Privacy Policy

Candogram, Inc. — Effective Date: March 8, 2026

Candogram, Inc. ("Candogram," "we," "our," or "us") operates the Candogram platform at www.candogram.com, a job market education system that helps students and professionals discover and match with career opportunities. We are committed to protecting the privacy and security of all users, with particular attention to the protection of student Personally Identifiable Information (PII) in accordance with applicable federal and state law.

This Privacy Policy describes what information we collect, how we use it, who we share it with, and how we protect it. By using our website or creating an account, you agree to the practices described in this policy.

1. Information We Collect

When you create an account and use Candogram, we collect the following personally identifiable information:

  • First name and last name
  • Email address
  • Academic grade level
  • Self-assessment results (skills, preferences, and career interests)
  • Work history
  • Resume (if uploaded)

We may also collect technical information automatically when you use the platform, including IP address, browser type, device type, pages visited, and usage patterns. This information is collected through cookies and analytics tools described in Section 4.

2. How We Use Your Information

Candogram uses the information we collect for the following purposes:

  • To create and manage your account
  • To match you with relevant job and internship opportunities based on your profile
  • To personalize your job market education experience
  • To send transactional emails such as password resets and account notifications
  • To send marketing and educational communications (you may opt out at any time)
  • To analyze and improve platform performance and user experience
  • To comply with legal obligations

We do not sell, rent, or trade your personally identifiable information to third parties for their marketing purposes.

3. How Long We Retain Your Information

We retain your personal information for as long as your account remains active.

Upon account deletion, we permanently delete your personal profile data — including your name, work history, resume, self-assessment results, and all associated content — within 24 hours.

We retain your email address indefinitely solely for the purpose of preventing abuse of our free service, such as repeated account creation to circumvent usage limits. This retained email address is:

  • Not used for marketing or promotional communications
  • Not shared with third parties
  • Stored only in a restricted internal suppression list
  • Available for deletion upon written request to henning.seip@candogram.com where no active abuse concern exists

You may request account deletion at any time through the Delete Account option in your user profile Settings menu. Once your profile data is deleted, it cannot be recovered.

4. Third-Party Services and Data Sharing

Candogram uses a limited number of trusted third-party service providers who may have access to your information solely to perform services on our behalf. These include:

Google (Social Login and Analytics)

We offer Google Sign-In as an authentication option. If you choose to log in with Google, Google may share your name and email address with us in accordance with Google's Privacy Policy. We also use Google Analytics to understand how users interact with our platform. Google Analytics collects anonymized usage data. For more information, see Google's Privacy Policy at https://policies.google.com/privacy.

Mailchimp (Email Marketing)

We use Mailchimp to manage and send marketing and educational email communications. Your email address and name may be shared with Mailchimp for this purpose. You may unsubscribe from marketing emails at any time. For more information, see Mailchimp's Privacy Policy at https://mailchimp.com/legal/privacy/.

Amazon Web Services SES (Transactional Email)

We use Amazon Web Services Simple Email Service (AWS SES) to send transactional emails such as password resets and account notifications. AWS processes your email address to deliver these messages. For more information, see the AWS Privacy Notice at https://aws.amazon.com/privacy/.

We do not share your personal information with any other third parties except as required by law or to protect the rights and safety of Candogram and its users.

5. FERPA Compliance

Candogram recognizes and respects the protections afforded to student education records under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, and its implementing regulations at 34 CFR Part 99.

When Candogram operates as a service provider to educational institutions, we act as a "school official" with a "legitimate educational interest" as defined under FERPA. In this capacity:

  • We use student PII only for the purposes for which it was disclosed — providing job market education and career matching services
  • We do not disclose student education records or PII to unauthorized parties
  • We do not use student PII for advertising or marketing purposes unrelated to the educational service
  • We maintain appropriate technical and administrative safeguards to protect student records
  • We support the rights of students and eligible parents to access, review, and request correction of education records

Educational institutions that partner with Candogram and share student PII with us must execute a Data Sharing Agreement that governs the use and protection of student data in compliance with FERPA.

6. How We Protect Your Information

Candogram implements a comprehensive set of technical and administrative security measures to protect your personal information:

Encryption and Transport Security

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • HTTP Strict Transport Security (HSTS) is enforced to prevent downgrade attacks
  • Data at rest is encrypted using industry-standard encryption

Access Controls

  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • Administrative access to production systems requires multi-factor authentication
  • SSH access to our servers is restricted to authorized IP addresses only

Infrastructure Security

  • Our platform is hosted on Amazon Web Services (AWS), which maintains SOC 2, ISO 27001, and other industry certifications
  • Firewall rules restrict inbound traffic to only necessary ports (80 and 443)
  • Security headers are implemented to protect against common web vulnerabilities including XSS, clickjacking, and content injection

Email Security

  • SPF, DKIM, and DMARC email authentication protocols are implemented to prevent email spoofing
  • DMARC is configured with a reject policy to block unauthorized use of our domain

Monitoring and Response

  • We monitor our systems for security threats and anomalies
  • In the event of a data breach, we will notify affected users and relevant authorities as required by applicable law

7. Cookies and Tracking Technologies

Candogram uses cookies and similar tracking technologies to operate and improve our platform. We use:

  • Essential cookies — required for authentication and core platform functionality
  • Analytics cookies — Google Analytics to understand usage patterns (anonymized)
  • Marketing pixels — Facebook/Meta pixel for measuring the effectiveness of advertising campaigns

You can control cookie settings through your browser. Disabling certain cookies may affect platform functionality. For more information about how Google uses data from our site, visit https://www.google.com/policies/privacy/partners/.

8. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete information
  • Deletion — request permanent deletion of your account and all associated data via Settings > Delete Account
  • Opt-out — unsubscribe from marketing emails at any time via the unsubscribe link in any email
  • Data portability — request your data in a portable format

To exercise any of these rights, contact us using the information in Section 10.

9. Children's Privacy

Candogram's services are intended for users who are 13 years of age or older. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will take steps to delete that information.

10. Contact Information

For privacy-related questions, concerns, or to exercise your rights, please contact:

Henning Seip
CEO and Founder, Candogram, Inc.
Email: henning.seip@candogram.com
Phone: 475-988-5874
Website: www.candogram.com

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website. The effective date at the top of this policy will reflect the date of the most recent update. Your continued use of Candogram after any changes constitutes your acceptance of the updated policy.