continue with Google" |
| Facebook (Meta) (sign-in only) | Your Facebook account email + name + avatar | OAuth handshake when you choose "Continue with Facebook" |
| Apple (sign-in only) | Your Apple ID subject identifier + email (real or private-relay) + name on first sign-in | OAuth handshake when you choose "Sign in with Apple" |
| AWS (US East 1) | All app data, encrypted at rest | Hosts our database and API servers |
| Expo | Build artifacts and crash diagnostics for the app itself | App build infrastructure and over-the-air updates |
We do not share your data with any other third parties. We never sell or rent personal data.
6. Children & teens (14–17 band)
Users in our 14–17 age band are minors in most jurisdictions and we apply extra protections:
- No advertising of any kind in the current release. When ads are added in a future release, they will be contextual only — based on the app context, not on profiles built from past behavior — and child-directed flags will be enabled for users in the 14–17 band. This privacy policy will be updated before any ad code ships.
- No public profiles, chat, or open social discovery. Friends must be added by mutual consent via friend code. There is no public username search.
- Parental rights. A parent or legal guardian of a 14–17-year-old user may email us at the address above to (1) review their child's data, (2) ask for it to be corrected, or (3) ask for the account to be deleted. We respond within 30 days.
- GDPR-K (EU/UK). In the EU and UK we treat consent as parentally approved when the user is under 16 (or the local cut-off — Germany 16, France 15, etc.). The age band you select determines which path applies.
- COPPA (US). The app is not directed at children under 13 and we do not knowingly collect data from children under 13. If we discover such data we delete it immediately.
We are not in Apple's "Made for Kids" category or Google's "Designed for Families" program because our youngest users are 14, not 12.
7. How long we keep it
| Data | Retention |
|---|---|
| Account & profile | Until you delete the account |
| Session keys / refresh tokens | Auto-expire after 30 days of inactivity |
| Gameplay progress | Until you delete the account |
| Activity logs | 90 days, then aggregated and source rows deleted |
| Diagnostic error reports | 30 days |
| Anonymized aggregate statistics | Indefinitely (no personal data) |
When you delete your account we delete all rows tied to your player id in the same database transaction. The deletion cascades to sessions, refresh tokens, friendships, social accounts, mission progress, badges, skills, favorites, and activity logs.
8. Your rights
Wherever you are, you may:
- Access — get a copy of all data we hold about you
- Correct — fix inaccurate data
- Delete — close your account and have your data deleted (see Delete your account)
- Export — receive your data in a machine-readable format (JSON)
- Object — refuse processing for any reason
In the EU, UK, and California you also have the right to lodge a complaint with your local supervisory authority (e.g. ICO in the UK, CNIL in France, your state attorney general in the US).
To exercise any of these, email contact@careertryout.com with the email address tied to your account. We respond within 30 days.
9. Security
- All traffic to our servers uses HTTPS / TLS 1.2+ with valid Let's Encrypt certificates
- Session keys are hashed before storage (we never see the plaintext)
- Refresh tokens use a rotation chain — reusing a stolen token invalidates the entire session family
- Database encryption at rest (AES-256, AWS-managed keys)
- The app refuses to talk to non-HTTPS endpoints in production builds
No system is perfectly secure. If we learn of a breach affecting your data, we notify affected users within 72 hours by email and post a notice in the app.
10. International transfers
Our servers are in the United States (AWS us-east-1). If you are in the EEA, UK, or Switzerland, your data is transferred to the US under the appropriate Standard Contractual Clauses (SCCs) with our processors (AWS, Google, Facebook).
11. Changes to this policy
We may update this page when our data practices change (e.g. new features, new processors). The "Last updated" date at the top changes when we do. Material changes will trigger an in-app notice the next time you open the app.
12. Contact
- Email: contact@careertryout.com
- Apple Developer Team: Etienne Paul (Individual),
2FM688W375 - Bundle ID / Package:
com.careertryout.app