ClockIn

Security & Privacy

How we protect students.

Students aged 15-20 use this platform. Many are minors. We take that seriously and we're transparent about exactly how their data is handled. This page is for parents, school administrators, and IT professionals who want specifics — not marketing talk.

At a glance

  • Minimum age to register: 15. Under-15 accounts are blocked at Cognito before any record is created.
  • Personally-identifiable data (names, emails, birthdates, school info) is stored on AWS Aurora in the US-East (Ohio) region. Encrypted at rest. Encrypted in transit.
  • Authentication handled by AWS Cognito. Passwords are never stored by us in any form.
  • No advertising, no data resale, no third-party tracking pixels. Students are the users, not the product.
  • Employers see only what's needed to hire: applicant name, age range, school, and application message. No emails or phone numbers until a student opts in.
  • Full account deletion available from your profile. We honor deletion requests within 30 days, including all historical data.

For students and families

Signing up is free and always will be. You give us your email, a password, your birthdate (so we can confirm you're at least 14), and basic school information. That's it.

Who sees your information

Your profile is not public. Employers only see your information when you apply to their listing — not before, not without your action. Even then, they see a limited view (name, age range, school, your application message). Contact information is shared only after mutual opt-in.

Parent and guardian involvement

For users under 18, Ohio work permit law requires parent or guardian involvement at the actual employer. ClockIn does not currently require pre-registration parental consent (we only collect the minimum needed to connect you with jobs), but we strongly encourage a parent or guardian to be part of your job search — especially for your first position.

If something feels off

Every listing on ClockIn comes from a verified employer. If you encounter a listing, employer, or message that feels wrong — inappropriate, unsafe, or deceptive — email trust@clockin.jobs or use the in-app "Report this listing" option. We investigate reports within 24 hours.

For school and district administrators

We're built to support districts, not replace them. If your district chooses to formally integrate with ClockIn (via a partnership agreement), you get district-level visibility and controls that an individual employer on the platform does not.

FERPA posture

ClockIn is not a school record system. We do not store grades, disciplinary records, IEPs, or any educational records regulated by FERPA. Student-provided information (name, email, birthdate, school name, self-reported grade level) is personal data, not an education record. That said: we operate as a "school official with a legitimate educational interest" posture when integrated with a district, and are willing to sign a Data Processing Agreement that formalizes this relationship.

District-level data access

When a district formally partners with ClockIn, a designated district administrator gets a dashboard showing aggregate and individual-level data for their district's students only. Data is strictly scoped by district at the database layer — one district cannot see another's data, ever.

Data portability and deletion

Districts can export their students' data on demand in CSV or JSON. Students can delete their accounts at any time, and any district-tied data is removed from the district's dashboard immediately. Full backend deletion completes within 30 days.

Want a formal partnership?

Email partnerships@clockin.jobs. We'll send a DPA template, answer procurement questions, and schedule a 30-minute technical walkthrough with your IT lead.

For IT and security professionals

The detail you actually want, in the order you'd ask for it.

Architecture

Web application: Next.js 15 (React Server Components), hosted on Vercel with edge CDN and automatic HTTPS.
API: Fastify (Node.js) running as a Vercel serverless function. Stateless. JWT-authenticated per request.
Database: AWS Aurora Serverless v2 (PostgreSQL 16) in us-east-2. Encrypted at rest (AES-256 via AWS KMS). TLS required for all connections. Daily automated snapshots, 14-day retention in prod.
Identity: AWS Cognito user pool. Passwords never leave Cognito. Optional MFA via TOTP. Enforced password policy: minimum 10 characters with complexity requirements.
File storage: AWS S3 buckets with Block Public Access enforced at bucket and account level. Access via short-lived presigned URLs only.
Secrets: AWS Secrets Manager for backend secrets (Stripe, Resend, DB credentials). No secrets in code, git, or env files in production.
DNS: Cloudflare, with DNSSEC enabled and WAF at the edge.

Authentication and session handling

JWTs issued by Cognito, verified on every API request using cached JWKS.
Access token lifetime: 60 minutes. Refresh token: 30 days, rotating on use.
MFA optional for youth accounts; required for employer admin accounts.
Account recovery by verified email only. No phone-based recovery to avoid SIM-swap attack vectors.

Data access and isolation

Tenant isolation at the data layer, not the query layer. Every tenant-scoped query is filtered by organization_id in a shared data access layer (TenantRepository base class). Individual feature code cannot bypass tenant scope. This is enforced architecturally, not by convention.
No raw SQL in route handlers. All database access goes through typed repositories with automatic scoping.
Minor data (youth profiles) is platform-level, not tenant-level — only surfaced to employers when a student actively applies.

Logging and audit

Structured JSON logs include request ID, user ID, tenant ID, and action type.
Admin actions (district dashboard access, employer listing approvals, account deletions) are written to an immutable audit log table retained for 7 years.
AWS CloudTrail logs all infrastructure-level access.

Incident response

Responsible disclosure contact: security@clockin.jobs. PGP key available on request.
We commit to acknowledging reports within one business day and to keeping reporters informed of remediation status.
In the event of a confirmed breach affecting minor data, we follow Ohio state data breach notification law (ORC 1349.19) and notify affected users and, where applicable, school district partners within the legally required window.

Compliance posture

COPPA (Children's Online Privacy Protection Act): Our minimum age is 14. COPPA applies to services serving children under 13. We do not serve under-13 users. We honor the spirit of COPPA for our 14–17 age group (data minimization, no behavioral advertising, parental involvement encouraged).
FERPA (Family Educational Rights and Privacy Act): We do not operate as a school record system. For district integrations, we operate as a "school official with legitimate educational interest" under a Data Processing Agreement.
Ohio minor labor law (ORC 4109): We surface minor labor hour restrictions on every listing. We do not bypass or weaken work permit requirements.
SOC 2 Type II: Planned Year 2 once revenue and operational maturity support the audit cost. Current infrastructure is designed against SOC 2 common criteria.

Vendor list

AWS (Aurora, Cognito, S3, Secrets Manager, CloudTrail, KMS) — data and identity
Vercel — web application and API compute
Cloudflare — DNS, edge WAF
Stripe — employer billing only (PCI DSS scoped to Stripe)
Resend — transactional email
No ad networks. No analytics SDKs with behavioral tracking. No third-party tag managers.

Questions about security or privacy?

IT professionals and administrators: security@clockin.jobs
Parents, students, and general inquiries: privacy@clockin.jobs
Partnership and integration: partnerships@clockin.jobs

This page is updated as our infrastructure and compliance posture evolve. Last reviewed: April 18, 2026.