Privacy Policy
How we collect, use, and protect your personal information
Last updated: January 2025
Our Commitment to Privacy
Lincoln Works ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
SOC 2 Compliance
Lincoln Works maintains SOC 2 Type II compliance, demonstrating our commitment to security, availability, and confidentiality. Our controls are independently audited to ensure we meet rigorous security standards.
Information We Collect
Information You Provide
- Account Information: Name, email address, phone number, and password when you create an account
- Profile Information: LinkedIn URL, GitHub URL, skills, certifications, work experience, city, and state
- Application Data: Resume files, personal statements, and other materials submitted during the application process
- Communications: Support tickets, messages, and other correspondence with us
Information Collected Automatically
- Device Information: Browser type, operating system, device identifiers (hashed for privacy)
- Usage Data: Pages visited, features used, timestamps, referring URLs
- Security Information: IP addresses (hashed for privacy), login attempts, session activity
How We Use Your Information
- Provide Services: Process applications, manage accounts, facilitate the apprenticeship program
- Communications: Send important updates, respond to inquiries, provide support
- Security: Protect against fraud, unauthorized access, and other security threats
- Improvement: Analyze usage patterns to improve our services (using anonymized data)
- Legal Compliance: Meet legal obligations and respond to lawful requests
Data Protection Measures
We implement industry-leading security measures to protect your data:
Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields use additional encryption layers.
Password Security
Passwords are hashed using industry-standard algorithms. We never store plain-text passwords.
Access Controls
Role-based access control limits data access to authorized personnel only. All access is logged and audited.
Two-Factor Authentication
Optional 2FA using TOTP apps provides an additional layer of account security.
Additional Security Measures
- Session Management: Secure session tokens with automatic expiration and device fingerprinting
- Rate Limiting: Protection against brute-force and automated attacks
- Audit Logging: Comprehensive logging of all security-relevant events
- IP Hashing: IP addresses are hashed for privacy while maintaining security monitoring
- Secure Headers: Content Security Policy, HSTS, and other security headers to prevent common attacks
Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained while your account is active and for 7 years after closure for legal compliance
- Application Materials: Retained for 3 years after the application process concludes
- Security Logs: Retained for 1 year for security monitoring and incident response
- Analytics Data: Anonymized data may be retained indefinitely for service improvement
Information Sharing
We do not sell your personal information. We may share information in the following circumstances:
- With Your Consent: When you explicitly authorize sharing (e.g., with corporate partners for hiring)
- Service Providers: Trusted vendors who assist in operating our services (under strict confidentiality agreements)
- Legal Requirements: When required by law, court order, or to protect our legal rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
Your Rights
You have the following rights regarding your personal information:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Export: Receive your data in a portable format
- Opt-Out: Unsubscribe from marketing communications
To exercise these rights, contact us at privacy@lincolnworks.us or through your account settings.
Cookies and Tracking
We use essential cookies for authentication and security. We do not use third-party tracking cookies or share data with advertising networks.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Authentication | Maintain your login session | 30 days |
| Security | CSRF protection, session validation | Session |
| Preferences | Remember your settings | 1 year |
Children's Privacy
Our services are intended for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a minor, please contact us immediately.
International Data Transfers
Lincoln Works is based in the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@lincolnworks.us
- Address: Lincoln, Illinois
- Support: Submit a support ticket
Data Protection Officer
For data protection inquiries or to exercise your privacy rights, contact our Data Protection Officer at dpo@lincolnworks.us.
Our Commitment to Security
SOC 2 Ready
Controls designed for SOC 2 Type II compliance
Encrypted
TLS 1.3 in transit, AES-256 at rest
Audited
Comprehensive security logging